UPDATE YOUR FIRMWARE - Wyze Cam flaw lets hackers remotely access your saved videos ( * if they can gain access to your local network/WiFi )

That may be the most entertaining and unexpected take I’ve ever seen from the prolific Mr. @carverofchoice . And you’re not wrong.

What spooks me more is the often entrenched disparity in opinion on these subjects among reputed IT professionals.

Shouldn’t you guys be consensus builders?

The peeps are nervous.

I’m sorry but you clearly were not a original Wyze customer like myself. Wyze did sell the v1 webcam in 2017, I was one of the first to pre-ordered the v1 when it was first announced and received my unit in 2017. The v1 WyzeCam was sold in 2017 and discontinued just a few months ago in January of this year. I have been a customer of these cameras, their first product since the company first shipped them out, again in 2017. They also sold refurb v1 units up until recently,

Also as to the SD card firmware patch, Wyze just recently fixed them in the v2 and more recent units this January, and as stated in Bitdefender’s report they were notified of that problem 3 years ago.

So you see there is no making things up or exaggerating reality on my end.

Yep, lots of router exploits and lots of users who probably shouldn’t own one. Most decent home routers have push updates. But I’m not sure what type of hacker is going to waste time on cams and iot devices if you have access through the router. Really low value targets unless you’re just looking to have some weird fun, I suppose.

You’ve never sat in on a meeting with a bunch of IT folks. The article @Known1 linked is a good layman’s view of the world.
I’d have close to zero concern (never say impossible) that someone hacked your cams. But it does come down to a question of security, a lack of suitable response, and what else we don’t know. The statement they released is very nicely worded but I sense some degree of not telling the whole story. Are their other unknown flaws in cameras we don’t know about? It’s time for them to come clean. It’s kind of like the plugs not working issue, two months without a response is not acceptable for a home security vendor.

Lol, I have not.

I have collaborated with a few of the mod/maven volunteers chosen by Wyze staff to run the forum and they’re delightfully candid, selfless and cooperative. Outliers, I guess. Wyze staff are good choosers!

This gentleman is a good Joe as well:

The forum regulars are mostly rugged individualists who don’t suffer fools gladly but they’re open to challenge in the common search for the truth of the matter.

“At Wyze, we put immense value in our users’ trust in us, and take all security concerns seriously.”
That’s why they didn’t respond to BitDefender for more than a YEAR! What a load of hooey!
Yes HOOEY!
They could have said “Hey we f-d up” But they didn’t, not at all. They look like the good guys and everyone else looks like Henny Penny screaming “The Sky is Falling”.
Well it fell, and it fell on Wyze. Sorry to see you go but my new cams arrive tomorrow and by saturday I’ll be Wyze-Free.
remember to keep checking Twitter for the #F***Wyze hashtag and watch me destroy a Wyze cam. I still haven’t decided if I’m going to hit it with a hammer in slo-mo or smash it between 2 cinder blocks. whichever it should be cool. with 2 cameras running. Can’t wait myself!

Peep, that post you show is more frustration and bad practice than an explanation. “Because you wanted it, we broke it”.
The entire wish list process is mishandled. Sure, the votes make a difference, but if you follow a good practice, it would be different. We get wish list stuff all the time. Some are eye-rollers and some are, pardon the pun in this context, light bulb ideas. The process we use is to have a few of the adults sit down and review it for benefits and possible practicality. If it passes the first test, turn it over to some concept development and turn it over to review for “what might this break?”. I’ve seen a single request that got grumbles from other users, turn into a feature no one can live without. And the reverse as well. But they can’t break rules and have to pass security tests. Volunteers are great but with most companies you’ll see someone, with some responsibility, step in and say whoa or cool. That’s often reassuring to the user base.

I’m not really overly concerned about this event, but how did their processes devolve into letting it happen and what prevention is in place for the future? “We are taking privacy extremely seriously” isn’t an answer, it’s a PR statement.

Well that explains a lot.

Thanks, Mike, it’s interesting to see it through your differently-informed perspective. Makes life fun.

