Wyze security flaw let hackers access videos — and a fix took years

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Vulnerabilities spotted in the Wyze Cam in 2019 allowed hackers access to videos stored locally, with certain fixes not implemented until 2022 - and one model will never be secured.

According to BleepingComputer, three flaws were detected by Bitdefender researchers in March 2019. The chief vulnerability concerned the potential for hackers to access media on SD cards inserted into the camera.

A related authentication flat was fixed by Wyze in an update issued in September 2019. The third vulnerability, regarding remote control execution, was also fixed, but not until November 2020.

Then the major flaw was not addressed with a firmware update until January 2022.

Consequently, all three vulnerabilities have been addressed - but not for all users. Any user of Wyze Cam version 2, released in 2018, and version 3, released in 2020, must update their firmware via Wyze's site.

Although version 2 superseded the original Wyze Cam, that model was not discontinued until 2020. Nonetheless, Wyze has not and reportedly will not fix the vulnerability in version 1.

"After working for more than two years on this issue," wrote Bitdefender researchers, " logistic and hardware limitations on the vendor's side prompted the discontinuation of version 1 of the product, which leaves existing owners in a permanent window of vulnerability."

"We advise users to stop using this hardware version as soon as possible," the researchers continued.

In a statement to BleepingComputer, a Wyze cybersecurity spokesperson stressed that versions 2 and 3 of the camera are safe to use, once they have the latest firmware update.

"At Wyze, we put immense value in our users' trust in us, and take all security concerns seriously," said the spokesperson. "We are constantly evaluating the security of our systems and take appropriate measures to protect our customers' privacy."

"We appreciated the responsible disclosure provided by Bitdefender on these vulnerabilities," continued the company. "We worked with Bitdefender and patched the security issues in our supported products. These updates are already deployed in our latest app and firmware updates."