Despite being a tech enthusiast, I often find myself with some form of disdain towards a lot of new tech, such as NFTs, AI, and smart home devices for example, Alexa and smart home security cameras. I’m of the opinion that having a camera inside my home that is connected to the Internet is one of the stupidest things someone could do to their own home, and one of the companies behind these cameras, WYZE, has confirmed why I think this is stupid.
WYZE are a company that creates home security devices, mostly cameras for both inside the house and outside the house, they are seen as one of the leading choices in this particular market. Recently (Via TomsHardware) the company issued a statement regarding a security incident that occurred on 2/16/24. The company had an AWS service outage on that day that led to some customers receiving access to the wrong camera feeds from other people’s homes.
The company sent out several emails to their customers depending on how they were effected including the first to all unaffected customers, a second to “users whose event thumbnails were made available to others but not tapped on.”, a third to “users whose event thumbnails were made available to others and were tapped on.” and finally a fourth that “went out to users who had thumbnails made available to them that were not their own, but their thumbnails were not made available to others.” All of these emails can be read on forums.wyze.com.
In the emails, the company confirms that as cameras were coming back online, “around 13,000 WYZE users received thumbnails from cameras that were not their own” and of those 13,000, 1,504 users tapped on them. In most cases this only showed an enlarged thumbnail, but in some the full event video could be viewed.
WYZE claims this happened due to a third-party caching client library that was recently integrated into their system. This library received “unprecedented load conditions” caused by devices all coming back online at once and mixing up the device ID and user ID mapping.
To ensure that this does not happen again, WYZE has added a new layer of verification before users are connected to Event Videos, they have also modified their system to bypass caching for checks on user-device relationships until they identify new client libraries that are thoroughly stress tested for extreme events such as the one experienced on Friday.
Of course this event wasn’t malicious and for the most part, the affected customers likely have no idea who’s feed they were looking at, but it is still concerning. The key prevention here is to stop using network connected smart cameras inside your homes, outside sure, but inside? No thank you.
Phil Spencer has spoken out against what he calls "manipulative expansions"—additional content derived from material…
Razer has introduced the USB 4 Dock, a high-performance accessory designed to combine ultra-fast data…
A major supplier of GPU cooling components has indicated that we could see the arrival…
MSI first unveiled its top-tier AM5 motherboard, the MEG X870E GODLIKE, in August this year.…
80% UltraFast Recharging in 43 Minutes: Be ready for adventure in 43 minutes (100% in…
Powered by Intel's 13th Generation i7-13620H 10 Core Processor Dedicated NVIDIA GeForce RTX 4070 (140…