Nexx is a maker of “smart” devices, as well as alarms, garage door openers and more.

Unfortunately, their response to vulnerabilities isn’t all that smart.according to blog post According to security researcher Sam Sabetan, Nexx not only ignored his warnings about a major security hole in its product, but also received a request for a fix from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). I ignored the attempt.

So what’s the security issue?

According to Sabetan >CISANexx devices suffer from critical vulnerabilities that could allow an attacker to receive sensitive information, make API requests, or hijack the device.

This means hackers can remotely open and close garage doors, control alarms, and turn on (or off) customers’ “smart” plugs.

It’s all pretty bad.

To make matters worse, more than 40,000 devices in both residential and commercial properties are said to be vulnerable.

e-mailsign up for newsletter
Security news, advice and tips.

However, Nexx’s complete ignorance of attempts by security researchers and the Department of Homeland Security to raise the issue and its failure to warn its customers of the problem is absolutely reprehensible.

Sabetan said:

“Nexx has consistently ignored attempts to communicate with myself, Homeland Security, and the media. You should create a support ticket requesting

Companies selling IoT devices should take customer security and safety seriously. It’s easy to see that Nexx failed at this.

Do not buy Nexx products. If you’re already a customer, disconnect, ask for your money back, or throw it in the trash.

Did you find this article interesting? Follow Graham Cluley on Twitter again Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst and makes regular media appearances and lectures internationally on the topics of computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog