Despite being a tech enthusiast, I often find myself with some form of disdain towards a lot of new tech, such as NFTs, AI, and smart home devices for example, Alexa and smart home security cameras. I’m of the opinion that having a camera inside my home that is connected to the Internet is one of the stupidest things someone could do to their own home, and one of the companies behind these cameras, WYZE, has confirmed why I think this is stupid.
WYZE are a company that creates home security devices, mostly cameras for both inside the house and outside the house, they are seen as one of the leading choices in this particular market. Recently (Via TomsHardware) the company issued a statement regarding a security incident that occurred on 2/16/24. The company had an AWS service outage on that day that led to some customers receiving access to the wrong camera feeds from other people’s homes.
The company sent out several emails to their customers depending on how they were effected including the first to all unaffected customers, a second to “users whose event thumbnails were made available to others but not tapped on.”, a third to “users whose event thumbnails were made available to others and were tapped on.” and finally a fourth that “went out to users who had thumbnails made available to them that were not their own, but their thumbnails were not made available to others.” All of these emails can be read on forums.wyze.com.
In the emails, the company confirms that as cameras were coming back online, “around 13,000 WYZE users received thumbnails from cameras that were not their own” and of those 13,000, 1,504 users tapped on them. In most cases this only showed an enlarged thumbnail, but in some the full event video could be viewed.
WYZE claims this happened due to a third-party caching client library that was recently integrated into their system. This library received “unprecedented load conditions” caused by devices all coming back online at once and mixing up the device ID and user ID mapping.
To ensure that this does not happen again, WYZE has added a new layer of verification before users are connected to Event Videos, they have also modified their system to bypass caching for checks on user-device relationships until they identify new client libraries that are thoroughly stress tested for extreme events such as the one experienced on Friday.
Of course this event wasn’t malicious and for the most part, the affected customers likely have no idea who’s feed they were looking at, but it is still concerning. The key prevention here is to stop using network connected smart cameras inside your homes, outside sure, but inside? No thank you.
Despite Helldivers II's popularity, fans have long felt the game lacked collaborations. Nearly a year…
The anti-cheat system in Call of Duty: Black Ops 6 and Warzone has not met…
The NVIDIA app, which recently replaced GeForce Experience, has gained popularity for its revamped interface…
AMD is gearing up to expand its CPU lineup in early 2025, with recent leaks…
Following the leak of AMD's flagship laptop CPU, another processor from the AMD Kraken Point…
DeepCool has just announced the ASSASSIN IV VC VISION CPU cooler, the latest in its…