Nope, it's not privacy worry-induced déjà vu. Wyze camera users have once again reported seeing into another user's home via their home-monitoring devices, in a second display of what could be a potentially serious security flaw.
“We have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab," explained Wyze cofounder David Crosby in a statement to the Verge. The security snafu followed an extended outage of Wyze service and AWS issues on Feb. 16, which downed user cameras for nearly nine hours. As devices went live, users reported seeing thumbnail images of another home in the camera app's Events tab.
A reported 14 users were able to see the thumbnails. "One of my cameras notified me of an event from inside someone else home with them in it walking around. Absolutely no security with wyze whatsoever," wrote Reddit user @gengarghos.
Crosby posted an explanation to Wyze's public forum, noting that none of the users were able to connect to livestreams of the stranger's home. "As soon as we saw these reports we took down the Events tab. We then added in an extra layer of verification for each user before they could see thumbnails. To be extra safe, we are now force logging out all users who have used the Wyze app today to reset tokens," Crosby explained.
In September, Wyze users took to Reddit to report a nearly identical incident of accounts being given accidental access to the personal feeds of recently-logged on users. Reddit users theorized at the time that it was a web caching issue for users of the desktop site. The company confirmed their suspicions and committed to preventing similar issues in the future.
This event may presage a larger security issue. In 2022, Wyze was found to be obscuring security vulnerabilities in its v1 model cameras, despite warnings from security experts.
In response to Crosby's forum post, one user wrote: "Sure Jan! Just report back to your long-time Customers, (2019 here) what consolation services will you provide, for those of us who suffered severe security issues THANKS to your leaky anti-hack defenses. We’re all waiting..."
Topics Privacy