Wyze says it was “cautious” in not telling users about a security breach

The Wyze Cam V3 mounted outdoors

TL;DR

  • Wyze Cam devices have had a huge security flaw for years.
  • The vulnerability allowed hackers to gain unauthorized access to Wyze’s home security cameras.
  • The company was aware of the problem and did nothing.

Updated: March 31, 2022 (11:07 p.m. ET): In response to the report of its security camera vulnerability, Wyze published a blog post explaining its side of the story.

“We appreciated the responsible disclosure provided by Bitdefender on these vulnerabilities and worked directly with them to fix security issues in our supported products prior to public reporting,” the company notes.

Wyze goes on to say that in order for someone to access your camera feed, they would need access to your local network. Thus, you would have had to expose your local network to a hacker directly or to the Internet in general for these vulnerabilities to be remotely exploitable.

“We released the first patch within a month of our notification, and over time we have continued to mitigate the risk of these exploits with additional patches in the months that followed,” Wyze explains.

He also has an explanation for why he didn’t tell his customers about the security breach. However, this does not solve the fact that the flaw has been hidden from users for years. Here’s what Wyze had to say:

You might be wondering, “Why am I hearing about this now?” Both Bitdefender and Wyze take the security of affected users seriously. Knowing that we were actively working on risk mitigation and patching updates, we came to the conclusion together that it was safest to be cautious about the details until the vulnerabilities were fixed.


Original article: March 31, 2022 (4:30 p.m. ET): If you have one of the Wyze Cam devices – the V1, V2 or V3 – someone could have easily been watching you secretly and even downloading the feed from your camera’s SD card. What’s worse? For three years, Wyze knew about the issue and chose not to acknowledge it, fix it, or even notify affected customers.

The Wyze camera software flaw was discovered by people at Bitdefender. The security research company claims to have notified Wyze of the issue in March 2019. However, the Seattle-based company did not respond until November 2020. Two years later, in February 2022, Wyze discontinued the Wyze Cam V1, citing the camera’s inability to support a security update.

“Your continued use of the Wyze Cam v1 after February 1, 2022 is at increased risk, is discouraged by Wyze, and is entirely at your own risk,” the company said in an email to customers. However, he still hasn’t revealed the fact that the cameras were essentially secret peepholes for hackers and that he was aware of the problem. As beeping computer notes, Wyze Cam owners may still be running a vulnerable firmware version.

Also see: The best security cameras you can get

When asked why he kept quiet about such a massive security breach, Wyze spokesperson Kyle Christensen said. The edge that the company has been completely transparent with its customers. Christensen also said the issue has been fixed. However, the update that removes the vulnerability is only available for Wyze Cam V2 and V3, released in 2018 and 2020 respectively.

According to Wyze’s Play Store listing, the company has over 5 million users. It also manufactures several other smart home security products, such as video doorbells, motion sensors, and more. For a company so invested in providing security solutions and services that seemingly don’t rely on foreign servers, Wyze certainly has its work cut out now that these findings are being made public.

Meanwhile, if you are a Wyze user and worried about the security of your camera, you can head to the company’s official portal to check the latest firmware. If you have the Wyze Cam V1, you’re out of luck. It would be best if you stopped using the camera altogether.

amoloans