It’s expected that any product that has the word “security” in the title would be … secure. Yet, that’s how Wyze landed in hot water after it was determined that it knew about a security camera flaw and didn’t make a move to change it for three years.
Also read: Verkada Security Firm Cameras Hacked, Includes Tesla
Wyze Security Camera SD Flaw
Three of the Wyze security cameras – the V1, V2, and V3 – were found to allow hackers access to stored video. Certainly worse yet, Wyze apparently knew and didn’t fix it or disclose the issue to its customers for three years.
Cybersecurity firm Bitdefender published a blog post and white paper detailing the issue. This flaw would have allowed a hacker to have unauthenticated remote access to the contents on the camera’s SD card.
A hacker could view videos stored on the camera and even download the footage. These devices are protecting your home. But while they’re recording information for you, they’re potentially sharing it with whoever takes the initiative to break into them.
Particularly disturbing, Bitdefender discovered the Wyze security camera flaw in 2019. To put a marker on the time, that’s a year before the pandemic. There were other flaws as well: an authentication bypass flaw and remote code execution vulnerability. These flaws were patched, however, in 2019 and 2020.
Accountability
The security vulnerability that allowed access to the SD card was not patched until January of this year. But this only fixed the V2 and V3. The V1 security camera lost Wyze support in February; existing V1s will never be secure. This model has “hardware limitations” that prevents it from being updated.
Wyze said at the time it stopped supporting the V1 that using it could lead to an “increased risk.” However, the company still failed to mention the security concern. Users could still be using the V1, not knowing hackers could be obtaining access to the stored footage.
After Bitdefender disclosed the security issue, it was questioned about not releasing these details earlier. While Bitdefender attempted to get Wyze to take action since 2019, it never moved to let the public know.
Wyze was questioned as well. A representative said the issue had been patched and released a statement that said, “At Wyze, we put immense value in our users’ trust in us and take all security concerns seriously. We are constantly evaluating the security of our systems and take appropriate measures to protect our customers’ privacy.
“We appreciated the responsible disclosure provided by Bitdefender on these vulnerabilities. We worked with Bitdefender and patched the security issues in our supported products. These updates are already deployed in our latest app and firmware updates.”
It cannot be said enough: anything that has access to the Internet – including all smart home devices – carries security risks. They should be treated the same as your computer or smartphone.
Read on to learn how much your information is worth on the dark web.
Featured Image Credit: Wyze
