Millions of smart homes are at risk after security researchers found a serious flaw in Shelly’s newest devices. The bug could let someone standing outside your house open your garage door, gate, or front door through WiFi.

Researchers at PenTest Partners discovered that Shelly’s fourth-generation devices leave a wireless access point (AP) wide open by default, even after connecting to a home network.

Older models automatically shut down this setup network once configuration was finished. The Gen 4 line does not.

How the Smart Home Flaw Works

PenTest Partners researcher Alan Monie found the issue after replacing a five-year-old device with a Gen 4 model. During setup, he noticed it kept broadcasting its “Shelly” WiFi alongside the normal network connection, creating a persistent entry point for anyone nearby.

Anyone within WiFi range can connect and send commands directly without authentication. For a light switch, that might just be annoying. But many homeowners use Shelly products to control garage doors, gates, and entry points. A single command is all it takes to open an entrance.

PenTest Partners created a short video showing how this garage door flaw works.

The Problem Gets Worse

The exposure doesn’t stop at one device. Once connected to a vulnerable Gen 4 unit, an attacker could upload modified firmware, monitor activity, or move deeper into the network to control other smart devices.

Researchers used wigle.net to locate thousands of exposed Shelly networks across Europe. Some were labeled “Garage,” making their purpose obvious. The team said they could pinpoint locations down to specific house numbers. Shelly products are used in more than 5.2 million homes worldwide.

Final Thoughts

As smart home devices grow more common, security flaws like this will only increase. Every connected gadget is a potential entry point for bad actors, and most consumers never think to check default settings after installation.

Manufacturers need to ship products that are secure out of the box. Until then, you should review the settings on every smart device in your home.

For more details on this story, refer to the report from Pen Test Partners.

We want to know your thoughts. What do you think about this story? Let us know in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.