Nexx is a maker of “smart” devices, as well as alarms, garage door openers and more.
Unfortunately, their response to vulnerabilities isn’t all that smart.according to blog post According to security researcher Sam Sabetan, Nexx not only ignored his warnings about a major security hole in its product, but also received a request for a fix from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). I ignored the attempt.
So what’s the security issue?
According to Sabetan >CISANexx devices suffer from critical vulnerabilities that could allow an attacker to receive sensitive information, make API requests, or hijack the device.
This means hackers can remotely open and close garage doors, control alarms, and turn on (or off) customers’ “smart” plugs.
It’s all pretty bad.
To make matters worse, more than 40,000 devices in both residential and commercial properties are said to be vulnerable.
sign up for newsletterSecurity news, advice and tips.
However, Nexx’s complete ignorance of attempts by security researchers and the Department of Homeland Security to raise the issue and its failure to warn its customers of the problem is absolutely reprehensible.
Sabetan said:
“Nexx has consistently ignored attempts to communicate with myself, Homeland Security, and the media. You should create a support ticket requesting
Companies selling IoT devices should take customer security and safety seriously. It’s easy to see that Nexx failed at this.
Do not buy Nexx products. If you’re already a customer, disconnect, ask for your money back, or throw it in the trash.
Did you find this article interesting? Follow Graham Cluley on Twitter again Mastodon To read more about the exclusive content we post.