The full thread where @Frederik’s comment resides is about security, privacy, business, people and trust.

I’m much more interested in the subjects of people and trust than I am in business or technology.

I think Frederik acquitted himself well in that Topic both as a professional and a human being. I grew to trust him through our interaction.

So in that Wyze succeeded.

Part of their mission.

You’re a little grumpy lately.

I wonder why.

2 of the 3 cams I received were defective. 2 of the 3 spotlights I received were defective.

All 4 are being replaced under warranty, which is at least something, but doesn’t reimburse me for the time and aggravation of trying to troubleshoot them. Wyze’s lack of honest disclosure in regard to their equipment’s sketchy quality rather than Wyze’s glowing marketing claims, deprived me of the opportunity to make am educated decision on the trade off between quality and price.

It seems at least somewhat indicative that Wyze has learned nothing in terms of being honest with its customers and doesn’t inspire confidence that they can be trusted to be anymore forthright now than they were 3 for the last 3 years.

I can understand why the forum mods and mavens, who as @peepeep pointed out are chosen by Wyze staff to advocate for Wyze on this forum, might be motivated to mitigate consequences to the company. At least some have mentioned their massive investment in Wyze equipment and need for Wyze to survive in order to continue to have support for that equipment, but that self-interested behavior does an injustice to new and potential customers who deserve honest disclosure in order to make an informed decision about their purchases. Their advice and reactions might be predictably colored by cognitive bias.

No. They’ve had their own security breaches.

What if it’s true? Should they avoid saying it to avoid triggering customers’ PR skepticism?

Seriously, though, I challenge you to craft an effective non-PR statement suitable to this situation. Short. Direct. Honest.

Speculate.

Should it be written? Video? Both?

I hear Will Smith is available,

Or…

There are many smart, extremely well-informed and experienced professionals lurking here who can and will help sort you out. Out of the sheer challenge of it. For the good will. And esprit de corps.

Mods/Mavens are said to be chosen from the (willing) cream of the crop. They’re also a cult but that’s another story.
 

I feel ya. Seriously, I’ve had my share of unhappy trails. The range of poor-to-great customer experiences used to be a thing here, at least from my perspective:

How do you feel about ‘mixed’ experiences? What ratio of great/poor (in a single product or brand) is the minimum acceptable? 70/30?

That’s about mine.

BTW…

You’ve been going with Wyze for, what, two months? We’ve been dating for nearly three years. We’re gonna see different lovers when we gaze into its eyes.

It would have to start with either a clear rationale for the delay or a clear apology for the delay. As far as I saw they’ve done neither. They could also continue to explain that the actual attack surface was vanishingly small, and perhaps explain that that is why they benignly neglected it so long.

There are effective ways of bringing an end to drama and lessen the controversy when a mistake is made.

image1284×1928 98.4 KB

OR you can do what Wyze did and is continuing to do which is feeding the continued flap:

• Refuse to admit a mistake/betrayal of trust was made.

• Refuse to take responsibility for the mistake/betrayal of trust.

• Refuse to listen to and respond appropriately to those who express a feeling of betrayal of trust.

• Discuss the incident in a vague or evasive manner.

• Make Excuses and attempt to shift blame.

Please, Wyze. Just admit you should’ve done better, full stop without excuses. Announce your plan for how this kind of thing will be avoided in the future. And endeavor to Make amends.

Sadly, I think your good words are falling on rocky ground. You’ve got sentiment in this thread like “heads should roll”, “devastated”, “so disappointed”, etc etc etc… We’re well into the damage-is-done mob panic mode here.

I know it’s no fun to lose faith like that, and I hope the people that are terrified and heartbroken move on and find peace. At the very least, please put a paper mask over your V1 cams that are “still vulnerable”.

Still missing the point. It’s axiomatic that past behavior is the best predictor of future behavior, unless there is at least a sincere declaration of the intention to change. What people like me want to know is what happens next time? So far, the official response inspires no confidence that there will not be a next time. Maybe a repeat is going on now that is worse that we don’t know about because there’s been no assurances of anything different occurring.