Wyze needs to come clean about the Wyze Cam’s security flaws

When Wyze introduced in late January that it would discontinue the unique Wyze Cam only days later on, it couched the transfer as a celebration, heading so much as to say that the digicam “will normally maintain a unique put in our hearts.” 

But even as Wyze promised that “you can even now use your Wyze Cam v1” next its impending February 1 close-of-lifestyle day, the firm extra ominously–and only in a footnote–that “your continued use of the Wyze Cam v1 right after February 1, 2022 carries improved possibility, is discouraged by Wyze and is fully at your have chance.”

At the time, one thing sounded a very little, effectively, off about Wyze’s unexpected announcement. Now, it seems we know why. 

Previously this week, cybersecurity agency Bitdefender disclosed (as 1st documented by BleepingComputer) that it experienced previously–as in 3 decades ago–discovered a trio of serious Wyze Cam vulnerabilities, a single of which would have allowed attackers to accessibility the information on the camera’s SD card, such as recorded online video footage. 

Bitdefender suggests it at first warned Wyze about the flaws in March 2019. The 1st two bugs had been patched in September 2019 and November 2020, but the SD card flaw remained unpatched right up until January 29, 2022, and only the Wyze Cam v2 and v3 got the resolve, leaving the authentic Wyze Cam vulnerable to the safety hole.

When announcing that it was “retiring” the Wyze Cam v1, Wyze said it was simply because the camera “can no longer assistance a essential safety update.” Searching again, it guaranteed appears like the update Wyze was referring to was the SD card vulnerability patch that the Wyze Cam v2 and v3 gained.

I have however to listen to back again from Wyze about the Bitdefender report, but in a statement to BleepingComputer, a Wyze rep stated:

At Wyze, we set immense value in our users’ have confidence in in us, and get all security fears critically.

We are frequently analyzing the stability of our methods and take correct steps to defend our customers’ privateness. We appreciated the responsible disclosure presented by Bitdefender on these vulnerabilities. We worked with Bitdefender and patched the security difficulties in our supported solutions. These updates are presently deployed in our most current application and firmware updates.

Which is all nicely and great, but it does not response the question of why Wyze didn’t only make clear the SD card vulnerability in the unique, unpatched Wyze Cam and explicitly warn consumers of the dangers.

A clever girl in the engineering sector when informed me, “We do not sell toothpaste we market belief.” Nicely, Wyze is now dealing with a significant reliability hole, and it requirements to occur clean up. An apology is in all probability in get, also.