A mistake by a webcam manufacturer. You could look into other people's houses!
Users of a popular company's webcams fell victim to an attack, leading to a situation that should not have happened.
Late last week, owners of Wyze webcams first had problems logging in, and then some thumbnails of their videos became visible to others. And even though this leak concerned a small percentage of users, it does not change the fact that this type of situation simply should not happen.
Wyze camera manufacturer's mishap
Wyze webcams, due to a certain set of desirable features (they are nice, easy to use and comfortable to use), are also very popular in our country. Unfortunately, an incident occurred with them last Friday afternoon. There was a leak that could have harmed many users of these cameras.
“First, the manufacturer informed us that it was receiving numerous reports of problems with logging in and connecting to devices. After an hour, a message was issued that the source of the problems was the AWS partner. After hours 20 our time, the company announced that the problem had been removed and services were gradually restored, but it was immediately announced that the interruption in service delivery was accompanied by a security incident. – we read on the website niebezpiecznik.pl.
Someone could have looked into your house
The mentioned incident involved approximately 13,000 users (0.25% of all cameras) being able to see thumbnails in the application that showed recordings from other people's devices. Over 1.5 thousand people decided to take advantage of this opportunity and display these thumbnails on their screens.
It is true that in most cases this resulted in seeing only an enlarged image, but – as reported by Niebezpiecznik – there may have been cases of replaying videos recorded in other people's houses or on other people's properties.
Wyze admitted it themselves
The manufacturer of the Wyze cameras was personally informed about the security incident. Nevertheless, gentle words of praise are deserved for not deciding to sweep this matter under the carpet. A total of four emails were sent to users.
“The first mailing was to everyone. The second one went to those whose thumbnails were displayed but not enlarged. The third mailing went to people whose thumbnails (and perhaps video files) were enlarged or displayed. Fourth to those who had access to other people's thumbnails but their own thumbnails were not shared.” – reports niebezpiecznik.pl.
The leak was reportedly caused by problems with the cache client library, which was integrated into the Wyze system shortly before the incident. The system was not prepared for the increased load after the failure. When the mass restoration occurred, some device and user IDs were mixed up.
Wyze assured its customers that the issues should not recur as an additional layer of verification has been added to the system before recordings can be accessed. It was also announced that the new libraries would be subjected to additional tests under greater load.