Remember the $20 Wyze Cam? If you do, you should read this
A security hole could have let anyone watch your recordings.
A security issue present on all models of the Wyze Cam took the company three years to fix. The issue allowed potential bad actors remote access to your SD card recordings. Yikes.
A new blog from Bitdefender via BleepingComputer outlines the issue and several others that were previously fixed. All three issues were originally disclosed to Wyze by Bitdefender in March 2019.
Yes, that was three years ago. As The Verge points out, Wyze knew hackers could remotely access your camera for three years and said nothing.
To be fair, Wyze fixed one issue which allowed attackers to bypass login details later in 2019. Another issue that enabled attackers to run their own code on the device was patched later in November 2020. Wyze fixed the SD card vulnerability in January of this year.
What steps should you take now with your Wyze Cam?
The first thing to know is that Wyze Cam V1 didn’t receive any of the security updates necessary. Bitdefender says to stop using any V1 cameras immediately.
After working for more than two years on this issue, logistic and hardware limitations on the vendor’s side prompted the discontinuation of version 1 of the product, which leaves existing owners in a permanent window of vulnerability. We advise users to stop using this hardware version as soon as possible.
The Wyze Cam V2 and Wyze Cam V3 do have security updates available to fix the issues. Here’s how to enable those updates.
In the Wyze app, tap on your Wyze Cam
Tap on the Settings gear, then Device Info > Firmware Version.
You can also check and update your firmware from the Home tab, by tapping Account > Firmware Update
You can also manually update by downloading the firmware updates from Wyze’s official download portal. That’s the only trustworthy place to get firmware updates, so don’t trust any other site offering downloads for your Wyze Cam.
Wyze told BleepingComputer that “both v2 and v3 cameras are perfectly safe to use with the latest firmware update.”
That said, it’s wise to deactivate your Internet of Things devices when they’re not in use, and to have them on a separate, isolated network so they’re not reachable outside your home.
Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.
- Amazon has a new $60 smart thermostat to compete with Nest and Wyze
- Wyze introduces two new smart gadgets to its lineup – a $25 wearable and $20 smart scale
- Review: Wyze Lock – an affordable smart lock with minimal features
- Wyze’s new Complete Motion Capturing service removes the recording limits of the free plan
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Disclosure: Wyze was a past client of EZPR, a media relations firm where Kevin, KnowTechie’s editor-in-chief, holds a position. However, he did not participate in this post’s writing, editing, or publishing. He remains unbiased and independent in his role at KnowTechie.