DIY surveillance cameras (and other smart home devices) get hacked all the time. Today, Ring/Amazon is being sued for weak cybersecurity provisions, and just a few days ago Wyze notified customers that its cameras have been breached (notice below).
All bad news, of course, but par for the course.
A more interesting angle comes from a reader affected by the Wyze mess. He asks: “Are pro-oriented security cameras safer?“
I don’t quite know how to answer that question. Do you? Personally, I use DIY cameras from Ring and Wyze, and have Google/Nest cameras as well (currently mothballed because of high fees).
Perhaps the answer to the question is simply this: Consumer-centric cameras will have cybersecurity vulnerabilities, and that’s that. Pro surveillance systems can be hacked as well, just like some of the most fortified enterprise-grade networks and IT systems. In all cases, a knowledgeable pro can help protect users from cyber threats. In most cases, a pro can protect users from the most basic of threats, which tend to cause the most widespread disruptions.
Does it sound silly to pay a home-technology pro to install/configure a few IP cameras that might cost less (sometimes much less) than $100 each? Um, yeah.
Notice from Wyze on Security Breach
There is nothing we value higher than trust from our users. In fact, our entire business model is dependent on building long-term trust with customers that keep coming back.
We are reaching out to you because we’ve made a mistake in violation of that trust. On December 26th, we discovered information in some of our non-production databases was mistakenly made public between December 4th – December 26th. During this time, the databases were accessed by an unauthorized party.
The information did not contain passwords, personal financial data, or video content.
The information did contain Wyze nicknames, user emails, profile photos, WiFi router names, a limited number of Alexa integration tokens, and other information detailed in the link below.
If you were a user with us before we secured this information on December 26th, we regretfully write this email as a notification that some of your information was included in these databases. If you are receiving this email and joined us after December 26th, we write this email because you use our products and deserve to know how your data is being handled.
Upon finding out about the public user data, we took immediate action to secure it by closing any databases in question, forcing all users to log in again to create new access tokens, and requiring users to reconnect Alexa, Google Assistant, and IFTTT integrations. You can read in more detail about the data leak and the actions we took at this link:
As an additional security measure, we recommend that you reset your Wyze account password. Again, no passwords were compromised, but we recommend this as a standard safety measure. You may also add an additional level of security to your account by implementing two-factor authentication inside of the Wyze app. Finally, please be watchful for any phishing attempts. Especially watch any communications coming from Wyze and ensure they come from official @wyze.com and @wyzecam.com email addresses.
We are deeply sorry for this oversight. We promise to learn from this mistake and will make improvements going forward. This will include enhancing our security processes, improving communication of security guidelines to all Wyze employees, and making more of our user-requested security features our top priority in the coming months. We are also partnering with a third-party cyber security firm to audit and improve our security protocols.
As we continue our investigation into what happened, we will post future updates to the forum link above. More details will follow and we appreciate your patience during this process. Please reach out with any questions or concerns to our customer support team by going to support.wyze.com.