Wyze’s initial and just lately discontinued Cam v1 suffers from a flaw that will allow attackers to view the contents of the camera’s SD card, in accordance to protection scientists.
Cybersecurity firm Bitdefender (by way of BleepingComputer) has printed a white paper detailing the safety hole, which lets hackers entry the unique Wyze Cam’s SD card by exploiting a webserver vulnerability.
The bug was very first documented back in March 2019, Bleeping Laptop stories, and Wyze finally patched the security hole for the Wyze Cam v2 and v3 just two months back. But the flaw remains unpatched in the original Wyze Cam, which Wyze “retired” on February 1.
Notably, Wyze claimed that it was discontinuing the Wyze Cam v1 due to the fact it “can no extended assist a vital safety update.”
Wyze extra that although people of the initially Wyze Cam, which will acquire no potential stability patches, would still be equipped to use the digicam, carrying out so “carries enhanced hazard, is discouraged by Wyze and is fully at your personal chance.”
It is not crystal clear if the “necessary security update” that Wyze was referring to was the patch that Wyze unveiled for the SD card flaw in January. We have achieved out to Wyze for comment.
As BleepingComputer notes, the SD card on a Wyze Cam shops a wide variety of info beyond recorded online video footage, like the device’s log data files and UUID (universally distinctive identifier range).
In a blanket suggestion, Bitdefender suggests that wise home customers ought to “keep a shut eye on IoT devices” as effectively as “isolate them as substantially as achievable from the local or visitor community.”
But specified what appears to be a quite severe security vulnerability that will most likely by no means be patched, end users of the Wyze Cam v1 should really almost certainly go forward and toss their obsolete cameras in the e-cycle bin.