Home camera security flaw may have allowed hackers to watch for years
HOUSTON - More than a third of American homes have some kind of security system installed, and many of them include cameras to keep an eye on things. Recent revelations, however, suggest the maker of one affordable device may have allowed hackers to keep an eye on you.
It certainly wasn't the plan when the Wyze camera was introduced to the market. When alerted to a serious security flaw, however, the company appears to have kept quiet about it for years.
"In theory, you're the only one who can see it," says Houston tech expert Juan Guevara Torres. "But in the case of these cameras, that was not the case."
At issue is the Wyze-Cam v1 security camera. Introduced in 2017, it was affordable and well reviewed. The company boasted selling a million of them in the first year.
Three years ago though, cyber-security firm Bitdefender warned Wyze of a flaw that would allow hackers, who had access to home Wi-Fi systems, to access any video files that were stored on the camera's memory card, or even watch users in real time.
"If there is a security flaw, if there is a data leak, you let the consumer know immediately," says Guevara Torres. "That's something they didn't do, and they decided not to patch this camera and to leave it like that."
Despite the warning, Wyze made no public comment while quietly patching later versions of the cameras and leaving its original devices untouched. In January, the company emailed customers, saying, "Your continued use of the Wyze Cam v1 after February 1, 2022, carries increased risk, is discouraged by Wyze, and is entirely at your own risk."
The word from tech experts is that the risk is not worth the chance.
"They're as good as garbage; they need to get rid of them," says Guevara Torres. "When you have a back door on your home network, it weakens everything that is connected to it."
In a recent, more detailed response, Wyze suggests it kept quiet about the problem, because it didn't want to worry users, and that the original-version device was incapable of being fixed.
The company has offered a $3.00 credit to buy a newer version, but Consumer Reports calls that gesture too little, too late. Experts suggest, when investing in connected devices, choose one that's designed for automatic, regular updates, to avoid similar problems.