Security Camera Maker Wyze Admits to 23-Day Data Breach

Security Camera Maker Wyze Admits to 23-Day Data Breach

Internet connected home security cameras have become a big business with companies like Google’s Nest and Amazon’s Ring dominating the high-end market. However, there are also numerous smaller players like the budget-minded Wyze. This company attracted attention for its $20 security camera and other super-cheap smart home products. However, Wyze now admits it suffered a serious security breach in December.

Wyze security cameras don’t have batteries, 4K resolution, or advanced AI like some devices on the market, but they’re cheap enough that you can keep an eye on your humble abode for a relative pittance. Whereas a 1080p Wyze camera costs $20, the basic indoor Nest Camera costs $200. However, Nest has Google’s account security, which is among the most robust you’ll find. Wyze recently made a grave error when it left a repository of user data wide open for several weeks.

The saga started last week when consulting firm Twelve Security reported that it discovered a copy of Wyze’s database accessible online. Wyze later confirmed the scale of the breach in an email to consumers. The data included camera names, Wi-Fi SSIDs, activation times, and access tokens for mobile apps and Alexa. Passwords and stored recordings were not part of the breach. Reports indicate about 2.4 million users were put at risk.

Wyze says the database was accidentally copied to an insecure location by an employee. The company doesn’t believe anyone’s login data is compromised, but the availability of login tokens could have allowed a determined third-party to hijack accounts. As a precaution, Wyze logged everyone out and reset tokens.

Unsecured Wyze databases, via Twelve Security.
Unsecured Wyze databases, via Twelve Security.

Twelve Security says the database was accessible between December 4th and the 26th, but that’s not the only issue. The company also claims Wyze is routing traffic through Alibaba’s servers in China, which will no doubt set off alarm bells for some US consumers. Wyze, however, denies this claim. Twelve Security also says Wyze’s US servers were never as secure as its Chinese servers, suggesting user data might have been accessible in some form all the way back in January 2019. Wyze has yet to respond to that, but it continues to investigate.

While devices like Wyze cameras can be appealing, it’s important to remember they aren’t bulletproof. This is far from the first time a camera maker has had a data breach, and it won’t be the last. It’s probably a good idea to make sure these devices aren’t pointed at anything you wouldn’t want revealed.

Continue reading

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.

Sony’s New Xperia Pro Smartphone Is a $2,500 Camera Accessory
Sony’s New Xperia Pro Smartphone Is a $2,500 Camera Accessory

This device is aimed at professional and enthusiast photographers who want a powerful accessory for their cameras. It's also Sony's first 5G smartphone in the US, but the price is positively jaw-dropping at $2,500.

Google Will Use Pixel’s Camera to Measure Heart Rate and Breathing
Google Will Use Pixel’s Camera to Measure Heart Rate and Breathing

Like many of Google's machine learning projects, this one is coming first to Pixel phones, and more phones will probably get it down the line.

New Xiaomi Phone Has a Secondary Display in the Camera Hump
New Xiaomi Phone Has a Secondary Display in the Camera Hump

Chinese mobile giant Xiaomi is set to announce a new device called the Mi 11 Ultra, and the device has leaked early. It's got a giant camera module that supports up to 120x zoom, and there's even an extra screen. Yes, a screen in the camera hump. Because why not, I guess?