About 13,000 Wyze Customers Affected by Camera Glitch
2024-2-20 23:18:54 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

Users of Wyze’s home security cameras over the past several days have reported glitches with the internet-connected devices, from losing camera coverage for hours to being able to see images and video from other people’s cameras.

It turns out the problem originated from cloud giant Amazon Web Services (AWS), a Wyze partner, which took down Wyze devices for several hours the morning of February 16.

“If you tried to view live cameras or events during that time you likely weren’t able to,” Wyze executives wrote in emails sent February 19 to users. “As we worked to bring cameras back online, we experienced a security issue. Some users reported seeing the wrong thumbnails and Event Videos in their Events tab. We immediately removed access to the Events tab and started an investigation.”

As the Wyze cameras were going back online, about 13,000 users got thumbnails that weren’t their own and 1,504 tapped on the them. In most cases, tapping on them enlarged the thumbnails, but there were some instances where doing so allowed for an Event Video from someone else’s camera to be viewed.

“The incident was caused by a third-party caching client library that was recently integrated into our system,” the company wrote. “This client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.”

Preventative Steps Taken

Wyze said it’s taken steps to prevent this from happening again, including adding another layer of verification before user are connected to Event Videos – which are 12-second recorded videos created when the device detects motion or sound – and modifying the system to bypass caching for checks on user-device relationships until the company can identify new client libraries that are stress tested for events like the one that happened February 16.

In addition, when the problems first arose, the company logged out customers who had used the cameras that day to reset tokens, according to David Crosby, Wyze co-founder and chief marketing officer.

The company also noted efforts it’s made over the past few years to improve security, including building a security team, implementing multiple processes, creating new dashboards, and running a bug bounty program. In addition, at the time of the latest incident, Wyze was undergoing multiple third-party audits and penetration tests.

That said, executive wrote in the email that they understood users’ disappointment, adding that “we must do more and better, and we will.”

Users Warn Others to Be Cautious

Wyze users on Reddit warned about the use – or how people used – such Internet of Things (IoT) devices, both for privacy and security reasons.

“If you have voice assistants and cameras at home, you should expect this,” one commenter wrote. “I love tech and I use it frequently. But no alexas or cameras in my home. This thinking was pretty common when I grew up. Nowadays it seems to be an exception.”

“This will continue to happen until companies realize that attaching their tech to the Internet makes them a data security company first and a hardware company second,” another wrote.

While some supported Wyze, saying it was better than many similar companies, there also were reminders that a similar event happened in September 2023, when an engineer was fixing a bug on the company’s online web-viewing portal. When the fix was deployed, a caching-setting error resulted in about 2,300 users who logged into the portal could have seen cameras from one of the 10 affected user who also had logged in during the same 40-minute span, according to a Wyze message at the time.

Cameras and Other Connected Devices

Seattle-based Wyze, founded in 2017 and claiming more than 10 million users, offers a number of cameras for floodlights and doorbells as well as other connected devices, including light bulbs, smart plugs, door locks, cordless vacuums, alarms, air filters, thermostats, and routers. It’s raised $120 million in funding.

Wyze plays in a fast-growing space. According to analysts at Statista, the smart home security space is among the most important smart home market segments. It is expected to hit about $32.5 billion this year and almost double in size by 2029, they wrote. Last year, about 252 million units of smart home monitoring and security devices shipped, with connected cameras and doorbells among the most common products.

For vendors, such devices are a continuing money maker, with ongoing revenues coming in via subscriptions for access to saved recordings, according to Statista.

It’s also a crowded market, with Wyze competing against such companies as ADT, Vivant, SimpliSafe, and Ring Alarm.

Recent Articles By Author


文章来源: https://securityboulevard.com/2024/02/about-13000-wyze-customers-affected-by-camera-glitch/
如有侵权请联系:admin#unsafe.sh