FYI, This article is misleading and false on many levels. That issue did NOT allow “hackers” to remotely view the camera. Video could only be accessed by someone who was logged on to the local network (Router/WiFi). So there was actually little to no risk of anything and a lot sites were misrepresenting the truth because clickbait sells. I was actually extremely disappointed that Wyze “Fixed” this issue, because it has always been one of the most popular requests people have been asking Wyze to do ON PURPOSE for years now…then we suddenly found out it was possible and taken away from us in one fell swoop. My reaction to this “vulnerability” was as follows:
The only problem with this issue was that Wyze didn’t tell people for a long time and then “fixed” it. I personally wish it was never “fixed” and was just treated as a Network drive. Nobody gets on my WiFi without permission anyway, and I have a guest network with Device isolation anyway to keep guests out of anything important.
Point is, the second “issue” shouldn’t actually be considered a security issue IMO since it didn’t actually allow any remote access as sites falsely kept misrepresenting for clickbait purposes. Some of them even made corrections later, but 9-5Mac is obviously not one of them.
So far I’d say Wyze’s major issues are:
- Data security breach
- Taking a long time to tell us about the local SD card access (not really an issue that it existed though)
- Caching issue that leaked cache thumbnails, etc for 10 customers. Thankfully nothing compromising for any of them as far as I’ve seen so far, but still something that should’ve never happened. I think Wyze’s response was fairly reasonable (they shut it down within 30 minutes, fixed the global caching issue and explained what the problem was.
Steam had a very similar caching mistake, though they are bigger and theirs lasted for 90 min. So props to Wyze for responding in 1/3 of the time. I am not totally sure which was worse though…Steam leaked payment information for TONS of customers, and Wyze leaked some thumbnails for 10 customers. I think Wyze lucked out that none of the images were compromising.
Hopefully people think twice about where they allow internet cameras from ANY COMPANY to be (avoid bedrooms, or privacy critical areas). and hopefully companies figure out how to make sure their website caches never accidentally switch to “Global” caching again.