Wyze Camera Vulnerability
Wyze ignored a vulnerability in its home security cameras for three years. Bitdefender, who discovered the vulnerability, let the company get away with it.
In case you’re wondering, no, that is not normal in the security community. While experts tell me that the concept of a “responsible disclosure timeline” is a little outdated and heavily depends on the situation, we’re generally measuring in days, not years. “The majority of researchers have policies where if they make a good faith effort to reach a vendor and don’t get a response, that they publicly disclose in 30 days,” Alex Stamos, director of the Stanford Internet Observatory and former chief security officer at Facebook, tells me.
Ted • April 4, 2022 7:21 AM
Wyze‘s decision to protect its own product instead of customers will have consequences. Customers should have the right to decide if they can tolerate a vulnerability. Degrading trust is a shaky strategy.
Bitdefender? It was a notably inexpensive camera not a CPU.
Phew. I’m glad this is not normal.