Security Camera Maker Wyze Admits to 23-Day Data Breach

Security Camera Maker Wyze Admits to 23-Day Data Breach

Internet connected home security cameras have become a big business with companies like Google’s Nest and Amazon’s Ring dominating the high-end market. However, there are also numerous smaller players like the budget-minded Wyze. This company attracted attention for its $20 security camera and other super-cheap smart home products. However, Wyze now admits it suffered a serious security breach in December.

Wyze security cameras don’t have batteries, 4K resolution, or advanced AI like some devices on the market, but they’re cheap enough that you can keep an eye on your humble abode for a relative pittance. Whereas a 1080p Wyze camera costs $20, the basic indoor Nest Camera costs $200. However, Nest has Google’s account security, which is among the most robust you’ll find. Wyze recently made a grave error when it left a repository of user data wide open for several weeks.

The saga started last week when consulting firm Twelve Security reported that it discovered a copy of Wyze’s database accessible online. Wyze later confirmed the scale of the breach in an email to consumers. The data included camera names, Wi-Fi SSIDs, activation times, and access tokens for mobile apps and Alexa. Passwords and stored recordings were not part of the breach. Reports indicate about 2.4 million users were put at risk.

Wyze says the database was accidentally copied to an insecure location by an employee. The company doesn’t believe anyone’s login data is compromised, but the availability of login tokens could have allowed a determined third-party to hijack accounts. As a precaution, Wyze logged everyone out and reset tokens.

Unsecured Wyze databases, via Twelve Security.
Unsecured Wyze databases, via Twelve Security.

Twelve Security says the database was accessible between December 4th and the 26th, but that’s not the only issue. The company also claims Wyze is routing traffic through Alibaba’s servers in China, which will no doubt set off alarm bells for some US consumers. Wyze, however, denies this claim. Twelve Security also says Wyze’s US servers were never as secure as its Chinese servers, suggesting user data might have been accessible in some form all the way back in January 2019. Wyze has yet to respond to that, but it continues to investigate.

While devices like Wyze cameras can be appealing, it’s important to remember they aren’t bulletproof. This is far from the first time a camera maker has had a data breach, and it won’t be the last. It’s probably a good idea to make sure these devices aren’t pointed at anything you wouldn’t want revealed.

Continue reading

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

Jupiter’s Moon Europa Might Glow in the Dark
Jupiter’s Moon Europa Might Glow in the Dark

The intense radiation bombarding Europa might make it glow in the dark, and that could help scientists learn more about the moon's ice sheets and the ocean below.

Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated
Which Is Faster, the Xbox Series X or PlayStation 5? Early Data Says It’s Complicated

Competitive head-to-head data on the Xbox Series X versus the PlayStation 5 is beginning to trickle out.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.