The original Wyze Cam reportedly has a big security hole

Wyze’s primary and not long ago discontinued Cam v1 suffers from a flaw that permits attackers to perspective the contents of the camera’s SD card, in accordance to protection scientists.

Cybersecurity firm Bitdefender (via BleepingComputer) has published a white paper detailing the stability hole, which allows hackers accessibility the authentic Wyze Cam’s SD card by exploiting a webserver vulnerability.

The bug was 1st reported back again in March 2019, Bleeping Laptop or computer studies, and Wyze ultimately patched the protection hole for the Wyze Cam v2 and v3 just two months in the past. But the flaw remains unpatched in the first Wyze Cam, which Wyze “retired” on February 1.

Notably, Wyze stated that it was discontinuing the Wyze Cam v1 since it “can no extended guidance a necessary protection update.” 

Wyze additional that whilst customers of the initially Wyze Cam, which will obtain no long term security patches, would continue to be in a position to use the camera, carrying out so “carries amplified possibility, is discouraged by Wyze and is completely at your personal threat.”

It’s not distinct if the “necessary security update” that Wyze was referring to was the patch that Wyze launched for the SD card flaw in January. We’ve attained out to Wyze for remark.

As BleepingComputer notes, the SD card on a Wyze Cam outlets a range of details over and above recorded video footage, which include the device’s log data files and UUID (universally exceptional identifier number).

In a blanket suggestion, Bitdefender suggests that wise home end users should “keep a close eye on IoT devices” as nicely as “isolate them as a lot as possible from the area or guest network.”

But given what seems to be a pretty really serious stability vulnerability that will probable never be patched, buyers of the Wyze Cam v1 ought to possibly go forward and toss their out of date cameras in the e-cycle bin.