Skip to main content

After latest hack, experts say smart home security systems stink at securing data

Another day, another smart home camera system security hack, this one affecting the Seattle-based company Wyze. First reported by the Texas-based cybersecurity firm Twelve Security and confirmed by Wyze, the hack is estimated to have affected 2.4 million customers who had their email addresses, the emails of anyone they ever shared camera access with, a list of their cameras, the last time they were on, and much more information exposed. Some customers even had their health data leaked.

“Personally, in my 10 years of [system administration] and cloud engineering, I never encountered a breach of this magnitude,” wrote Dan Ehrlich, founder  Twelve Security, in a post about the Wyze hack.

Wyze is a home camera system similar to Amazon’s Ring that’s more economical: Whereas the cheapest Ring indoor camera will set you back around $60 (and their flagship doorbell products start at $100), Wyze’s products top out at $30. Both companies have now experienced at least one kind of major breach — either a hack or a leak — that should raise the eyebrows of anyone considering purchasing this type of home security.

Dr. Richard Forno, assistant director of the Center for Cybersecurity at the University of Maryland, Baltimore County, told Digital Trends that these security systems leave a lot to be desired in terms of securing themselves, much less their customers. “You have to ask, are product companies doing basic Cyber 101-type security measures to make sure their costumer and priority data is protected? You have to at least do the basics,” Forno told DT. “The fact that we see so many data breaches these days shows that companies are not doing the basics, let alone their best, to minimize the breaches from happening.”

Ehrlich told Digital Trends that the lack of security on smart home camera systems, to him, amounts to gross negligence. “I know what bad security looks like,” Ehrlich said. “When I see bad security, usually you can understand why, for example, they took down a firewall, but I’ve never seen it as bad as this. Equifax should be held up as a gold standard compared to these guys,” he said, referring to the 2017 security breach of the Equifax credit reporting company that exposed the data of 147 million people.

Ehrlich said he was confident that eventually the industry will sort itself out, but right now, there just isn’t enough manpower to fix what would need to be fixed to secure smart home systems. “There’s just not the people to fix it. There isn’t the talent pipeline to fix it,” he said. “There’s not the people to secure all the stuff and look at everything that needs looking at.”

“The winning move right now is not to play,” Forno told Digital Trends, speaking about what consumers should do to better protect themselves from an almost inevitable camera hack. “Just don’t buy one.”

If a consumer is dead set on buying one of these systems, Ehrlich says “be aware that it is technically possible right now for all video taken to be exfiltrated to anyone in the world, anywhere. This is true of Wyze and a lot of other brands.”

Forno warned that these cameras are not much different than a computer, tablet, or phone, and that it’s just a fact that some companies are taking privacy more seriously than others. “The privacy on these devices is really lacking and there’s not much to do short of unplugging,” he said.

If you do purchase one, Forno said to make sure everyone in the home is aware of where it is and when it’s turned on. Also, make sure to fully unplug it when it’s not needed. “Nothing beats actually physically powering it off and unplugging it,” he said. “A modicum of common sense by the user will go a long way.”

Wyze did not immediately respond to a request for comment. This story will be updated when we hear back.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
7 things you didn’t know your home security system could do
SimpliSafe bast station sitting on a table infant of a mirror.

Your home security system is the main line of defense against burglars and unwanted visitors. It can provide peace of mind when you're away, but there are a lot of things your security system can do that you might not be aware of. For example, rather than just catching suspicious activity, it also lets you record your pets being silly for video clips worthy of America's Funniest Videos.

With the right setup, your home security system can extend its functionality far beyond the basics. Here are seven things you didn't know your home security system could do.
Connect to your smart home to disarm the system and turn on the lights
When you come inside, your first step is typically to turn on the lights and/or disarm your security system. You can actually disable your security system with the right key code and connect it to your smart lights so they automatically turn on when you enter the code. You can also connect it to other smart devices like a smart plug to turn on other devices.

Read more
Wyze Home Monitoring System can now detect leaks and climate changes at home
Wyze Climate Sensor placed on ledge.

Smart home brand Wyze is adding two new smart devices to its home monitoring lineup, enabling users to expand their kit to include extra capabilities for sensing moisture and climate conditions.

The first device is the Wyze Sense Leak Sensor, a battery-power sensor probe with an optional thin sensor that can be attached to extend the device’s capabilities. When water makes contact with either sensor on the probe, it can send a signal -- up to 500 feet -- to the home monitoring system so that owners get an alert about a potential leak.

Read more
The best home security systems
Alder Home Security

Home security products are no longer niche investments for the neighborhood's most luxurious homes. With major brands offering services and products for record-low prices, there are smart security options for nearly every price point. Whether you're looking for a quick DIY install or professional white-glove service, there are numerous options to consider when laying down the dough for cameras, sensors, and touchpads. To help you on your journey for total peace of mind, we've put together this roundup of the best home security systems you can buy right now -- featuring options for both the get-it-done weekend warrior and those less interested in taking on the job alone.
SimpliSafe

SimpliSafe is a beautifully crafted home security platform, comprising a vase-shaped base station, integrated siren, and a slew of supporting sensors available to scatter around your home. They're designed to detect movement in the home, entry from doors and windows, as well as floods and fires. The "simpli" part of the system? It's quick and easy to install and a cinch to expand, with a comprehensive range of sensors, optional home security cameras, and even 24/7 professional monitoring. Arming and disarming the system is easy for the whole family, with a battery-powered keypad and key fob design. Best of all, thanks to a partnership with design gurus IDEO, SimpliSafe is one of the slinkiest security packages around.

Read more