Wyze security cameras are (finally) getting a lot more secure - here's how

2 weeks ago 2

(Image credit: Future)

Wyze's devices have long been on our lists of the best home security cameras and best video doorbells, as they deliver a pretty good experience for a very low price. However, one area where they've generally been lacking in comparison to the competitors has been, ironically, security.

As recently as last year, the company suffered a security breach that allowed 13,000 users to see footage from other people's cameras. Three years ago, Bitdefender discovered another breach that proved unfixable for first-generation Wyze Cams.

Those screwups could hopefully be a thing of the past, as the company today announced a significant overhaul of its security procedures and protocols aimed at preventing these issues from arising ever again. Here's a rundown of what the company is doing.

Mandatory 2FA: By default, all Wyze accounts will now be required to use two-factor authentication to prevent hackers from accessing a user's account without their knowledge.

VerifiedView: Now, when you set up a Wyze camera, VerifiedView will embed your user ID (scrambled, of course) onto the camera itself. From then on, any video, photo, or livestream from that camera will contain your scrambled userID in the metadata. Before you (or anyone) can then access those recordings, VerifiedView will cross-check the userID on the video with that of your account. This should prevent others from seeing your videos, even if there's a failure like the one that occurred last year.

Stronger logins: Wyze implemented OAuth, so you can now use trusted identity providers like Google, Apple, Facebook, or Amazon to log into your account. It also has enabled reCaptcha on Login Endpoints, Mobile Trust Device Security, Device Fingerprint Blocking, and Login Abuse Detection (User/Device/Location/IP).

Behind the scenes, Wyze said it's also instituting a bug bounty program, investing more with AWS security tools (including Lacework, AWS Security Hub, AWS Inspector, AWS GuardDuty, and Amazon Q CLI), and working with NCC Group, Bitdefender, Google MASA, ioXT and ReFirm Labs to conduct penetration testing.

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Outlook

As someone who likes Wyze's devices but is leery of their privacy issues, these are all welcome changes indeed. Considering companies like Ring instituted mandatory 2FA five years ago, it's surprising that it's taken Wyze so long to follow suit.

Whenever you're in the market for a security camera or video doorbell, it's important to take a good look at the company that makes the device. Otherwise, you might never know who's watching you.

More from Tom's Guide

Michael A. Prospero is the U.S. Editor-in-Chief for Tom’s Guide. He oversees all evergreen content and oversees the Homes, Smart Home, and Fitness/Wearables categories for the site. In his spare time, he also tests out the latest drones, electric scooters, and smart home gadgets, such as video doorbells. Before his tenure at Tom's Guide, he was the Reviews Editor for Laptop Magazine, a reporter at Fast Company, the Times of Trenton, and, many eons back, an intern at George magazine. He received his undergraduate degree from Boston College, where he worked on the campus newspaper The Heights, and then attended the Columbia University school of Journalism. When he’s not testing out the latest running watch, electric scooter, or skiing or training for a marathon, he’s probably using the latest sous vide machine, smoker, or pizza oven, to the delight — or chagrin — of his family.

Read Entire Article