A security researcher named Sam Sabetan had already reported the security vulnerabilities he had found in some Nexx products, but the company refused to address the issue, SecurityWeek reports.
Sabetan found the bugs last year and disclosed details about them earlier this week. Most of these bugs are of high or critical severity ratings and could let threat actors remotely open garage doors and hijack alarms and smart plugs. The U.S. Cybersecurity and Infrastructure Security Agency said Nexx also ignored its attempts to report the bugs.
The agency simultaneously rolled out an advisory warning potential victims about the threat. It is estimated that over 40,000 devices, located in both residential and commercial properties, are impacted. Furthermore, I determined that more than 20,000 individuals have active Nexx accounts, Sabetan explained. Hackers only require a targeted user's name, email address, device ID, or MAC address in order to launch successful attacks using the bugs.
Privacy, Threat Management
No fix for garage door bug that allows attackers to open door, manipulate alarm and meddle with smart plugs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds