Wyze Labs has shared new details about the surveillance camera incident.

Wyze Labs has unveiled fresh insights into the security camera incident from the previous week, revealing that over 13,000 individuals inadvertently accessed broadcasts and devices of other users.

Earlier, Wyze Labs camera users faced significant challenges. A prolonged outage starting on February 16, 2024, led to cameras vanishing from the Wyze app and displaying errors upon connection attempts. Concurrently, numerous users reported gaining access to devices not belonging to them.

Wyze Labs initially attributed the issue to “communication problems with AWS” and maintained that users were only viewing previews of others’ broadcasts. They highlighted that only 14 such incidents were reported. Meanwhile, the Events tab in the Wyze app was temporarily deactivated as the company probed a “potential security concern.”

Recent revelations indicate the situation was far graver. Wyze Labs now points to a third-party caching client library, recently integrated into their systems, as the culprit.

“Our partner AWS faced an outage, disrupting Wyze devices for several hours on Friday morning. If you attempted to access cameras or live events during this period, you likely faced difficulties. We deeply regret the inconvenience and misunderstandings this caused,” the company communicated to affected users. “During restoration efforts, we encountered a security issue. Some users reported seeing previews and videos of others’ events in the Events tab. We immediately restricted access to the Events tab and initiated an investigation.”

Wyze explains that an unexpected surge in load caused the client library to crash, leading to a mix-up of device IDs and user IDs. This mix-up erroneously linked certain data with the wrong accounts, allowing people to view previews of others’ broadcasts and, in some instances, the videos themselves (after clicking on the preview in the “Events” tab).

“We can confirm that around 13,000 Wyze users accessed previews of other people’s cameras, and 1,504 users clicked on them, when the cameras were restored,” the company stated. “Your account was impacted. This means your event previews were visible in another Wyze user’s account and the thumbnail was clicked on. In most cases, clicking only enlarged the thumbnail, but in some cases, it could lead to viewing a video recording of the event.”

The company has introduced an additional verification layer for users accessing video content through the Events tab to prevent similar issues in the future. Wyze Labs also reconfigured its systems to avoid caching during user-device checks until transitioning to a new client library capable of handling “extreme situations.”

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment