Wyze Took 3 Years to Fix Security Camera Vulnerabilities – Consumer Reports

It’s important to note that at the time Wyze fixed the first vulnerability in September 2019, Wyze had stopped selling the Wyze Cam V1 and only offered the Wyze Cam Pan V1 and Wyze Cam V2. At the time it fixed the second vulnerability in November 2020, the company also sold the Wyze Cam V3. The company released the Wyze Cam Pan V2 in September 2021.

“Wyze claims to ‘put immense value in our users’ trust in us,’ but the end of this three-year debacle suggests otherwise,” says Jonathan Schwantes, senior policy counsel at Consumer Reports. “This is a classic case of too little, too late. The good news is that the newer versions of their security cameras have fixed the vulnerability. If Wyze truly takes security concerns seriously, it would provide those improved versions to consumers who own the V1 cam free of charge.”

When Wyze announced it that would end support for the Wyze Cam V1 in January 2022 (it stopped selling the camera in March 2018), it offered affected customers a $3 discount on a new Wyze Cam and gave them about one week’s notice that support would end. This goes against Wyze’s End-of-Life Policy, which states it will provide “bug fixes, maintenance releases, workarounds or patches for critical bugs” for one year after it announces the product’s end-of-life date.

We reached out to Bitdefender and Wyze to ask about the vulnerabilities and the long timeline for disclosing and fixing them.

“From our vantage point our visibility was limited to what Wyze could do about it at the time, having had no contact,” says Dan Berte, director of IoT security at Bitdefender. “We decided not to publish before we could reach them and make sure there’s a fix. When the vendor eventually replied, we allowed more time for patching based on a convincing case [that] Wyze could address them.”

Wyze did not answer our questions and instead pointed to its public statement, which says: “You might be wondering, ‘Why am I just hearing about this now?’ Bitdefender and Wyze both take the safety of affected users seriously. Knowing that we were actively working on risk mitigation and corrective updates, we came to the conclusion together that it was safest to be prudent about the details until the vulnerabilities were fixed.”

The statement also offers a reason for why it didn’t disclose the issues that prompted it to end support for Wyze Cam V1: “​​For security reasons, we again chose to remain prudent about the specific reason why until now to limit the risk to all of our affected users across affected models. We strongly suggest that our customers no longer use EOL products as security and other critical updates are no longer provided, and we continue to urge Wyze Cam V1 owners to discontinue the use of these products.”

This is not the first time Wyze has dealt with security issues. The company suffered a data breach in December 2019 that exposed the data of 2.4 million Wyze customers.

For more information on safeguarding your home security cameras, see our guide to preventing security cameras from getting hacked.

Leave a Comment

Your email address will not be published.

Scroll to Top