{"id":23981,"date":"2024-02-28T10:56:55","date_gmt":"2024-02-28T18:56:55","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17711\/"},"modified":"2024-02-28T10:56:55","modified_gmt":"2024-02-28T18:56:55","slug":"news-17711","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/02\/28\/news-17711\/","title":{"rendered":"Wyze cameras show the wrong feeds to customers. Again."},"content":{"rendered":"\n<p>Last September, we wrote an article about how <a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/wyze-home-cameras-temporarily-show-other-peoples-security-feeds\">Wyze home cameras temporarily showed other people\u2019s security feeds<\/a>.<\/p>\n<p>As far as home cameras go, we said this is absolutely up there at the top of the \u201cthings you don\u2019t want to happen\u201d list. Turning your customers into Peeping Tom against their will and exposing other customers\u2019 footage is definitely not OK.<\/p>\n<p>It&#8217;s not OK, but yet here we are again. On February 17, <a href=\"https:\/\/www.theverge.com\/2024\/2\/16\/24075369\/wyze-security-camera-stranger-feeds-glitch\">TheVerge reported<\/a> that history had repeated itself. Wyze co-founder David Crosby confirmed that users were able to briefly see into a stranger\u2019s property because they were shown an image from someone else\u2019s camera.<\/p>\n<p>Crosby told The Verge:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cWe have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab.\u201d<\/p>\n<\/blockquote>\n<p>So, it\u2019s not a full feed and just a thumbnail, you might think. Is that such a big deal? Well, it was a bit more than that. Users got notification alerts for events in their house. I don\u2019t know how you feel when you get one of those while you know there shouldn\u2019t be anyone there, but it\u2019s enough to make me nervous.<\/p>\n<p>Imagine your surprise when you then see someone else\u2019s house as the cause for that notification.<\/p>\n<p>Wyze blames the issue on overload and corruption of user data after an AWS outage. However, AWS did not report an outage during the time Wyze cameras were having these problems.<\/p>\n<p>And, while the company originally said it had identified 14 instances of the security issue, the number of complaints on <a href=\"https:\/\/www.reddit.com\/r\/wyzecam\/comments\/1aseyre\/seeing_inside_someone_elses_home\/\">Reddit<\/a> and the <a href=\"https:\/\/forums.wyze.com\/t\/im-able-to-see-a-random-camera-i-do-not-have-permission-for\/290413\">Wyze forums<\/a> indicated that there must have been a lot more.<\/p>\n<p>This turned out to be the case. In an email sent to customers, Wyze revealed that it was actually around 13,000 people who got an unauthorized peek at thumbnails from other people&#8217;s homes.<\/p>\n<p>Wyze chalks up the incident to a recently-integrated third-party caching client library which caused the issue when they brought back cameras online after an outage at AWS.<\/p>\n<blockquote class=\"wp-block-quote\">\n<p>\u201cThis client library received unprecedented load conditions caused by devices coming back online all at once. As a result of increased demand, it mixed up device ID and user ID mapping and connected some data to incorrect accounts.\u201d<\/p>\n<\/blockquote>\n<p>Wyze says it has added an extra layer of verification before users can view Event videos. <\/p>\n<p>So, all we can do is hope we don\u2019t have to write another story like this one in a few months.<\/p>\n<hr class=\"wp-block-separator has-text-color has-cyan-bluish-gray-color has-alpha-channel-opacity has-cyan-bluish-gray-background-color has-background is-style-wide\" \/>\n<p><strong>We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/02\/wyze-cameras-show-the-wrong-feeds-to-customers-again\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Wyze cameras allowed users access to other users&#8217; feeds once again. An estimated 13,000 people got a peek at thumbnails from another user\u2019s home. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[12010,11440,32,12351,26699,30915,30916],"class_list":["post-23981","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-aws","tag-cameras","tag-news","tag-notifications","tag-personal","tag-thumbnails","tag-wyze"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23981"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23981\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}