Serving the tech enthusiast community for over 25 years.
TechSpot means tech analysis and advice you can trust. Read our ethics statement.
Facepalm: Wyze Labs is a startup founded by former Amazon employees, specializing in wireless cameras and other smart home products. However, one of the most concerning and underdeveloped aspects of Wyze’s business is the operational security of its consumer products.
Wyze customers recently began experiencing a peculiar issue with their smart cameras. According to several reports on Reddit, users were given an unexpected “sneak peek” into the homes of strangers in the form of thumbnail images. The company acknowledged the issue, stating that it was affecting only a very small fraction of its user base and was due to an outage experienced by its cloud provider.
Later, Wyze clarified that they had identified a security issue where some users were able to see thumbnails of cameras that “were not their own” in the Events tab of the company’s official app. The problem originated from a service outage in Amazon’s AWS servers, which, according to Wyze co-founder David Crosby, caused an overload and corruption of user data.
The cloud outage was apparently sufficient to display unrelated camera thumbnails to different people, though Wyze was quick to explain that live feeds or video recordings had not been compromised. After the AWS servers recovered, the cameras went back online, and the company’s metrics showed “continued improvement” for the service.
Crosby mentioned that Wyze received 14 reports about incorrect thumbnails in the Events tab while they were still in the process of identifying and notifying all affected users. Additionally, all Wyze users were informed about the security incident, and the Events tab was temporarily taken offline.
To add an extra layer of security, the company decided to verify each user before displaying the thumbnails. Furthermore, all users who had used the app during the AWS outage were force logged out. In the end, Wyze confirmed that approximately 13,000 users were shown incorrect thumbnails due to an overloaded third-party caching client library recently integrated into their system.
According to the company’s official website, Wyze’s mission is to make great technology “accessible to everyone.” However, unintentionally allowing users to view other people’s homes raises concerns both in terms of accessibility and security. Wyze has a history of security incidents and privacy issues, including knowledge of dangerous vulnerabilities in its cameras, which went unaddressed for years.
In December 2019, a server leak exposed personal details on about 2.4 million Wyze customers. The company also faced accusations of patent violations in 2019 (Sensormatic) and 2021 (Xiaomi).