Despite being a tech enthusiast, I often find myself with some form of disdain towards a lot of new tech, such as NFTs, AI, and smart home devices for example, Alexa and smart home security cameras. I’m of the opinion that having a camera inside my home that is connected to the Internet is one of the stupidest things someone could do to their own home, and one of the companies behind these cameras, WYZE, has confirmed why I think this is stupid.
WYZE are a company that creates home security devices, mostly cameras for both inside the house and outside the house, they are seen as one of the leading choices in this particular market. Recently (Via TomsHardware) the company issued a statement regarding a security incident that occurred on 2/16/24. The company had an AWS service outage on that day that led to some customers receiving access to the wrong camera feeds from other people’s homes.
The company sent out several emails to their customers depending on how they were effected including the first to all unaffected customers, a second to “users whose event thumbnails were made available to others but not tapped on.”, a third to “users whose event thumbnails were made available to others and were tapped on.” and finally a fourth that “went out to users who had thumbnails made available to them that were not their own, but their thumbnails were not made available to others.” All of these emails can be read on forums.wyze.com.
In the emails, the company confirms that as cameras were coming back online, “around 13,000 WYZE users received thumbnails from cameras that were not their own” and of those 13,000, 1,504 users tapped on them. In most cases this only showed an enlarged thumbnail, but in some the full event video could be viewed.
WYZE claims this happened due to a third-party caching client library that was recently integrated into their system. This library received “unprecedented load conditions” caused by devices all coming back online at once and mixing up the device ID and user ID mapping.
To ensure that this does not happen again, WYZE has added a new layer of verification before users are connected to Event Videos, they have also modified their system to bypass caching for checks on user-device relationships until they identify new client libraries that are thoroughly stress tested for extreme events such as the one experienced on Friday.
Of course this event wasn’t malicious and for the most part, the affected customers likely have no idea who’s feed they were looking at, but it is still concerning. The key prevention here is to stop using network connected smart cameras inside your homes, outside sure, but inside? No thank you.
iBFree E1018 Headphones with ACC Transmission Technology provides meticulous sounding wireless listening experience without affecting…
Xclio 2.1ch USB mini PC Speaker with SubWoofer, Interface: USB Bus Powered +3.5mm jack 8W…
MSI has introduced two new gaming mice, the Versa 300 Elite Wireless and the Versa…
Lighten up your life with the ultra-thin and super-light Zenbook S 13 OLED! This 1…
The MSI Thin 15 B12VE-1251UK is a sleek, lightweight laptop that blends powerful performance with…
The H7 Flow revolutionises targeted GPU cooling within a classic mid-tower form factor. Unlike dual-chamber…