Wyze is a well-known technology company based in Seattle, known for producing smart, affordable and easy-to-use home devices. The company focuses on providing solutions for smart home accessible to a wide audience, offering high quality products at competitive prices. Wyze brand devices include video intercoms, security cameras, smart locks, smart sockets, sensors, remotely manageable lighting devices and much more.
The event is now known. In mid-February 2024, Wyze confirmed a glitch that inadvertently led to the sharing of miniature depicting i video streams coming from cameras of other users, who are also customers of the US company. In particular, 13,000 users they saw it appear in theirs dashboard images evidently coming from video cameras that were not installed on their premises and properties.
Wyze cloud camera incident: Some users saw images from other accounts
Fortunately (as had happened in the past), this time a click on the various thumbnails did not allow access to the feed video coming from other people’s Wyze cameras. In short, there were “freeze images” and nothing more. The problem, however, is not insignificant and – as confirmed on the official support forum – has not even been underestimated by Wyze.
The fact that there is one admixture between data from different users It can’t help but ring an alarm bell. It is something that cannot and must not happen, especially in a sector – such as that of video surveillance – in which attention to aspects related to privacy and the protection of individuals are essential.
Wyze explained that the problem started from a service failure Amazon AWS: For several hours, logging in and accessing the cameras was impossible. These are devices that for their correct operation they absolutely need to dialogue with the cloud: they are not manageable locally.
When the AWS service is available again, a third-party library takes care of managing content caching activities, recently integrated into the Wyze system, found itself managing an unprecedented workload. This was due to customer cameras all coming back online at the same time.
By virtue of this anomaly and the exceptional workload derivatone, the library began to mix the correspondences between Device IDs e User IDs, leading to the issue affecting approximately 13,000 accounts. In some rare situations, Wyze still admits, by clicking on the thumbnails it was possible to access a recorded event from another user’s camera.
What is the moral of the incident and what lesson can be learned from it?
Specifying that the considerations do not apply only to the individual manufacturer but to any other supplier of video surveillance solutions, one should always ask oneself – before choosing one option or another – whether there is the actual possibility of using the products also in offline modecompletely freeing itself from cloud architecture.
Are you sure you want to entrust control of the properties and environments that interest you most to devices that can function if and only if there is an active and available Internet connection? Are we sure we want to store real-time recordings and events only and exclusively on the cloud?
In fact, in the event of temporary unavailability of the connection, some events may not be saved or in any case the possibility of accessing remote cameras would be lost, as also happened to Wyze.
An advice? Before choosing one telecamera IP, take a look at the list of those officially supported by an open source platform like Home Assistant, by default or at least in the form of external plugins. Setting up a smart home offline allows you to break free from closed ecosystems promoted by some producers and allows you to create scenarios, even very complex ones, that would not otherwise be possible.
Who chooses Home Assistant understands that, with truly disarming ease, specific actions can be set following particular events, including those relating to video surveillance. Well, if that series of very convenient cameras wasn’t supported in Home Assistant, well, we’d have to ask ourselves a few questions.
Opening image credit: Wyze.