Wyze: strangers could look into the house through the camera, the manufacturer did not say anything for years

Wyze
For years, strangers could peer into your home through your security camera. The manufacturer knew about it and said nothing.

Security cameras in the apartment allow deep insight into private life in case of abuse (symbol image)

Security cameras in the apartment allow deep insight into private life in case of abuse (symbol image)

© Sinenky/Getty Images

Cameras from the manufacturer Wyse also allowed unauthorized persons to leak recordings of apartments and offices through a space. The manufacturer had known about the error for years.

In reality, security cameras only have one use: they should ensure that we feel more secure in our home. A bug in the Wyze fabricator should now have the opposite effect. It allowed random strangers to gain deep insights into the daily lives of users. But instead of protecting its customers, the manufacturer chose to remain silent.

This is according to a report from Bitdefender antivirus experts. According to this, the bug allowed remote access to the local storage of the Wyze cameras over the Internet and retrieve the videos stored there. It didn’t require any special hacking skills: because no authentication was required, it could access any camera that could be found on the Internet.

surprisingly easy

According to experts, to be affected by the error, it was enough to connect one of the cameras to the Internet and insert any SD card. Therefore, the camera automatically sets its own web address. Since a log file containing access data, videos, images and audio recordings saved in the camera, as well as all other data saved by the user in the camera, can also be accessed, they can be consulted at through the web. The only limitation: you had to know the ID of the camera. This could be accessed by infected devices from the same network.

The manufacturer had known for at least three years that this was possible. In March 2019, Bitdefender security researchers discovered the bug along with two other issues and reported it to Wyze. Even with the other bugs, the manufacturer took a long time. The first issue, with which the login could be bypassed, was only resolved after six months. The second vulnerability, which allowed the execution of malicious code, was removed again a year later. The SD card trick worked even better: the problem was apparently only fixed in January of this year.



A man wearing a mask tries to outwit a facial recognition camera

Wyze is unreasonable

However, that does not mean that users of cameras sold in Germany are already safe. Since many cameras do not automatically install updates, gaps may still exist. Therefore, the safest method for customers is to search for and install an update for their own camera on the manufacturer’s website. However, for some models, none are simply available anymore: because an affected model hasn’t received an update since the end of 2020, the gap will never be closed.

What is particularly annoying is that the bug was never openly communicated. An editor at “The Verge”, who used one of the cameras himself, only received an email in February of this year noting a “higher risk” if he didn’t care about the current update. It was not explained there what caused this danger. It was only noted that customers acted “entirely at their own risk” if they ignored it. In a statement to Bleeping Computer, Wyze did not address the delay. And he just emphasized that the bug had been fixed.

It is not the first time that strangers have accessed security cameras. A few years ago, an Aldi camera could also be controlled from the Internet, and even broadcast the image live. In the Amazon subsidiary, Ring, lists with access data had reached the Internet. Some netizens made fun of logging into users’ homes in lines. And in specific cases to harass the neighbors with requests for nudity through the loudspeaker. Security camera

Puff up:Bitdefender, The Verge, Computer beeping

Leave your vote

Leave a Comment

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.