Security advisory : Wyze Camera Technical Issue Granted 13,000 Users Viewing Access to Other Homes

RGSA 02-19-2024-01

Date: February 19, 2024

INTRODUCTION

On February 16, 2024, Wyze Labs encountered a service outage, resulting in connectivity issues for numerous users. The disruption persisted for almost nine hours, with the cameras remaining offline during this period. Wyze Labs identified Amazon Web Services (AWS), their partner, as the source of the security outage.

While working to restore camera functionality, Wyze faced an additional security concern. Some users reported encountering incorrect thumbnails and Event Videos in their Events tab. Disturbingly, unauthorized individuals could enlarge images or view videos from strangers’ Wyze cameras. 13,000 users inadvertently gained surveillance access to other homes.

Although the company released a statement that over 99.75 percent of Wyze’s user base remained unaffected by the breach, 0.25 percent still experienced a serious violation of their privacy.

In response to this incident, Wyze has implemented an additional layer of verification for users seeking access to video content via the Events tab, aiming to prevent such privacy breaches in the future.

RECOMMENDATIONS

Major professionally monitored security systems, like Wyze, are not perfect. Home security cameras are understandably used in many homes to enhance safety and security. If you own and/or use a security camera, it’s important to be aware of the risks associated with these devices. Follow these steps to ensure you are protected:

1. Regularly update camera firmware as home security cameras can be vulnerable to hacking, which may lead to unauthorized access to your device.
2. Use strong and unique passwords and enable two-factor authentication. Many cameras come with default passwords that are easily guessable, making them vulnerable to hacking. Change the default password to something strong and unique.
3. Avoid placing cameras in sensitive areas like bedrooms and bathrooms.