Wyze’s initial and recently discontinued Cam v1 suffers from a flaw that permits attackers to check out the contents of the camera’s SD card, according to safety scientists.
Cybersecurity company Bitdefender (through BleepingComputer) has revealed a white paper detailing the protection hole, which allows hackers entry the first Wyze Cam’s SD card by exploiting a webserver vulnerability.
The bug was to start with reported again in March 2019, Bleeping Laptop reviews, and Wyze eventually patched the protection hole for the Wyze Cam v2 and v3 just two months in the past. But the flaw continues to be unpatched in the initial Wyze Cam, which Wyze “retired” on February 1.
Notably, Wyze said that it was discontinuing the Wyze Cam v1 since it “can no extended assist a necessary safety update.”
Wyze additional that even though end users of the initially Wyze Cam, which will acquire no upcoming security patches, would nevertheless be in a position to use the camera, accomplishing so “carries enhanced danger, is discouraged by Wyze and is completely at your individual risk.”
It’s not very clear if the “necessary protection update” that Wyze was referring to was the patch that Wyze launched for the SD card flaw in January. We’ve reached out to Wyze for comment.
As BleepingComputer notes, the SD card on a Wyze Cam retailers a wide variety of information and facts over and above recorded online video footage, including the device’s log data files and UUID (universally exclusive identifier variety).
In a blanket suggestion, Bitdefender claims that smart house users need to “keep a shut eye on IoT devices” as well as “isolate them as a lot as doable from the neighborhood or visitor community.”
But offered what appears to be a really major stability vulnerability that will probably never be patched, consumers of the Wyze Cam v1 should really most likely go ahead and toss their obsolete cameras in the e-cycle bin.