Wyze’s unique and not long ago discontinued Cam v1 suffers from a flaw that makes it possible for attackers to see the contents of the camera’s SD card, according to security researchers.
Cybersecurity business Bitdefender (by way of BleepingComputer) has posted a white paper detailing the security hole, which lets hackers access the initial Wyze Cam’s SD card by exploiting a webserver vulnerability.
The bug was initial claimed back again in March 2019, Bleeping Computer studies, and Wyze eventually patched the safety hole for the Wyze Cam v2 and v3 just two months back. But the flaw stays unpatched in the original Wyze Cam, which Wyze “retired” on February 1.
Notably, Wyze claimed that it was discontinuing the Wyze Cam v1 for the reason that it “can no longer assist a essential safety update.”
Wyze extra that whilst customers of the initial Wyze Cam, which will obtain no long term safety patches, would nonetheless be able to use the digital camera, undertaking so “carries elevated threat, is discouraged by Wyze and is fully at your possess risk.”
It’s not crystal clear if the “necessary security update” that Wyze was referring to was the patch that Wyze produced for the SD card flaw in January. We’ve attained out to Wyze for comment.
As BleepingComputer notes, the SD card on a Wyze Cam shops a selection of information outside of recorded movie footage, which include the device’s log documents and UUID (universally distinctive identifier amount).
In a blanket suggestion, Bitdefender says that good dwelling end users must “keep a close eye on IoT devices” as very well as “isolate them as a lot as achievable from the area or guest community.”
But supplied what seems to be a very really serious safety vulnerability that will probable under no circumstances be patched, end users of the Wyze Cam v1 should really almost certainly go in advance and toss their obsolete cameras in the e-cycle bin.