HOUSING + HOMELESSNESS

That security camera and smart doorbell you’re using may have some major security flaws

Mar 10, 2024, 2:00 PM

Privacy and security issues continue to emerge when it comes to smart doorbells and security camera...

Privacy and security issues continue to emerge when it comes to smart doorbells and security cameras. (Canva)

(Canva)

(CNN) — When 24-year-old Heather Hines from Southern California was changing into her work clothes last month, she noticed the seven security cameras she owned from Wyze went offline for a short period of time, including the one in her bedroom.

About 48 hours later, she received an email from the company stating that thousands of its customers opened their apps and saw photos and video footage from inside other people’s homes. The issue stemmed from a caching problem from a third-party partner that occurred when the camera systems came back online.

Hines was one of the 13,000 accounts that were compromised in the hack. About 1,500 users viewed images and videos from other Wyze cameras.

“It made me feel violated,” said Hines, who used the cameras to monitor her sick cat when she’s not at home. “I’m scared I’m going to wake up one day and have my friends texting me saying my camera video got leaked.”

Issues with surveillance systems like cameras and doorbells continue to make headlines, stoking security and privacy concerns, reminding people who own smart home gadgets that some devices intended to make homes safer or more convenient continue to pose some serious security risks. Still, little repercussions exist for the companies responsible for keeping customers safe.

Hines told CNN she was “disappointed” in the Wyze’s limited response after inquiring what photos or footage were captured and seen by other users. In an email to Hines viewed by CNN, the company wrote: “We truly understand your concern, and we regret that we are unable to offer detailed information on a per-camera basis or specifics about how users might have been affected.”

Hines has since removed all of the Wyze cameras from her home. “Now I don’t have the cameras to watch over my sick cat. … I’m completely done with smart devices like that.”

For some Wyze customers, like 51-year-old Eddie Henderson from Nova Scotia, Canada, the incident came as less of a shock. This was the second security breach he’s been part of with Wyze in recent months, where he was once again able to see thumbnail images taken from other people’s cameras.

After accessing the app, he was able to peek into the front yards of two different residential homes, one of which he said was visible to a business across the street, making the location identifiable.

“I definitely felt violated … but I learned not to put them indoors in main areas of living space,” he said. Now he worries about one of his outdoor cameras placed near his medicinal marijuana field.

“The medical grow is valuable so if someone could figure out my location they may be interested in trying to steal it,” he said.

Henderson, who owns 10 Wyze cameras, said he is starting to replace them with other brands.

In an email sent to CNN, Wyze CEO Dave Cosby said the company knows “these events are unacceptable.” He said Wyze plans to hire up to a dozen new engineering positions to help “reduce reliance on any third parties.”

He added: “It will take time to repair trust with users and tech publications, but it has our total focus.”

The latest incident highlights a growing problem not only with security cameras but other internet-connected devices, putting the onus often on consumers to take extra steps to keep their homes safe from potential breaches and bad actors. It also raises the question about whether the value of smart devices is worth the risks.

Problematic devices

The problem is much bigger than one company. Less than two weeks after the Wyze incident, a Consumer Reports investigation found a series of cheaply made smart doorbells sold on Amazon, Walmart, Sears, Shein and other popular retailers had security flaws, allowing bad actors to easily hack into the systems to gain access to photos and footage stored on the app.

A majority of those products, from popular brands such as Eken and Tuck, were manufactured in China and sold at half the price of more well-known US brands. Consumer Reports said the doorbells did not have a required ID issued by the Federal Communications Commission, effectively making them illegal for sale in the US.

Walmart told CNN it is no longer selling these items. Amazon, which still lists them for sale on its site, did not respond to a request for comment.

Adding to the problem, some companies make and sell devices under different names, according to the Consumer Reports article.

“All computing devices are susceptible to hacks,” said Paddy Harrington, a senior analyst at market research firm Forrester Research. “The exposure of those devices to attack just grows exponentially when you put them on the internet and store the data in a publicly accessible place.”

Cheaply made devices without security controls in place can present significant vulnerabilities for customers. Hackers can access non-secure devices to get onto people’s home networks and other devices, from phones, computers and TVs to speakers, lights, and garage door openers. Attackers can potentially obtain sensitive information about the device’s owners, and they can also take over the smart gadgets, for example, by speaking through the devices, stealing footage and recordings, or flickering the lights.

When a vulnerability is found, bigger companies can turn around a fix quickly. That’s not always the case for smaller brands. Still, security breaches impact companies of all sizes. Amazon and Google have experienced security breaches with Ring and Nest security devices in recent years.

But because consumer goods have low profit margins, some smart home providers want to cut costs elsewhere, from limiting security controls to producing poor-quality products, according to Michela Menting, an analyst with market research firm ABI Research.

“It’s easy to dismiss risk and push it as the responsibility of the cloud provider,” said Michela Menting, an analyst with market research firm ABI Research. “But I’d say it’s really the smart home provider’s fault. They choose to make insecure products, thereby facilitating a future hacker’s job. There is plenty they could do to minimize the risk, but they choose not to.”

Cheaply made devices target buyers who seek less costly solutions compared to known-brand names. Inexpensive options can also disappear; sometimes pulled from the market a few weeks or months later because companies “found a better way to make a buck,” Harrington said.

“And what happens to your data and where it’s stored? [The company] walks away with them,” he added.

Why this happens

Fighting these issues remains a big challenge, akin to a game of Whac-a-Mole. Although the US government can go after American companies, it’s much harder to track down Chinese manufacturers. And even if a device says it was made in another country, its components could still be made in China.

It’s also difficult for shoppers to weed through endless products on sites such as Amazon; a search for smart light bulbs will pull up name brands, along with dozens of other companies you’ve never heard of – and many with good reviews. (Amazon has also struggled with questionable, fake reviews).

