In September, some Wyze webcams allowed random users to look into your home (or vice versa). Here we go again… Wyze co-founder David Crosby confirmed that at least 14 users were able to briefly look into someone else’s property because they were shown an image from someone else’s camera.
Wyze webcam owners saw other people’s homes due to caching error
We’ve now discovered a security issue that could cause some users to see video from cameras that don’t belong to them.
— Crosby told The Verge.
After a lengthy outage that Wyze said was caused by problems with AWS, at least 14 users reported that their Wyze app was showing them images they weren’t supposed to see – on someone else’s porch, and in some cases, living room. Some videos were from completely different time zones.
Seeing inside someone else’s home
byu/gengarghos inwyzecam
Cams showing up that aren’t mine
byu/frozen-icecube inWyze
Wyze previously hid a security vulnerability for three years by not notifying its customers that its version 1 cameras, which were not patchable, could theoretically allow hackers to access video streams over the Internet.
Dave Crosby, Wyze Chief Marketing Officer:
Following an AWS outage this morning, our servers were overloaded, causing some user data to become corrupted. We have now identified a security issue that may result in some users seeing thumbnails of cameras that do not belong to them in the Events tab. Luckily, they couldn’t view the live streams or view these videos, only thumbnails were visible.
We have now received 14 reports of such cases, but we are currently identifying all affected users. These users will be notified as quickly as possible. We will also send a message to all Wyze users explaining what happened.
As soon as we saw these messages, we closed the Events tab. We then added an additional layer of verification for each user before they can see the thumbnails. For added security, we are forcefully logging out any users who used the Wyze app today to reset their tokens.
We will explain in more detail once we have completed our investigation into exactly how this happened and the further steps we will take to make sure it doesn’t happen again. Once again we apologize for today’s inconvenience. Thanks to everyone who helped report incidents and restore the devices. We offer our deepest apologies to everyone affected by this.
The competition for ITS authors continues. Write an article about the development of games, gaming and gaming devices and win a professional gaming wheel Logitech G923 Racing Wheel, or one of the low-profile gaming keyboards Logitech G815 LIGHTSYNC RGB Mechanical Gaming Keyboard!