Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


  The Real Reason Wyze Labs Discontinued Its First-Generation Security Camera

   Josh Centers

   Some TidBITS readers were annoyed to learn that Wyze Labs
   unceremoniously stopped supporting its original $20 camera (see
   '[1]Wyze Labs Discontinues First-Generation Security Camera,' 1
   February 2022). Now we know what prompted Wyze's move: the company has
   admitted that there was a [2]severe security vulnerability that could
   let attackers read the contents of the camera's SD card. That's bad.
   Wyze patched its second- and third-generation cameras but was unable to
   patch the original cameras.

   Even worse, Bitdefender first [3]reported the vulnerability to Wyze
   Labs in March 2019, and Wyze Labs sat on the information for 3 years.
   The standard disclosure window is 90 days. The good news is that an
   attacker needed access to your local network to take advantage of the
   vulnerability, but Wyze's behavior is unacceptable. We won't be
   recommending any more of its products until it becomes clear from the
   company's actions over time that it's taking security seriously.

   [4]Read original article

References

   Visible links
   1. https://tidbits.com/2022/02/01/wyze-labs-discontinues-first-wyzecam/
   2. https://www.wyze.com/pages/response-to-3-29-22-security-report
   3. https://www.bitdefender.com/blog/hotforsecurity/wyze-cam-vulnerabilities-could-let-attackers-access-the-live-feed-research-finds/
   4. https://www.wyze.com/pages/response-to-3-29-22-security-report

   Hidden links:
   5. https://i0.wp.com/tidbits.com/wp/../uploads/2018/02/WyzeCam.jpg?ssl=1

.