Skip to main content

After latest hack, experts say smart home security systems stink at securing data

Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by the Texas-based cybersecurity firm Twelve Security and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.

“Personally, in my 10 years of [system administration] and cloud engineering, I never encountered a breach of this magnitude,” wrote Dan Ehrlich, founder  Twelve Security, in a post about the Wyze hack.

Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Whereas the cheapest Ring indoor camera will set you back around $60 (and their flagship doorbell products start at $100), Wyze’s products top out at $30. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.

Dr. Richard Forno, assistant director of the Center for Cybersecurity at the University of Maryland, Baltimore County, told Digital Trends that these security systems leave a lot to be desired in terms of securing themselves, much less their customers. “You have to ask, are product companies doing basic Cyber 101-type security measures to make sure their costumer and priority data is protected? You have to at least do the basics,” Forno told DT. “The fact that we see so many data breaches these days shows that companies are not doing the basics, let alone their best, to minimize the breaches from happening.”

Ehrlich told Digital Trends that the lack of security on smart home camera systems, to him, amounts to gross negligence. “I know what bad security looks like,” Ehrlich said. “When I see bad security, usually you can understand why, for example, they took down a firewall, but I’ve never seen it as bad as this. Equifax should be held up as a gold standard compared to these guys,” he said, referring to the 2017 security breach of the Equifax credit reporting company that exposed the data of 147 million people.

Ehrlich said he was confident that eventually the industry will sort itself out, but right now, there just isn’t enough manpower to fix what would need to be fixed to secure smart home systems. “There’s just not the people to fix it. There isn’t the talent pipeline to fix it,” he said. “There’s not the people to secure all the stuff and look at everything that needs looking at.”

“The winning move right now is not to play,” Forno told Digital Trends, speaking about what consumers should do to better protect themselves from an almost inevitable camera hack. “Just don’t buy one.”

If a consumer is dead set on buying one of these systems, Ehrlich says “be aware that it is technically possible right now for all video taken to be exfiltrated to anyone in the world, anywhere. This is true of Wyze and a lot of other brands.”

Forno warned that these cameras are not much different than a computer, tablet, or phone, and that it’s just a fact that some companies are taking privacy more seriously than others. “The privacy on these devices is really lacking and there’s not much to do short of unplugging,” he said.

If you do purchase one, Forno said to make sure everyone in the home is aware of where it is and when it’s turned on. Also, make sure to fully unplug it when it’s not needed. “Nothing beats actually physically powering it off and unplugging it,” he said. “A modicum of common sense by the user will go a long way.”

Wyze did not immediately respond to a request for comment. This story will be updated when we hear back.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
How to prevent your Ring smart cameras from being hacked
Ring Indoor Cam on a table.

If you're worried about your Ring cam or video doorbell being hacked, you're not alone. In 2020, a class action lawsuit was filed claiming that Ring's security protection had allowed hackers to control their smart cams. Ring has since expanded its end-to-end encryption to cover a broader number of Ring devices, but concerns still remain. If you want to make particularly sure no one can hack into your Ring cam, here's what you need to know.

When Digital Trends reached out to Ring about the most recent incident, a representative said, "Customer trust is important to us, and we take the security of our devices seriously. Our security team has investigated this incident and we have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network.

Read more
7 things you didn’t know your home security system could do
SimpliSafe bast station sitting on a table infant of a mirror.

Your home security system is the main line of defense against burglars and unwanted visitors. It can provide peace of mind when you're away, but there are a lot of things your security system can do that you might not be aware of. For example, rather than just catching suspicious activity, it also lets you record your pets being silly for video clips worthy of America's Funniest Videos.

With the right setup, your home security system can extend its functionality far beyond the basics. Here are seven things you didn't know your home security system could do.
Connect to your smart home to disarm the system and turn on the lights
When you come inside, your first step is typically to turn on the lights and/or disarm your security system. You can actually disable your security system with the right key code and connect it to your smart lights so they automatically turn on when you enter the code. You can also connect it to other smart devices like a smart plug to turn on other devices.

Read more
Wyze Home Monitoring System can now detect leaks and climate changes at home
Wyze Climate Sensor placed on ledge.

Smart home brand Wyze is adding two new smart devices to its home monitoring lineup, enabling users to expand their kit to include extra capabilities for sensing moisture and climate conditions.

The first device is the Wyze Sense Leak Sensor, a battery-power sensor probe with an optional thin sensor that can be attached to extend the device’s capabilities. When water makes contact with either sensor on the probe, it can send a signal -- up to 500 feet -- to the home monitoring system so that owners get an alert about a potential leak.

Read more