Skip to main content

WyzeCam’s security flaw should not have been kept secret

When you put a security camera in your home, it’s to keep an eye on things for yourself — not to let hackers peer through the internet into your home.

The possibility that someone is on the other side of that blackened camera lens has long been a concern for many homeowners, and one of the reasons that smart home technology has yet to fully catch on. The potential privacy implications are enormous, but companies have constantly reassured consumers that any vulnerabilities were patched and that users were safe.

All companies except Wyze, apparently.

The WyzeCam sits on a desk with a camera in the background.
Daven Mathies/Digital Trends

Sweeping security under the rug

Earlier this year, Wyze discontinued the WyzeCam v1 without much explanation. Not much was made of it; with the availability of the WyzeCam v3, discontinuing an earlier model seemed like an obvious decision.

Recommended Videos

But on March 29, the security firm Bitdefender revealed another possible reason the company stopped selling the camera: A security vulnerability that made it possible for hackers to access the camera over the internet, make off with your encryption key, and even download the camera’s video feed.

Bitdefender says the issue was brought to Wyze’s attention in 2019. If true, Wyze has known about this security flaw for three years, but consumers have not.

Wyze made a statement that “continued use of the WyzeCam after February 1, 2022, carries increased risk, is discouraged by Wyze, and is entirely at your own risk.” There was no explanation of why the message was sent, nor any acknowledgement of the potential risk consumers have faced over the past several years.

A close-up of the Wyze Cam v3.
John Velasco / Digital Trends

The issue has been patched out of WyzeCam v2 and v3, but that’s not enough. When a security flaw this large is discovered, it should be acknowledged and corrected, even if products need to be recalled.

A summary of the problem in non-technical terms: Hackers could access the camera without verifying their identity by accessing a specific port due to the way SD cards are addressed within the system. According to BleepingComputer, this part of the problem was fixed on September 24, 2019.

Another part was corrected with an update on November 9, 2020, a full 21 months after its initial discovery. The largest part of the exploit — the ability for hackers to access content on your camera’s SD card — wasn’t corrected until January 29, 2022.

Let me point out something important here: These security updates are only available on the WyzeCam v2 and v3. The WyzeCam v1 is still vulnerable and always will be. If you are using one of these devices, you might want to consider unplugging it and tossing it — perhaps from a third-floor window?

It’s not the first time

No device is entirely invulnerable to hackers. Ring has suffered from vulnerabilities in the past, and in November 2021, a smart home network in South Korea experienced one of the most widespread security breaches of any smart device yet.

In 2018, a man claimed a hacker spoke to him through his Nest IQ Cam. The difference is this hacker warned the man that his device was vulnerable and suggested security improvements, then apologized for startling him.

The Nest Cam IQ in a home.
Terry Walsh/Digital Trends

The next time Nest was hacked (in 2019), the end result wasn’t quite as heartwarming. A family in Illinois were taunted by a hacker who shouted racial slurs at them through their camera, before the hacker hijacked the smart thermostat and turned the temperature in the home up to 90 degrees.

Wyze isn’t the first company to suffer from security vulnerabilities, but it is the first company (as far as we know) that seemed to completely ignore the problem. Ring and Nest recognized the flaws, apologized, and sought to correct the issue. Wyze’s radio silence on this issue is concerning and sets a poor precedent for consumer trust.

What you can do

Security cameras still have a place in the home. There are a lot of strong reasons to continue using cameras, whether you’re keeping an eye on your pets or watching over an elderly relative. There are plenty of brands to choose from that haven’t suffered horrible security breaches.

You just need a security camera with a physical privacy shutter. A mechanical shutter means you know exactly when the camera is streaming and when it isn’t. The opening of the shutter is often accompanied by an audible click or a chime from the camera.

Most cameras with physical privacy shutters let you automatically shut them when the camera isn’t in use. Even smart displays like the Echo Show 15 have a privacy shutter, although that one has to be opened and closed by hand.

You should also make conscious decisions when shopping for a home security camera. Research what brands value privacy the most. Accidents and hacks will happen — that’s unavoidable. What matters is how the companies react. Do they acknowledge the problem and strive to fix it, or do they pretend there is no problem and leave their customers vulnerable?

My WyzeCam is unplugged. And it will remain that way until I feel assured the problem is truly fixed.

Topics
Patrick Hearn
Patrick Hearn writes about smart home technology like Amazon Alexa, Google Assistant, smart light bulbs, and more. If it's a…
The Echo Dot with Clock has been discontinued
Amazon Echo Show 5th Generation on a shelf.

One of the best Amazon devices -- the Echo Dot with Clock -- is being discontinued by Amazon. Its store page says that it's "currently unavailable," and Amazon does not plan to issue a restock.

The Echo Dot with Clock took everything great about the standard Echo Dot and bundled it with a minimalistic display. This allowed you to quickly glance at the device to see the time or current weather forecast, making it a popular option when seeking a connected smart speaker for your home. Our review gave it a stellar 9 out of 10, praising it for its sleek design, impressive audio, and innovative interface.

Read more
Arlo’s new Security Tag lets you arm/disarm your security system with just a tap
The Arlo Security Tag pressed against the Arlo Video Doorbell.

Arlo recently launched a home security system, expanding its lineup of cameras to include a multifaceted sensor that detects motion, opened windows, environmental hazards, and more. It can also be bundled with professional monitoring, giving owners an affordable way to secure their property. The company is now expanding the system with the all-new Security Tags, which arm or disarm the system when tapped against your Arlo Video Doorbell or Keypad Sensor Hub.

The NFC tag is available in a two-pack and costs just $20. It brings some unique (and long-awaited) functionality to the Arlo Security System, as being able to quickly arm or disarm the entire home with a single tap from the Security Tag streamlines your home security. Prior to the launch of the tag, you'd have to enter a password into the Keypad or open the mobile app. This turns the process into something that takes just a few seconds.

Read more
Ring is launching its first integrated pan-tilt security camera later this year
The Pan-Tilt Indoor Cam Starlight on a shelf.

Ring's catalog is growing a bit larger this month with the arrival of the Ring Pan-Tilt Indoor Cam on May 30. This marks the first time the company has released an integrated pan-tilt camera, and for shoppers seeking a device that can capture all corners of their room, it should be an enticing option.

Using the Ring app, you can control the viewing angle of the Pan-Tilt Cam remotely. Its motorized base can swivel up or down and pan left or right, allowing you to move the camera as you see fit. That allows for 360-degree horizontal coverage and 169-degree vertical tilt coverage. Ring says it designed the camera to deal with a variety of common situations experienced by its customers -- such as scanning a living room to check on a pet or attempting to monitor multiple doorways and windows throughout the home.

Read more