CyberSecurityBoard
Sponsor Register Login

Wyze camera glitch gave 13,000 users a peek into other homes

Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes.
The company blames a third-party caching client library recently added to its systems, which had problems dealing with a large number of cameras that came online all at once after a widespread Friday outage.
Multiple customers have been reporting seeing other users' video feeds under the Events tab in the app since Friday, with some even advising other customers to turn off the cameras until these ongoing issues are fixed.
Wyze says this happened because of the sudden increased demand and led to the mixing of device IDs and user ID mappings, causing the erroneous connection of certain data with incorrect user accounts.
As a result, customers could see other people's video feed thumbnails and, in some cases, even video footage after tapping the camera thumbnails in the Wyze app's Events tab.
Wyze has yet to share the exact number of users who had their video surveillance feeds exposed in the incident.
The company has now added an extra layer of verification for users who want to access video content via the Events tab to ensure that this issue will not happen in the future.
Wyze investigating 'security issue' amid ongoing outage.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 19 Feb 2024 17:21:08 +0000


Cyber News related to Wyze camera glitch gave 13,000 users a peek into other homes

RCE exploit for Wyze Cam v3 publicly released, patch now - A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for ...
11 months ago Bleepingcomputer.com
Wyze camera glitch gave 13,000 users a peek into other homes - Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. The company blames a third-party caching client library recently added to its ...
8 months ago Bleepingcomputer.com
Wyze Cameras Allow Accidental User Spying - This isn't the first time that Wyze, a Seattle-based company offering smart home products such as cameras and doorbells, has experienced a cybersecurity issue like this. In September 2023, Wyze camera users reported that they were seeing camera feeds ...
8 months ago Darkreading.com
Wyze investigating 'security issue' amid ongoing outage - Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. In an incident report posted at 6:31 AM PT, the company blamed today's camera and login issues on an AWS ...
8 months ago Bleepingcomputer.com
CVE-2019-12266 - Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. ...
2 years ago
CVE-2019-9564 - A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze ...
1 year ago
License Plate Readers Are Creating a US-Wide Database of Political Lawn Signs and Bumper Stickers | WIRED - These images were generated by AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and ...
1 month ago Wired.com
How to Scan a QR Code On iPhone - The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR ...
10 months ago Hackercombat.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
Home AI Revolution: From Assistants to Smart Appliances - In a world where technology is advancing faster than ever, home AI has become an integral part of everyday life. Anachronistically speaking, a time-traveler from even just a few decades ago would be amazed at how far we've come in terms of home ...
10 months ago Securityzap.com
CVE-2017-8228 - Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user's account to ensure that the ...
5 years ago
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
11 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
11 months ago Bleepingcomputer.com
Get a waterproof Blink Mini 2 security camera for only $20 before October Prime Day | ZDNET - Cohn explained that Blink made significant improvements to the Mini 2's video quality, increasing the field-of-view from 110 to 143 degrees for more coverage, increasing the sensor's lowlight capability, and improving the dynamic range. ...
1 month ago Zdnet.com
CVE-2019-11014 - The VStarCam vstc.vscam.client library and vstc.vscam shared object, as used in the Eye4 application (for Android, iOS, and Windows), do not prevent spoofing of the camera server. An attacker can create a fake camera server that listens for the ...
5 years ago
How to protect IP surveillance cameras from Wi-Fi jamming - Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming. Blocking the signal blinds the device and stalls home and business ...
6 months ago Helpnetsecurity.com
CVE-2024-45599 - Cursor is an artificial intelligence code editor. Prior to version 0.41.0, if a user on macOS has granted Cursor access to the camera or microphone, any program that is run on the machine is able to access the camera or the microphone without ...
1 month ago Tenable.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
9 months ago Cybersecuritynews.com
SIM swapper gets 8 years in prison for account hacks, crypto theft - Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency ...
11 months ago Bleepingcomputer.com
Rob Lee Evidence : Sneak Peek hit by Ransomedvc Ransomware Gang - Actor: ransomedvc ...
1 year ago Twitter.com
CVE-2021-20589 - Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.38.000, GT25 model communication driver versions 01.19.000 through 01.38.000, GT23 model communication driver ...
11 months ago
Surge of swatting attacks targets corporate executives and board members - At around 8:45 pm on February 1, 2023, a caller to the Groveland, Massachusetts, 911 emergency line told dispatchers that he harmed someone in a home on Marjorie Street in the upscale small town 34 miles north of Boston. The caller also said he would ...
1 year ago Csoonline.com
23andMe Failed to Detect Account Intrusions for Months - The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets. Information about United States intelligence agencies purchasing Americans' phone location data and internet metadata ...
9 months ago Wired.com
CVE-2020-5675 - Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)