Endpoint Security , Internet of Things Security

Wyze Security Incident Exposes Private Cameras

13,000 Users Received Incorrect Thumbnails; 1,504 Tapped on Them, Risking Privacy
Wyze Security Incident Exposes Private Cameras
Wyze customers may have gotten glimpses into other people's homes. (Image: Wyze)

A glitch in Wyze home security cameras permitted thousands of users to catch glimpses inside strangers' homes as its cloud system came back online after an outage of several hours.

See Also: SASE: Recognizing the Challenges of Securing a Hybrid Workforce

Smart home device maker Wyze said the incident had unfolded during a service outage on Friday morning that stemmed from a disruption in Wyze cloud provider Amazon Web Services.

The flaw came to light after users started reporting inaccurate thumbnails and event videos in their Events tab. Wyze responded by revoking access to the Events tab and launching an immediate investigation.

The investigation revealed around 13,000 Wyze users had received thumbnails from cameras that were not their own, and around 1,504 users had tapped on the thumbnails. The event thumbnails of those affected were visible in other Wyze users' accounts and in some instances, unauthorized access to event videos was allowed.

The company said the incident stems from a recently integrated third-party caching client library within Wyze's system. The library, which was under unprecedented load conditions due to a surge in devices reconnecting simultaneously, experienced a mix-up of device ID and user ID mapping. This misconfiguration resulted in some data being linked to incorrect user accounts.

Wyze said it has introduced additional verification layers before users can access event videos. It also said it has adjusted the system to bypass caching for checks on user-device relationships until it has identified thoroughly tested client libraries.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.