Two Screw Ups In 5 Months Give Unauthorized Access To Wyze ‘Smart’ Cameras
from the I-always-feel-like-somebody's-watching-me dept
Much like the phrase “smart technology,” the word “security” just doesn’t mean what it used to.
Case in point: last September, owners of Wyze “smart home security cameras” were informed at the company’s forums that the company had “crossed some wires in the backend,” resulting in a glitch that allowed 2,300 users to see the camera feeds of about 10 users via the company’s online web portal. The company was quick to apologize:
“Security is a core focus for us here at Wyze. We have built a dedicated security team and continually invest millions of dollars into security to keep our customers safe.”
Fast forward to last Friday, when another, even bigger glitch resulted in 13,000 unauthorized customers having access to images and video from Wyze cameras that didn’t belong to them. According to Wyze, the problem was caused by the botched integration of “a third-party caching client library”. In an email, Wyze apologized, again:
“We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze.”
Needless to say, folks who purchased Wyze cameras under the promise they were “smart” and “secure” aren’t pleased with having their privacy violated twice in a five-month span.
Of course, Wyze’s issues go back even further; in In 2022, security firm Bitdefender discovered Wyze camera security vulnerabilities that — you guessed it — allowed unauthorized access to Wyze cameras. Wyze ultimately had to settle a class action for not making the problem clear to users for years.
It’s another cautionary tale about having too many internet-connected gadgets in the home given that, despite what “smart” “security” focused companies say, privacy and security often take a back seat to product marketing.
Filed Under: cameras, dumb tech, privacy, security, smart technology, surveillance, video
Companies: wyze
Comments on “Two Screw Ups In 5 Months Give Unauthorized Access To Wyze ‘Smart’ Cameras”
And…they still fucked it up again and again and again and again.
Re:
Those cameras are made by Huailai an interesting shadow company with other “us” based smart cameras out on the market now.
A wise saying
Someone else said it before, but I’ll say it again:
The S in IoT is for security.
Re:
There’s also an old adage:
“You can’t spell insecurity without security.”
It makes me think there’s a more boring corollary:
“The I in IoT stands for Insecure.”
Isnt this?
Better then in the past and RECENT PAST, where corps Never said anything for YEARS?
This includes hacks to the corps, and clinics in the USA.
Re:
The hope is that it’s worse than the near future, where there are real penalties for not being transparent about what steps you’ve taken to ensure your product is secure, and real penalties for calling something secure that doesn’t pass industry waterlines.
This comment has been flagged by the community. Click here to show it.
LeatherifyShops: Where Timeless Elegance Meets Elevated Style in Premium Leather Jackets
Explore the epitome of classic elegance with our black leather jackets. Meticulously crafted with attention to detail, these pieces transcend fashion trends, offering a sophisticated touch to your wardrobe. From sleek urban styles to bold statements, our black leather jackets redefine your style with timeless sophistication.
I’d like to know what exactly their dedicated security team does, and at what point they get involved in both the design and the review process.
If their security team consists of 7 highly paid security guards watching the front door of corporate HQ, that’s not going to do much for the architectural security review, the release security review, the security process review, the RCA process, the third party security review, or all the other components that any competent security team SHOULD be in charge of.
And of course, if any C-level employee or sales/marketing employee can override the security team’s recommendations, their mandate is also worthless.
Re:
I work in this industry. I can tell you what they have.
They have some small team of 3-4 people, who are trying to manage 1000s of endpoints, perimeter sec, patching, and all the rest, and they do it with little to no budget, despite the outright specious garbage the C-suite spews about millions of dollars.
Right now, they are getting lit on fire, by the very same mgmt clowns who understaffed them, begrudgingly grant the minimum budget, and laugh when the Director asks for another FTE.
Re:
The same as any security team working for any other company. Basically, protect the building and the people and objects within it, nothing else. Screw the customers.
“We know this is very disappointing news. It does not reflect our commitment to protect customers or mirror the other investments and actions we have taken in recent years to make security a top priority at Wyze.”
Why yes, yes it does. What isn’t even a question anymore is your ability to operate sensibly, let alone securely.i can see fine by my electric light here, gas is really outdated and not something an IT company should be using.
Re:
They aren’t even gaslighting, just outright lying to customers, because there is no penalty and if people are stupid enough to believe them, the gravy train of money continues.