Wyze needs to come clean about the Wyze Cam’s security flaws

When Wyze announced in late January that it would discontinue the original Wyze Cam only days afterwards, it couched the go as a celebration, likely so significantly as to say that the camera “will often maintain a special location in our hearts.”
But even as Wyze promised that “you can even now use your Wyze Cam v1” following its impending February 1 finish-of-everyday living date, the corporation included ominously–and only in a footnote–that “your continued use of the Wyze Cam v1 after February 1, 2022 carries enhanced threat, is discouraged by Wyze and is fully at your personal danger.”
At the time, a thing sounded a small, well, off about Wyze’s sudden announcement. Now, it appears we know why.
Earlier this week, cybersecurity agency Bitdefender disclosed (as initial reported by BleepingComputer) that it experienced previously–as in 3 several years ago–discovered a trio of critical Wyze Cam vulnerabilities, a single of which would have authorized attackers to obtain the information on the camera’s SD card, like recorded online video footage.
Bitdefender states it to begin with warned Wyze about the flaws in March 2019. The first two bugs ended up patched in September 2019 and November 2020, but the SD card flaw remained unpatched till January 29, 2022, and only the Wyze Cam v2 and v3 acquired the correct, leaving the original Wyze Cam vulnerable to the safety hole.
When announcing that it was “retiring” the Wyze Cam v1, Wyze explained it was due to the fact the camera “can no for a longer period support a important security update.” Looking back again, it sure seems like the update Wyze was referring to was the SD card vulnerability patch that the Wyze Cam v2 and v3 gained.
I have nonetheless to listen to back again from Wyze about the Bitdefender report, but in a statement to BleepingComputer, a Wyze rep reported:
At Wyze, we put enormous value in our users’ trust in us, and consider all safety worries significantly.
We are continually analyzing the stability of our devices and just take correct actions to guard our customers’ privacy. We appreciated the dependable disclosure offered by Bitdefender on these vulnerabilities. We worked with Bitdefender and patched the safety concerns in our supported goods. These updates are now deployed in our newest app and firmware updates.
That is all perfectly and good, but it does not answer the query of why Wyze didn’t merely demonstrate the SD card vulnerability in the initial, unpatched Wyze Cam and explicitly alert people of the threats.
A smart woman in the know-how sector as soon as instructed me, “We do not sell toothpaste we market trust.” Effectively, Wyze is now experiencing a major reliability hole, and it needs to appear clean. An apology is likely in order, as well.