Wyze: 13,000 people had access to images from other cameras


Image: Wyze.

If you have a Wyze camera in your home, a stranger may have gained access to your home due to a security breach.

System overload

The problem began with an outage on Friday, February 16, as David Crosby, co-founder of the company, recounts in a message to his customers. Wyze camera owners who tried to view footage from their cameras during this time may have noticed that they were unavailable. But as the cameras were brought back online, images and videos from other cameras emerged.

The company says this issue is believed to be due to system overload: while all devices were brought back online at the same time, the spike in usage caused device IDs to mismap, connecting some accounts to the wrong cameras .

According to Wyze, the blame lies with “a third-party caching client library that was recently integrated into our system.”

“We have identified your Wyze device as one of those that was affected”

Initially, Wyze estimated that only 14 people were able to access other people’s images. But today, that estimate has risen to 13,000 people.

However, only 1,500 people among this panel enlarged a thumbnail or watched a video. Which means that 99% of users have not been affected at all by this security problem, reassures the company, before adding that the people concerned have already been contacted.

“We have identified your Wyze device as one of those that was affected. » For those who received this message, even if there are not so many of them, the consequences are important. Indeed, these words mean that at least one of their thumbnails has been viewed by another Wyze account. And if it’s a video, that the video has been viewed. The company nevertheless clarified that the only files to which other people were able to have access are “events”: no one was able to view images from a live camera.

Better secure connection to events

When Wyze discovered the issue, the events tab was immediately disabled.

The company assures that it has taken measures to ensure that the situation does not happen again. Among these measures, it added a new level of account verification before connecting to event videos.

The Wyze system has also been modified to avoid caching on devices until the new client libraries undergo thorough stress testing.

Source: ZDNet.com



Source link -97