Skip to main content

After latest hack, experts say smart home security systems stink at securing data

Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by the Texas-based cybersecurity firm Twelve Security and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.

“Personally, in my 10 years of [system administration] and cloud engineering, I never encountered a breach of this magnitude,” wrote Dan Ehrlich, founder  Twelve Security, in a post about the Wyze hack.

Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Whereas the cheapest Ring indoor camera will set you back around $60 (and their flagship doorbell products start at $100), Wyze’s products top out at $30. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.

Dr. Richard Forno, assistant director of the Center for Cybersecurity at the University of Maryland, Baltimore County, told Digital Trends that these security systems leave a lot to be desired in terms of securing themselves, much less their customers. “You have to ask, are product companies doing basic Cyber 101-type security measures to make sure their costumer and priority data is protected? You have to at least do the basics,” Forno told DT. “The fact that we see so many data breaches these days shows that companies are not doing the basics, let alone their best, to minimize the breaches from happening.”

Ehrlich told Digital Trends that the lack of security on smart home camera systems, to him, amounts to gross negligence. “I know what bad security looks like,” Ehrlich said. “When I see bad security, usually you can understand why, for example, they took down a firewall, but I’ve never seen it as bad as this. Equifax should be held up as a gold standard compared to these guys,” he said, referring to the 2017 security breach of the Equifax credit reporting company that exposed the data of 147 million people.

Ehrlich said he was confident that eventually the industry will sort itself out, but right now, there just isn’t enough manpower to fix what would need to be fixed to secure smart home systems. “There’s just not the people to fix it. There isn’t the talent pipeline to fix it,” he said. “There’s not the people to secure all the stuff and look at everything that needs looking at.”

“The winning move right now is not to play,” Forno told Digital Trends, speaking about what consumers should do to better protect themselves from an almost inevitable camera hack. “Just don’t buy one.”

If a consumer is dead set on buying one of these systems, Ehrlich says “be aware that it is technically possible right now for all video taken to be exfiltrated to anyone in the world, anywhere. This is true of Wyze and a lot of other brands.”

Forno warned that these cameras are not much different than a computer, tablet, or phone, and that it’s just a fact that some companies are taking privacy more seriously than others. “The privacy on these devices is really lacking and there’s not much to do short of unplugging,” he said.

If you do purchase one, Forno said to make sure everyone in the home is aware of where it is and when it’s turned on. Also, make sure to fully unplug it when it’s not needed. “Nothing beats actually physically powering it off and unplugging it,” he said. “A modicum of common sense by the user will go a long way.”

Wyze did not immediately respond to a request for comment. This story will be updated when we hear back.

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
This South Korean smart home hack is one more reason you should secure your home
Alexa listening indicator.

While most Americans were trying to take advantage of Black Friday sales last weekend, hackers in South Korea pulled off what is perhaps the most damaging hack in smart home history. The as-yet-unidentified hackers recorded photo and video from more than 700 different apartment complexes and held it ransom or sold it outright for Bitcoin.

The entire incident is the stuff of nightmares -- the realization of fears about the smart home industry and what it means to allow cameras and other recording devices into the home without sufficient safeguards in place.

Read more
The South Korean smart home hack is the stuff of nightmares
Hands on a laptop.

Over the weekend, Korean media reported that a group of unidentified hackers had recorded and distributed photo and video files from the smart home security devices of over 700 apartment complexes.

South Korea is known for having a well-connected broadband and wireless network system where it is common for Internet of Things (IoT) devices to be installed in residences. IoT devices are your everyday objects and intelligent devices that connect to the internet, such as smart lighting, smart vacuum cleaners, and smart security systems -- those devices that you can control using your voice or phone. At the heart of most of these residences is a wall pad, which is a keypad attached to the wall and is the central hub of all the IoT devices in the home. The wall pad can activate, control, and monitor all the smart devices in the house.

Read more
The smart home hacking scene in Scream is possible, but you’re probably OK
august announces homekit compatibility doorbell camera smart lock close

Two elements combined to make this article happen. The first was that October was Cybersecurity Awareness Month. Second, smack-dab in the middle of the month, the first trailer for the new Scream movie dropped. It contained a scene that had us a little concerned. See if you can spot it.

Scream | Official Trailer (2022 Movie)

Read more