X

Wyze Security Camera Flaw Leaves Consumer Videos Exposed, Report Alleges

Video files could be accessed on Wyze customers' SD cards without authentication, according to security research firm Bitdefender.

David Priest Former editor
David Priest is an award-winning writer and editor who formerly covered home security for CNET.
David Priest
wyze-cam-v1

Wyze is no longer supporting its Cam v1.

Wyze

Home security product maker Wyze left a security flaw in its popular Wyze Cam v1 unfixed for three years before "retiring" the device, according to a new report from security research firm Bitdefender. The flaw allows access to video files stored on SD cards in the Wyze Cam v1 without authentication, meaning that criminals could potentially access private footage on over a million cameras.

The report comes after Wyze discontinued support for its Wyze Cam v1 earlier this year, informing customers: "After almost 5 amazing years, we'll be retiring Wyze Cam v1 on February 1, 2022 as it can no longer support a necessary security update. You can still use your Wyze Cam v1 after this date, but as our End-of-Life policy states, Wyze will no longer sell, improve, or maintain Wyze Cam v1."

According to Tuesday's report, Bitdefender contacted Wyze about the vulnerability in March 2019. Wyze patched the vulnerability in other devices, including the Wyze Cam Pan and the Wyze Cam v2, in the following months but did not acknowledge receipt of Bitdefender's message until 20 months later, in November 2020, according to Bitdefender.

Wyze did not immediately respond to a request for comment.