UPDATE YOUR FIRMWARE - Wyze Cam flaw lets hackers remotely access your saved videos ( * if they can gain access to your local network/WiFi )

You’re a little grumpy lately. :slight_smile:

I wonder why.

2 of the 3 cams I received were defective. 2 of the 3 spotlights I received were defective.

All 4 are being replaced under warranty, which is at least something, but doesn’t reimburse me for the time and aggravation of trying to troubleshoot them. Wyze’s lack of honest disclosure in regard to their equipment’s sketchy quality rather than Wyze’s glowing marketing claims, deprived me of the opportunity to make am educated decision on the trade off between quality and price.

It seems at least somewhat indicative that Wyze has learned nothing in terms of being honest with its customers and doesn’t inspire confidence that they can be trusted to be anymore forthright now than they were 3 for the last 3 years.

2 Likes

I can understand why the forum mods and mavens, who as @peepeep pointed out are chosen by Wyze staff to advocate for Wyze on this forum, might be motivated to mitigate consequences to the company. At least some have mentioned their massive investment in Wyze equipment and need for Wyze to survive in order to continue to have support for that equipment, but that self-interested behavior does an injustice to new and potential customers who deserve honest disclosure in order to make an informed decision about their purchases. Their advice and reactions might be predictably colored by cognitive bias.

3 Likes

No. They’ve had their own security breaches.

What if it’s true? Should they avoid saying it to avoid triggering customers’ PR skepticism? :wink:

Seriously, though, I challenge you to craft an effective non-PR statement suitable to this situation. Short. Direct. Honest.

Speculate. :slight_smile:

Should it be written? Video? Both?

I hear Will Smith is available,

1 Like

Or…

There are many smart, extremely well-informed and experienced professionals lurking here who can and will help sort you out. Out of the sheer challenge of it. For the good will. And esprit de corps.

Mods/Mavens are said to be chosen from the (willing) cream of the crop. They’re also a cult but that’s another story. :wink:
 


 

I feel ya. :wink: Seriously, I’ve had my share of unhappy trails. The range of poor-to-great customer experiences used to be a thing here, at least from my perspective:

How do you feel about ‘mixed’ experiences? What ratio of great/poor (in a single product or brand) is the minimum acceptable? 70/30?

That’s about mine.

BTW…

You’ve been going with Wyze for, what, two months? We’ve been dating for nearly three years. We’re gonna see different lovers when we gaze into its eyes. :kissing_closed_eyes:

It would have to start with either a clear rationale for the delay or a clear apology for the delay. As far as I saw they’ve done neither. They could also continue to explain that the actual attack surface was vanishingly small, and perhaps explain that that is why they benignly neglected it so long.

1 Like

There are effective ways of bringing an end to drama and lessen the controversy when a mistake is made.

OR you can do what Wyze did and is continuing to do which is feeding the continued flap:

  • Refuse to admit a mistake/betrayal of trust was made.

  • Refuse to take responsibility for the mistake/betrayal of trust.

  • Refuse to listen to and respond appropriately to those who express a feeling of betrayal of trust.

  • Discuss the incident in a vague or evasive manner.

  • Make Excuses and attempt to shift blame.

Please, Wyze. Just admit you should’ve done better, full stop without excuses. Announce your plan for how this kind of thing will be avoided in the future. And endeavor to Make amends.

4 Likes

Sadly, I think your good words are falling on rocky ground. You’ve got sentiment in this thread like “heads should roll”, “devastated”, “so disappointed”, etc etc etc… We’re well into the damage-is-done mob panic mode here.

I know it’s no fun to lose faith like that, and I hope the people that are terrified and heartbroken move on and find peace. At the very least, please put a paper mask over your V1 cams that are “still vulnerable”.

1 Like

Still missing the point. It’s axiomatic that past behavior is the best predictor of future behavior, unless there is at least a sincere declaration of the intention to change. What people like me want to know is what happens next time? So far, the official response inspires no confidence that there will not be a next time. Maybe a repeat is going on now that is worse that we don’t know about because there’s been no assurances of anything different occurring.

2 Likes

Precisely. While this forum seems to be lead by IT aficionados and tinkerers, how many of those who make up the bulk of Wyze’s customers are likewise?