The company has come under fire over the years for the quality of some products it sells on its platform, including dietary supplements, carbon monoxide detectors, hair dryers and children’s sleepwear. In 2021, the Consumer Product Safety Commission called on Amazon to remove hundreds of thousands of products on its site deemed hazardous.

Although Amazon has removed some products, it continues to struggle with keeping untrustworthy products off its virtual shelves.

“When it comes to what they sell, Amazon has a lot of work to do to clean out the garbage and until consumers hold them accountable, they’ll keep doing it because it makes them money,” Haddington said.

On the security side, regulations and policies may help with some smart home products down the line, such as the White House Executive Order which requires manufacturers to list ingredients that make up software components and the European Union’s Cyber Resiliency Act, which mandates hardware and software to meet certain cybersecurity requirements.

“They will make manufacturers and providers accountable for security,” Menting said. “But these take time to develop and enact and it will get worse before it gets better.”

What can people do?

Consumer education and awareness can help. It’s smart to shop with a healthy dose of discernment, so people can feel comfortable with smart technologies they select for the home.

“There are many conscientious smart home providers who do their best from a security and privacy perspective, and this is laudable,” Menting said.

But because there are twice as many that do “a poor job” on that front, people must do their research before buying, she added.

This means getting recommendations from verified testers, such as CNN Underscored, Wirecutter, Consumer Reports and other trusted sources.

The FBI also offers guidance on how people can keeping smart homes secure, such as by making sure users only allow the device to operate on a network with a secured Wi-Fi router, and picking strong network passwords.

It also urges shoppers to purchase internet-connected gadgets from manufacturers with” a track record of providing secure devices,” and setting devices to automatically update with security fixes.

People can also reconsider how many smart devices they actually need in the home.

“This isn’t an issue with just one product,” Harrington said. “When it comes to things that involve personal security and privacy, everyone needs to take a little extra time and weigh the risks when buying connected products.”

The-CNN-Wire
™ & © 2024 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

Housing + Homelessness

FILE -- The gathering room at the YCC Family Crisis Center in Ogden is pictured on Tuesday, July 9,...

Heather Peterson

Transitional housing for domestic violence victims opening soon in Ogden

Victims of domestic violence will soon have another way to escape dangerous situations in Weber County. The YCC Family Crisis Center is building transitional housing by way of a new 14-unit apartment complex in Ogden to house domestic violence victims. Domestic violence is cited as the reason 22-57% of women experience homelessness by the National […]

7 days ago

The housing market in Utah is competitive and shows minimal signs of slowing....

Aimee Cobabe

Unwelcome Home: Exploring the challenges of buying a home in Utah

The housing market in Utah remains as competitive as ever. Some people are braving it, some just can't stand it.

17 days ago

Nationally, economists think retiring baby boomers downsizing their homes could be a rapid solution...

Don Brinkerhoff

Utah’s housing shortage: Could baby boomers downsizing be the solution?

Nationally, economists think retiring baby boomers downsizing their homes could be a rapid solution to the housing shortage.

19 days ago

Single-family homes under construction in Saratoga Springs are pictured on Tuesday, July 19, 2022....

Adam Small

2023 saw far fewer building permits in Utah, report says

The Ogden-Clearfield metro area had the biggest percentage decline in building permits year-over-year, nose-diving by 34%.

27 days ago

An empty bedroom is seen in an affordable housing building run by Central City Concern, a Portland-...

HALLIE GOLDEN and CLAIRE RUSH, AP

Micro-apartments are back after nearly a century, as need for affordable housing soars

"Micro-apartments," small single rooms with a shared kitchen or bathroom, are popping up around the country.

30 days ago

Utah's economic growth has slowed year over year, with the Department of Workforce Services reveali...

Eric Cabrera

Fewer people moving to Utah means slower economic growth

Utah's economic growth has slowed, with the Department of Workforce Services revealing fewer people are migrating to Utah than years prior.

1 month ago

Sponsored Articles

Young couple hugging while a realtor in a suit hands them keys in a new home...

Utah Association of Realtors

Buying a home this spring? Avoid these 5 costly pitfalls

By avoiding these pitfalls when buying a home this spring, you can ensure your investment will be long-lasting and secure.

a person dressed up as a nordic viking in a dragon boat resembling the bear lake monster...

Bear Lake Convention and Visitors Bureau

The Legend of the Bear Lake Monster

The Bear Lake monster has captivated people in the region for centuries, with tales that range from the believable to the bizarre.

...

Live Nation Concerts

All the artists coming to Utah First Credit Union Amphitheatre (formerly USANA Amp) this summer

Summer concerts are more than just entertainment; they’re a celebration of life, love, and connection.

Mother and cute toddler child in a little fancy wooden cottage, reading a book, drinking tea and en...

Visit Bear Lake

How to find the best winter lodging in Bear Lake, Utah

Winter lodging in Bear Lake can be more limited than in the summer, but with some careful planning you can easily book your next winter trip.

Happy family in winter clothing at the ski resort, winter time, watching at mountains in front of t...

Visit Bear Lake

Ski more for less: Affordable ski resorts near Bear Lake, Utah

Plan your perfect ski getaway in Bear Lake this winter, with pristine slopes, affordable tickets, and breathtaking scenery.

front of the Butch Cassidy museum with a man in a cowboy hat standing in the doorway...

Bear Lake Convention and Visitors Bureau

Looking Back: The History of Bear Lake

The history of Bear Lake is full of fascinating stories. At over 250,000 years old, the lake has seen generations of people visit its shores.

That security camera and smart doorbell you’re using may have some major security flaws