Wireless webcams: Wyze users were able to see other people's feeds
Wireless cameras from the US provider, Wyze, gave users access to feeds from other people. According to information provided by the company, approximately 13,000 customers were affected by the problem. There have already been similar security incidents with the company’s other products in the past
Wyze confirmed the incident on Monday. According to Wyze, approximately 13,000 users had preview images displayed from other users’ cameras. About 1,500 users also clicked on these previews and viewed the feeds from other customers – in some cases, videos were also displayed.
According to their own statements, the US company informed affected users about the incident. Wyze explains that the issue occurred due to a software component from a third-party provider that was recent integrated into the system. As a result, they said some devices were mistakenly allocated to incorrect user accounts.
Informing those affected
At the end of last week, those affected reported the issue on the Reddit platform and in Wyze user forums. It was described, for example, that users were informed of movement on their property – but then opened a feed displaying someone else’s house. Others fear that they were monitored themselves.
Wyze also explicitly advertises their cameras for the surveillance of indoor spaces. The company currently only distributes their products in the USA.
Wyze first told US media outlets that about a dozen users were affected.
Another incident just a few months ago
This is not the first incident: Already in September 2023, some users were able to access strangers’ cameras. According to the company, approximately 2,300 users could access other people’s cameras.
Furthermore, a security vulnerability in an earlier version of Wyze could be exploited by attackers so that they could view other users’ feeds. Wyze is said to have known about the issue for three years before reacting.
Problems with other companies
These incidents make it clear once again that risks are associated with using surveillance cameras that can be accessed by users online. For example, the German specialist magazine, c’t, reported a problem with a camera from Netatmo (article in German) in December 2023. In this case, a user could look inside the house of another family.
Additionally, at the end of 2022 it was revealed that surveillance cameras and so-called smart doorbells made by the company, Eufy, stored recordings on cloud servers without user consent. According to reports, videos could also be opened remotely without authentication – one would only need to know the website address of the video.
Attackers were also able to use Google’s Nest Cams in the past to access surveillance cameras. In some cases, attackers even spoke to owners using the camera speakers. There were also similar incidents reported in 2019 with Amazon’s Ring Cams. The provider attributed this to inadequately secured user accounts and implemented two-factor authentication. Many users use the same login credentials for various services even though experts have been warning of the dangers for years.
German consumer advocates also warn of smart toys (German article) as attackers can eavesdrop on children. (js)