I imagine that Wyze’s low price point would seem especially attractive to entry-level non-techies just looking to get their security camera feet wet who are especially reliant on the company’s integrity in the absence of any personal expertise. They may not understand the relative risk of the vulnerability. So it’s all the more important that the company behave in a way that anyone can identify as having integrity and trustworthiness.

That’s why Wyze’s own behavior turned this from what may in fact have been a small thing 3 years ago into the perhaps outsized thing it has become. How difficult would it have been to release a statement explaining the vulnerability? The reasons for not doing so are either silly, disingenuous, irrelevant or self-serving. .Continuing to justify not doing so strains credulity. I think THAT’s why people are pissed. I could be wrong but I perceive that the people who have reacted so vociferously rightly feel they can’t trust the company to be straight with them in the future.

2 Likes

Probably is. I’d take measures now.

2 Likes

@bryonhu ’s profile picture seems to suggests one type of measure.

On the other hand, the following article is an example of the kind of constructive teachable moment Wyze could’ve employed when the vulnerability was first discovered and avoided the whole brouhaha that was caused by a lack of communication with their customers.

2 Likes

Co-founder Dave Crosby should grant the most reasonable critic…

…a fifteen minute filmed interview to respond to and expand on the claims in the article.

He should wing it.

1 Like

Reward good press/internet behavior.


They’ll probably determine (or be advised) whether it’s worth risking something like this given the sustained or diminishing momentum of complaint.

Also may depend on how careful they’re becoming as they grow and must be responsive to their pragmatic investors.

Pure speculation, of course. :crystal_ball:

What a hobby. :grin:

1 Like

Yeah…hammer meet nail

" But this story is still disturbing. Wyze was not transparent with its customers and sat on a concerning security flaw for three years—are there any other vulnerabilities that we need to know about?

Wyze didn’t even tell customers about this flaw when it was patched on January 29th. And when the company discontinued the Cam V1 two days earlier, it simply explained that the camera couldn’t “support a necessary update.” It’s very hard to trust Wyze after it knowingly kept us in the dark."

I mean the egalitarian thing to do was tell V1 owners there was an issue and they are sending them V2 camera for free but nope.

3 Likes

It’s tough to write a statement in this situation, since it’s 3 years too late. Yeah, you would always have the fluffy PR line, but back then you could have explained it and eliminated the panic. Put the big boy pants on and either fix it or replace them. I would imagine they might have been fixable back then, but after three years of upgrades and features, it would be tough to do.

Will Smith would be perfect! :sweat_smile:

1 Like

That has been my issue as well (door locks). I don’t think i will every install those. That article justifies our concerns!

1 Like

Sometimes I walk around in just my jockey shorts. Serves them right for watching a 66 year old man. Hopefully the feed will require mental bleach to erase the image.

2 Likes

Yeah, wyze withholding the info from those using the v1 is unacceptable. They force use of their cloud by closing the ecosystem which demands customers rely on their cloud via wifi internet connection. Leaving vulnerable customers in the dark is irresponsible when they were obviously knew of the flaw. In the big picture, most users probably are average folk who fly under the radar making them less likely to be targeted by hackers. However, that’s not for wyze to decide for the user. It should be the users choice whether they want to continue to use a vulnerable device or not. If any V1s were under warranty at the time, they should have been replaced by V2s. Older V1 owners could have been offered a deep discount on the V2 at a minimum.

I believe wyze could have also made available a custom FW for the V1 that would allow both limited functionality such as direct to app connectivity plus RTSP so users would have the option to continue to use it via 3rd party software or use it like a webcam while also ability to setup, view and control via the app - I’m not a software engineer so maybe I’m wrong, but it seems like limited internal lan use ability would be sufficient for many users to continue getting some benefit out of their cams. Forcing usage via the wyze cloud basically makes these cams completely unusable now. Eventually most tech becomes orphaned, but not all become unusable - my old netbook could not upgrade to win10 but it’s now going on it’s second decade of life running Linux, my old iPhone 3GS has not been able to be updated in many yrs, but it still works fine playing music.

It really makes you wonder about the wyze leadership team that they’d rather face this type of blow back than face up to their failures. The first gen sensor failures keep coming to mind as how they choose to put blinders on rather than proactively face up to and rectify the problems. It once again shows a certain disregard for the customer, much like how they push out beta products on an unsuspecting public, fail to dig deep into testing before rollouts, offer social engagement to appear customer centric, etc.

2 Likes