When Wyze declared in late January that it would discontinue the unique Wyze Cam only times later, it couched the transfer as a celebration, likely so significantly as to say that the digital camera “will always hold a unique location in our hearts.”
But even as Wyze promised that “you can still use your Wyze Cam v1” adhering to its impending February 1 stop-of-lifestyle day, the enterprise additional ominously–and only in a footnote–that “your ongoing use of the Wyze Cam v1 soon after February 1, 2022 carries elevated risk, is discouraged by Wyze and is fully at your very own threat.”
At the time, anything sounded a tiny, well, off about Wyze’s sudden announcement. Now, it appears we know why.
Previously this 7 days, cybersecurity agency Bitdefender discovered (as initially documented by BleepingComputer) that it had previously–as in a few yrs ago–discovered a trio of serious Wyze Cam vulnerabilities, a single of which would have allowed attackers to access the info on the camera’s SD card, which includes recorded movie footage.
Bitdefender states it in the beginning warned Wyze about the flaws in March 2019. The first two bugs had been patched in September 2019 and November 2020, but the SD card flaw remained unpatched until eventually January 29, 2022, and only the Wyze Cam v2 and v3 bought the correct, leaving the unique Wyze Cam susceptible to the security gap.
When saying that it was “retiring” the Wyze Cam v1, Wyze mentioned it was because the digital camera “can no for a longer time guidance a essential security update.” On the lookout again, it guaranteed sounds like the update Wyze was referring to was the SD card vulnerability patch that the Wyze Cam v2 and v3 been given.
I have but to hear back again from Wyze about the Bitdefender report, but in a assertion to BleepingComputer, a Wyze rep claimed:
At Wyze, we set enormous worth in our users’ have faith in in us, and acquire all stability worries critically.
We are constantly evaluating the safety of our systems and choose correct measures to protect our customers’ privacy. We appreciated the liable disclosure offered by Bitdefender on these vulnerabilities. We labored with Bitdefender and patched the safety concerns in our supported items. These updates are currently deployed in our newest application and firmware updates.
Which is all perfectly and excellent, but it does not remedy the dilemma of why Wyze didn’t merely explain the SD card vulnerability in the initial, unpatched Wyze Cam and explicitly alert people of the threats.
A wise female in the technological innovation sector at the time instructed me, “We really don’t provide toothpaste we promote trust.” Properly, Wyze is now facing a severe trustworthiness hole, and it requirements to appear thoroughly clean. An apology is possibly in get, far too.