tl; DR
- Wyze Cam devices have suffered from a major security vulnerability for years.
- The vulnerability allowed hackers to gain unauthorized access to Wyze’s home security cameras.
- The company learned of the problem and did nothing.
Update: March 31, 2022 (11:07 PM ET): In response to the report about the vulnerability in its security cameras, Wyze has released a file Blog post He explains his side of the story.
“We appreciate Bitdefender’s responsible disclosure of these vulnerabilities and worked directly with them to correct security issues in our supported products prior to the public report,” the company notes.
Wyze goes on to say that in order for someone to be able to access your camera feed, they would need to have access to your local network. Therefore, you had to expose your local network either to the hacker directly or to the Internet in general so that these vulnerabilities could be exploited remotely.
“We released the first patch in the month following our notification, and over time have continued to mitigate the risks of these exploits with additional patches in the ensuing months,” Wise says.
It also has an explanation as to why its customers are not told about the security flaw. However, it does not address the fact that the error has been hidden from users for years. This is what Wyze said:
You may be wondering, “Why am I hearing about this now?” Bitdefender and Wyze both take the safety of affected users very seriously. Knowing that we were actively working on risk mitigations and corrective updates, we came to the conclusion that it was safer to be careful about the details until the vulnerabilities were fixed.
Original article: March 31, 2022 (4:30 PM ET): If you own any of the Wyze Cam devices – V1, V2, or V3 – anyone can easily view you invisibly and even download feeds from the camera’s SD card. What is worse? For three years, Wyze knew about the problem and chose not to acknowledge it, fix it, or even inform affected customers.
The software bug in Wyze cameras was discovered by the folks at Bitdefender. The security research firm claims to have notified Wyze of the issue in March 2019. However, the Seattle-based company failed to respond until November 2020. Two years later, in February 2022, Wyze discontinued use of the Wyze Cam V1, citing the camera’s inability On security update support.
“Your continued use of the Wyze Cam v1 after February 1, 2022, carries an increased risk, and may be discouraged by Wyze, and is entirely at your own risk,” the company said. Customer email. However, it has not yet revealed the fact that the cameras were basically secret holes of the hackers and that they were aware of the problem. as sleeping computer It notes that Wyze Cam owners may still be using a vulnerable version of the firmware.
See also: The best security cameras you can get
When Wyze spokesperson Kyle Christensen was asked why he was keeping quiet about such a massive security breach the edge The company was completely transparent with its customers. Christensen also said that the problem has been corrected. However, the update that removes the vulnerability is only available for Wyze Cam V2 and V3, which were released in 2018 and 2020, respectively.
According to Wyze’s Play Store listing, the company has more than 5 million users. It also manufactures many other smart home security products such as video doorbells, motion sensors, and more. For a company that is so dedicated to providing security solutions and services that doesn’t seem to rely on external servers, Wyze is definitely out of business now that those findings are revealed.
Meanwhile, if you are a Wyze user and are concerned about camera security, you can head over to the company Official Portal To check the latest firmware. If you have a Wyze Cam V1, you are out of luck. It would be best if you stop using the camera completely.