A few days ago, a security breach happened with Wyze security cameras which let strangers see into your home. I was very concerned because I am one of the users that have a Wyze Camera installed at home specifically the Wyze Cam v3. According to user reports, various users were able to see thumbnails of camera video feeds belonging to cameras that didn’t belong to them.
Wyze has since addressed the security incident that occurred during a service outage last Friday, shedding light on what transpired and the steps being taken to prevent similar occurrences in the future.
What happened
Apparently the outage was originating from partner AWS — a cloud provider owned by Amazon — which led to disrupted Wyze devices for several hours, affecting users’ ability to view live cameras or access Events during that period. In an email that I received, Wyze apologized for the inconvenience caused by this downtime.
However, as cameras came back online, a security issue emerged. Some users reported seeing incorrect thumbnails and Event Videos in their Events tab. Investigation revealed that approximately 13,000 users as opposed to 14 users initially reported by Wyze received thumbnails from cameras not their own, with 1,504 users tapping on them. While most taps only enlarged the thumbnail, some were able to view Event Videos erroneously.
According to Wyze, the root cause was identified as a third-party caching client library, recently integrated into Wyze’s system, which experienced unprecedented load conditions due to devices reconnecting simultaneously. This resulted in a mix-up of device ID and user ID mapping, connecting some data to incorrect accounts.
What has been done
To prevent future incidents, Wyze says they have implemented additional verification layers before users access Event Videos and modified the system to bypass caching for user-device relationship checks until thoroughly stress-tested client libraries are identified.
The company is now beefing up its investment in more security such as establishing a security team, implementing multiple processes, maintaining a bug bounty program, and undergoing third-party audits and penetration testing.
Past security breaches
Wyze response should be taken with a pinch of salt given that this is not the first security lapse that has affected Wyze cameras. For example, in December 2019, it was reported that some Wyze users’ personal information was exposed due to a data leak caused by an unprotected Elasticsearch database. Additionally, in early 2020, researchers discovered vulnerabilities in Wyze camera firmware that could potentially allow attackers to access live video feeds and personal data stored on the devices.
About David Okwii
David Okwii is the Editor-in-Chief of Dignited.com and a seasoned tech enthusiast whose journey began in the early 2000s. He started blogging while at university, diving deep into mobile apps, smartphone reviews, and operating systems—from testing Linux distros to tweaking Windows machines. David also explores Chromebooks, experiments with Raspberry Pi projects, and brings hands-on curiosity to every review. With vast experience in Uganda’s tech ecosystem and deep knowledge of Africa’s startup landscape, he offers informed, grounded perspectives on consumer technology. When he's not writing or tinkering, David enjoys connecting with nature and exploring the outdoors.
Discover more from Dignited
Subscribe to get the latest posts sent to your email.
