Security camera maker Wyze crashes, allowing 13,000 customers to peek into other users' cameras



It was reported on February 16, 2024 that a camera made by security camera manufacturer

Wyze was experiencing an issue where it was possible to view other users' camera footage. According to Wyze, the number of affected users is approximately 13,000.

Update on Investigation of 2/16/24 Security Issue - Wyze News - Wyze Forum
https://forums.wyze.com/t/update-on-investigation-of-2-16-24-security-issue/291002



Wyze says camera breach let 13,000 customers briefly see into other people's homes - The Verge

https://www.theverge.com/2024/2/19/24077233/wyze-security-camera-breach-13000-customers-events

Wyze security failure let 13,000 customers see into other users' homes | Tom's Hardware
https://www.tomshardware.com/cameras/security-issue-at-wyze-allowed-13000-customers-to-access-other-users-video-feeds

In the early morning hours of February 16, 2024, Wyze experienced an issue where some users were able to view video from cameras that did not belong to them, and multiple users reported that they were able to view video from someone else's front door or living room. ” is reported.

I just got a motion push notification for someone else's Living Room camera
by u/chrispgriffin in wyzecam



At the beginning of the outage, Wyze estimated that only 14 people were able to look into other people's homes, but by February 19, 2024, that number had grown to 13,000. . On the other hand, ``1504 people actually viewed camera footage of someone else's home, and 99.75% of users were not affected at all,'' Wyze reports.

In addition, Wyze has removed the 'Event' tab that allows you to view other people's cameras from the dedicated app, added a layer of verification for each user before displaying video thumbnails, and added a token verification layer. It has been revealed that they have taken measures such as forcibly logging out all users who used the Wyze app in order to reset it.



According to Wyze, this problem stems from a system failure originating from AWS that occurred on February 16, 2024. After recovering from a system failure and all cameras coming back online, Wyze's system was under more stress than expected. As a result, it has been reported that device IDs and user IDs are not linked correctly, resulting in some data being connected to the wrong account.

'Until we identify a new client library that has been thoroughly stress tested against extreme events such as those experienced on February 16, 2024,' Wyze said in an email to affected users. We have modified the system to bypass the cache to check the relationship between the user and the device.' The company also issued a statement saying, ``We apologize for this inconvenience.We will do our best to regain everyone's trust.''

Update on Security Event
by u/WyzeCoFounderDave in wyzecam

in Software,   Hardware,   Security, Posted by log1r_ut