I would worry Google, Youtube more.
UPDATE YOUR FIRMWARE - Wyze Cam flaw lets hackers remotely access your saved videos ( * if they can gain access to your local network/WiFi )
Wyze ingnored and wasn’t transparent. They could have stopped the newbs from freaking out by just being honest and not waiting three years to fix the problem.
Precisely! See how I just shamelessly quoted my former self at
You were a pain in the ass back then. Still kinda prickly.
Yeah, I was thinking of that too, but wonder how the definition of “breach” pertains to this. We have breach notification requirements and I guess a few stray incidents, if there were any, might qualify as a PII breach.
I’d bet they’ll be looking for a new liability insurance company though. There were some hefty compliance clauses in our policy and it is audited every year.
I’ll link to my personal take on this, rather than retype it all here:
In short, I personally wish Wyze didn’t “fix” this. It wasn’t an issue (to me), but was instead a feature that thousands of us have been BEGGING them to implement INTENTIONALLY. Accessing the camera SD card files through our network is the 8th most requested wishlist item in Wyze’s history of THOUSANDS of wishlist requests. We’ve been begging for this to be allowed intentionally for YEARS, and just didn’t realize it was already possible, and now suddenly people are complaining that it was possible to do what we’ve been asking for and just didn’t know how to do it.
No strangers could access it. No outside hacker/criminal could access it. Only people you already allowed on your secure network could access it (assuming the people in your household are advanced hackers that could figure out what it took multi-million dollar dedicated security teams to figure out). Seeing the files that are ONLY accessible on my secure network is not a security concern for me, that’s a feature we’ve been BEGGING for. But that’s just me. I totally get that publications want to fearmonger and scare people with clickbait to increase their ratings…they have to make a living…but it is dishonest and disingenuous to all the people who don’t actually understand networking and computers and believe what the media tells them to be afraid of. It’s wrong what they’re doing to scare everyone.
But hey, there is now a huge opportunity to get a bunch of awesome low-cost Wyze devices on auction sites and marketplace classifieds from anyone who does want to give it all away cheaply. I’d love some free V1’s to add to my collection, especially if they still have this high demand feature enabled to allow me to access the SD card through my secure network…I would love that.
That may be the most entertaining and unexpected take I’ve ever seen from the prolific Mr. @carverofchoice . And you’re not wrong.
What spooks me more is the often entrenched disparity in opinion on these subjects among reputed IT professionals.
Shouldn’t you guys be consensus builders?
The peeps are nervous.
I’m sorry but you clearly were not a original Wyze customer like myself. Wyze did sell the v1 webcam in 2017, I was one of the first to pre-ordered the v1 when it was first announced and received my unit in 2017. The v1 WyzeCam was sold in 2017 and discontinued just a few months ago in January of this year. I have been a customer of these cameras, their first product since the company first shipped them out, again in 2017. They also sold refurb v1 units up until recently,
Also as to the SD card firmware patch, Wyze just recently fixed them in the v2 and more recent units this January, and as stated in Bitdefender’s report they were notified of that problem 3 years ago.
So you see there is no making things up or exaggerating reality on my end.
Yep, lots of router exploits and lots of users who probably shouldn’t own one. Most decent home routers have push updates. But I’m not sure what type of hacker is going to waste time on cams and iot devices if you have access through the router. Really low value targets unless you’re just looking to have some weird fun, I suppose.
You’ve never sat in on a meeting with a bunch of IT folks. The article @Known1 linked is a good layman’s view of the world.
I’d have close to zero concern (never say impossible) that someone hacked your cams. But it does come down to a question of security, a lack of suitable response, and what else we don’t know. The statement they released is very nicely worded but I sense some degree of not telling the whole story. Are their other unknown flaws in cameras we don’t know about? It’s time for them to come clean. It’s kind of like the plugs not working issue, two months without a response is not acceptable for a home security vendor.
Lol, I have not.
I have collaborated with a few of the mod/maven volunteers chosen by Wyze staff to run the forum and they’re delightfully candid, selfless and cooperative. Outliers, I guess. Wyze staff are good choosers!
This gentleman is a good Joe as well:
The forum regulars are mostly rugged individualists who don’t suffer fools gladly but they’re open to challenge in the common search for the truth of the matter.
“At Wyze, we put immense value in our users’ trust in us, and take all security concerns seriously.”
That’s why they didn’t respond to BitDefender for more than a YEAR! What a load of hooey!
They could have said “Hey we f-d up” But they didn’t, not at all. They look like the good guys and everyone else looks like Henny Penny screaming “The Sky is Falling”.
Well it fell, and it fell on Wyze. Sorry to see you go but my new cams arrive tomorrow and by saturday I’ll be Wyze-Free.
remember to keep checking Twitter for the #F***Wyze hashtag and watch me destroy a Wyze cam. I still haven’t decided if I’m going to hit it with a hammer in slo-mo or smash it between 2 cinder blocks. whichever it should be cool. with 2 cameras running. Can’t wait myself!
Peep, that post you show is more frustration and bad practice than an explanation. “Because you wanted it, we broke it”.
The entire wish list process is mishandled. Sure, the votes make a difference, but if you follow a good practice, it would be different. We get wish list stuff all the time. Some are eye-rollers and some are, pardon the pun in this context, light bulb ideas. The process we use is to have a few of the adults sit down and review it for benefits and possible practicality. If it passes the first test, turn it over to some concept development and turn it over to review for “what might this break?”. I’ve seen a single request that got grumbles from other users, turn into a feature no one can live without. And the reverse as well. But they can’t break rules and have to pass security tests. Volunteers are great but with most companies you’ll see someone, with some responsibility, step in and say whoa or cool. That’s often reassuring to the user base.
I’m not really overly concerned about this event, but how did their processes devolve into letting it happen and what prevention is in place for the future? “We are taking privacy extremely seriously” isn’t an answer, it’s a PR statement.
Well that explains a lot.
Thanks, Mike, it’s interesting to see it through your differently-informed perspective. Makes life fun.
The full thread where @Frederik’s comment resides is about security, privacy, business, people and trust.
I’m much more interested in the subjects of people and trust than I am in business or technology.
I think Frederik acquitted himself well in that Topic both as a professional and a human being. I grew to trust him through our interaction.
So in that Wyze succeeded.
Part of their mission.
You’re a little grumpy lately.
I wonder why.
2 of the 3 cams I received were defective. 2 of the 3 spotlights I received were defective.
All 4 are being replaced under warranty, which is at least something, but doesn’t reimburse me for the time and aggravation of trying to troubleshoot them. Wyze’s lack of honest disclosure in regard to their equipment’s sketchy quality rather than Wyze’s glowing marketing claims, deprived me of the opportunity to make am educated decision on the trade off between quality and price.
It seems at least somewhat indicative that Wyze has learned nothing in terms of being honest with its customers and doesn’t inspire confidence that they can be trusted to be anymore forthright now than they were 3 for the last 3 years.
I can understand why the forum mods and mavens, who as @peepeep pointed out are chosen by Wyze staff to advocate for Wyze on this forum, might be motivated to mitigate consequences to the company. At least some have mentioned their massive investment in Wyze equipment and need for Wyze to survive in order to continue to have support for that equipment, but that self-interested behavior does an injustice to new and potential customers who deserve honest disclosure in order to make an informed decision about their purchases. Their advice and reactions might be predictably colored by cognitive bias.
No. They’ve had their own security breaches.