Wyze cameras were once again letting users see other people's homes after cloud outage

Facepalm: Wyze Labs is a startup founded by former Amazon employees, specializing in wireless cameras and other smart home products. However, one of the most concerning and underdeveloped aspects of Wyze's business is the operational security of its consumer products.

Wyze customers recently began experiencing a peculiar issue with their smart cameras. According to several reports on Reddit, users were given an unexpected "sneak peek" into the homes of strangers in the form of thumbnail images. The company acknowledged the issue, stating that it was affecting only a very small fraction of its user base and was due to an outage experienced by its cloud provider.

Later, Wyze clarified that they had identified a security issue where some users were able to see thumbnails of cameras that "were not their own" in the Events tab of the company's official app. The problem was initially identified as a service outage in Amazon's AWS servers, which, according to Wyze co-founder David Crosby, caused an overload and corruption of user data.

The outage was apparently sufficient to display unrelated camera thumbnails to different people, though Wyze was quick to explain that live feeds or video recordings had not been compromised. After the issue was resolved, the cameras went back online, and the company's metrics showed "continued improvement" for the service.

Crosby mentioned that Wyze received 14 reports about incorrect thumbnails in the Events tab while they were still in the process of identifying and notifying all affected users. Additionally, all Wyze users were informed about the security incident, and the Events tab was temporarily taken offline.

To add an extra layer of security, the company decided to verify each user before displaying the thumbnails. Furthermore, all users who had used the app during the outage were force logged out. In a further update, Wyze confirmed that approximately 13,000 users were shown incorrect thumbnails due to an overloaded third-party caching client library recently integrated into their system. The outage originated from the new library and not from Amazon's own cloud service, an AWS representative confirmed.

According to the company's official website, Wyze's mission is to make great technology "accessible to everyone." However, unintentionally allowing users to view other people's homes raises concerns both in terms of accessibility and security. Wyze has a history of security incidents and privacy issues, including knowledge of dangerous vulnerabilities in its cameras, which went unaddressed for years.

In December 2019, a server leak exposed personal details on about 2.4 million Wyze customers. The company also faced accusations of patent violations in 2019 (Sensormatic) and 2021 (Xiaomi).