|
Thread Tools |
#1
|
||||
|
||||
Wyze knew for years that hackers could remotely access its cameras, but did
Wyze knew for years that hackers could remotely access its cameras, but didn?t tell anyone Wyze has been selling inexpensive smart security cameras since the original Wyze Cam in 2017, and has also branched out into other product categories (like earbuds). However, the company has also had its fair share of problems, and another significant issue has come to light — hackers could gain access to the video feeds from Wyze Cams. Bitdefender publicly revealed a series of security vulnerabilities in Wyze’s security cameras on Tuesday, which affected the Wyze Cam Pan v2 (prior to 4.49.1.47), Wyze Cam v2 (prior to 4.9.8.1002), Wyze Cam v3 (prior to 4.36.8.32), and the original Wyze Cam on all firmware versions. The first vulnerability, known as CVE-2019-9564, allowed hackers to bypass the login for Wyze devices and gain access to camera controls. Bitdefender also discovered a stack buffer overflow vulnerability (CVE-2019-12266), which when used in combination with the first security flaw, can be used to gain remote access to a camera’s video feed. Taking advantage of this security flaw requires knowing the initial camera ID, which is a random string that can only be recorded by joining the same local network as the camera. That significantly limits the scope of the security flaw, since a hacker would first have to gain access to your home network before accessing the video feed from a Wyze camera. The main problem here isn’t actually the security vulnerability, it’s how Wyze handled the vulnerability. Bitdefender says it contacted Wyze twice, first on March 6, 2019, and again on March 15, 2019, and apparently received no response. Over the following months, Wyze updated some of its cameras with a partial fix for the login vulnerability, still without responding to Bitdefender. It wasn’t until November 2020 that Wyze finally communicated with Bitdefender, and the final fixes weren’t deployed until January 2022. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
If You Knew The Whole Story Your Opinion Would Change | wckediden | SPJ Community News | 0 | 11-25-2022 01:56 PM |
Zelenskyy to David Muir: ?Nobody knew scale of invasion? | wckediden | SPJ Community News | 0 | 09-09-2022 04:04 PM |
EU wants to enforce 5 years of security and 3 years of OS updates for all p | phillynewsnow | AVN News Feed | 0 | 09-05-2022 09:16 AM |
[NEWS] You might want to stop using your Wyze security camera right about now! | phillynewsnow | Random Community Topics | 0 | 03-31-2022 08:38 AM |
[NEWS] Wipro Uses Wireless to Monitor Patients Remotely | phillynewsnow | Random Community Topics | 0 | 11-17-2009 09:11 AM |
Layout Options | Width:
Fixed
Contact Us -
SPJ Bulletin -
Archive -
Privacy Statement -
Terms of Service -
Top
| |