Security Camera Maker Wyze Admits to 23-Day Data Breach

Security Camera Maker Wyze Admits to 23-Day Data Breach

Internet connected home security cameras have become a big business with companies like Google’s Nest and Amazon’s Ring dominating the high-end market. However, there are also numerous smaller players like the budget-minded Wyze. This company attracted attention for its $20 security camera and other super-cheap smart home products. However, Wyze now admits it suffered a serious security breach in December.

Wyze security cameras don’t have batteries, 4K resolution, or advanced AI like some devices on the market, but they’re cheap enough that you can keep an eye on your humble abode for a relative pittance. Whereas a 1080p Wyze camera costs $20, the basic indoor Nest Camera costs $200. However, Nest has Google’s account security, which is among the most robust you’ll find. Wyze recently made a grave error when it left a repository of user data wide open for several weeks.

The saga started last week when consulting firm Twelve Security reported that it discovered a copy of Wyze’s database accessible online. Wyze later confirmed the scale of the breach in an email to consumers. The data included camera names, Wi-Fi SSIDs, activation times, and access tokens for mobile apps and Alexa. Passwords and stored recordings were not part of the breach. Reports indicate about 2.4 million users were put at risk.

Wyze says the database was accidentally copied to an insecure location by an employee. The company doesn’t believe anyone’s login data is compromised, but the availability of login tokens could have allowed a determined third-party to hijack accounts. As a precaution, Wyze logged everyone out and reset tokens.

Unsecured Wyze databases, via Twelve Security.
Unsecured Wyze databases, via Twelve Security.

Twelve Security says the database was accessible between December 4th and the 26th, but that’s not the only issue. The company also claims Wyze is routing traffic through Alibaba’s servers in China, which will no doubt set off alarm bells for some US consumers. Wyze, however, denies this claim. Twelve Security also says Wyze’s US servers were never as secure as its Chinese servers, suggesting user data might have been accessible in some form all the way back in January 2019. Wyze has yet to respond to that, but it continues to investigate.

While devices like Wyze cameras can be appealing, it’s important to remember they aren’t bulletproof. This is far from the first time a camera maker has had a data breach, and it won’t be the last. It’s probably a good idea to make sure these devices aren’t pointed at anything you wouldn’t want revealed.

Continue reading

The Biden Administration Pledges to Address the Semiconductor Shortage
The Biden Administration Pledges to Address the Semiconductor Shortage

Early on Thursday, a group of US chip designers and manufacturers sent a letter to the White House, asking that the government include “substantial funding for incentives for semiconductor manufacturing” as part of the overall COVID-19 economic recovery plan. The Biden Administration has now pledged to take action to help remedy the situation by “identifying…

The US Air Force Quietly Admits the F-35 Is a Failure
The US Air Force Quietly Admits the F-35 Is a Failure

The Air Force has finally admitted that the F-35 is not the aircraft the military hoped it would be, though we doubt Ferrari would appreciate being compared with the F-35.

Microsoft Admits Some Bethesda Games Will Be Xbox Exclusives
Microsoft Admits Some Bethesda Games Will Be Xbox Exclusives

Microsoft has admitted that at least some Bethesda games will be Xbox and PC exclusives.

Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse
Razer Synapse Bug Gives Windows Admin Access to Anyone Who Can Plug in a Mouse

You might want to keep an eye on your USB ports for the next few days. A security researcher has disclosed a disturbingly easy way to gain admin privileges in Windows 10 without a password, and for once, it's not Microsoft's fault.