Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning.
In an incident report posted at 6:31 AM PT, the company blamed today's camera and login issues on an AWS connectivity problem.
"We are aware of an issue with our AWS partner which has impacted device connection and caused login difficulties. We are taking steps to mitigate the problem on our end as we work with AWS to resolve the issue," the company said.
Hours later, Wyze said it's still monitoring device connection recovery after working all day to get all cameras back online and advised customers still experiencing issues to reboot or power-cycle impacted devices.
However, it also added that the "Events" tab in the Wyze app will be temporarily disabled while investigating what it describes as a "possible security issue."
"As you know we had an outage this morning driven by an issue with our partner AWS," said Wyze CMO and cofounder Dave Crosby in a post on the company's official forum.
"Cameras are starting to come back online for live viewing, but we are now restricting access to the Events tab while we investigate a possible security issue. We're so sorry and will get your cameras fully recovered as soon as possible! We will also share results of our investigation."
While Wyze has not explained what prompted this investigation, some customers have been reporting seeing other users' video feeds under the Events tab in the app.
"My sister texted me in a panic because her app is showing someone else's feed," one customer said, while others advised them to turn off the cameras until these ongoing issues are fixed.
A Wyze spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Update February 17, 10:47 EST: The users who reported seeing other peoples' video feeds were actually seeing only the feeds thumbnails, according to Wyze. The company is now working on identifying all affected customers and has logged out all users who used the app on Friday.
"We have now identified a security issue where some users were able to see thumbnails of cameras that were not their own in the Events tab. Fortunately, they were not able to view live streams or watch these videos, only the thumbnails were visible," Wyze said.
"So far we’ve collected 14 reports of this happening, but we are currently identifying all affected users. These affected users will be notified asap. We will also send notification to all Wyze users explaining what happened.
"As soon as we saw these reports we took down the Events tab. We then added in an extra layer of verification for each user before they could see thumbnails. To be extra safe, we are now force logging out all users who have used the Wyze app today to reset tokens."
Comments
lanickel - 4 months ago
This is why you install a local system that does not need any outside services. A Blue Iris PC or UniFi Video system, where the footage is 100% local, is easy to install and way better than a service like Wyze. Also, NO monthly fees is a huge bonus.