WYZE Security Flaws and Company Response (April 2022)

There’s no direct integration between smartthings and WYZE products, but there is some indirect integration available through Alexa routines, and there have been some mentions in this forum in the past of their very inexpensive sensors for that reason.

In the last few weeks, there has been a lot of industry discussion because it turns out that WYZE was notified 3 years ago of a security flaw in several camera models. They did not respond to the company that discovered the flaw for several years. They did make some changes over that time that improve security in some models. They never told their customers what was going on.

They did finally get back to the company that had reported the flaws initially but it took a lot of time and additional attempts at contact.

By January 2022, they had patched all of the camera models except the V1 and they chose to discontinue that model and offer customers a three dollar discount on a newer model. They still didn’t tell customers why, and they didn’t follow their own previously announced policy of providing support for one year after an end of life announcement.

The flaws themselves may not have been that big a deal in most single-family homes as the intruder would’ve had to first get access to the local Wi-Fi network.

But the way in which the whole thing was handled has made a number of industry analysts uneasy, including consumer reports.

WYZE is very much a price-driven brand and it may be that they didn’t have the same kind of resources as some other IOT companies to deal with this kind of issue. But it still feels like something that consumers should be aware of when dealing with this company.

Here’s the consumer reports article:

Personally, I had already switched to a different inexpensive camera brand because of the lack of integrations available with WYZE. But I will no longer be suggesting their sensor system as a potential candidate for people looking for very cheap sensors. not because of the security flaw, but because of the way it was handled. JMO.

7 Likes

For the V2 and Pan cameras there is a way to free them from Wyze’s cloud solution and use it locally.

And of course, this story about Wyze is not the first, neither the last one.

Here is a good article from 2020 where the researcher tested a few cheap cameras for vulnerabilities:

1 Like

Wyze has been promising a smartthings integratetiin since 2019 and failed to deliver so I never bought any of their products… Glad I didn’t and now I never will.

1 Like

and What would be that brand?
Thanks

Aqara. I use the models that are on the US servers and also use them with HomeKit. They’ve worked well for me as a budget camera, but I’m not looking for a lot of fancy features. We have a completely separate security system, so this is just for home automation purposes.

1 Like