A failure in the platform of the Wyze brand security cameras exposed, for about 11 months, data from about 2.4 million consumers. The serious error happened mainly in the United States. Malicious invaders were even able to monitor live homes of the user who had one of the affected camera models. According to experts at the security company Twelve Security, this is the most serious spill ever seen worldwide. The case comes to light shortly after experts at the University of Texas warned of the danger of using connected electronics.
READ: How to turn your phone into a security camera with the WardenCam app
In response to the specialized portal CNET, the manufacturer acknowledged the problem and said that the data was accidentally exposed in a process of server migration. An employee would have failed to follow security protocols during the procedure. It is not yet clear whether the company knows whether the information has been intercepted by possible attackers.
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
Failure in the Wyze brand security camera on consumer video 11 months ago Photo: Divulgao / Wyze
Apparently, the failure mostly affected American users. Of the 2.4 million users who have had their data exposed, 24% are located in the eastern United States. The others affected are distributed among other regions of the country. The error also hit the United Kingdom, the United Arab Emirates, Egypt and some regions in Malaysia.
According to Twelve Security, which discovered the leak, the flaw involves a weakness in protecting the servers that store the information collected by the brand's domestic devices. Experts warn that the breach is still present and the data can still be accessed by anyone on the web, as long as they have server addresses. The information would be protected only by a weak password system, which could be overturned with the technique of brute force.
With the data in hand, an attacker can log in to the user account to view the live feed from the cameras. In addition, according to the experts' warnings, it would also be possible to intercept traffic directly to obtain the images.
Wyze camera is for sale in Brazil for R $ 443.90 Photo: Divulgao / Wyze
In addition to connected cameras, Wyze sells smart locks, lamps and smart sockets, among other devices aimed at home automation. A branded security camera currently sold by Amazon in Brazil, for R $ 443.90.
The exposed data includes e-mail addresses and credentials of 24,000 people, who connected a Wyze device Alexa virtual assistant. The error also released IFTTT routines, detailed information from the user's local network, alarm monitoring and calendar details, in addition to facial recognition of all consumers who uploaded a profile photo to the account. For a small group of users, the database also includes health information, such as height, weight, gender, bone density, daily protein diet, among other personal data.
Wyze sells cameras, smart locks, lamps and smart sockets Photo: Reproduo / Wyze
Also according to Twelve Security, the vulnerability is present mainly in Wyze servers located in the United States. The company was founded in 2017 and headquartered in the United States, but part of its infrastructure, experts note, is located in China.
Certificates from servers operated by Wyze suggest that the company would have links with Alibaba Group, a Chinese retail giant that also offers cloud services. A report by the security firm points out that the information circulating in the Chinese infrastructure is more protected.
Via Twelve Security, CNET
How to choose a security camera? Comment on TechTudo's Forum.
Best of the Year TechTudo 2019: meet the electronic winners