Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
If you have a Wyze Cam version 1, we've got bad news. The cheap, easy-to-use home security camera has some serious security flaws that aren't going to be fixed.
You're best just getting rid of the unit and spending $35 to trade up to the Wyze Cam version 2 or Wyze Cam v3, on both of which these flaws have been fixed. Or you could check out our list of the best home security cameras for even more options.
What's the difference between Wyze Cam v1 and v2?
The only problem is that the Wyze Cam v1, which debuted in 2017, and the Wyze Cam v2, which was released a year later, may look exactly the same. (There's also a black model of v2.)
We reached out to Wyze's customer-support chat line and were informed that you can find the device info on the bottom of each camera — v2 units will say "v2" while v1 units won't.
The main differences are in the innards. Wyze Cam v2 has a frame rate of 15 fps versus v1's 10 fps; v2 works with Google Assistant and Amazon Alexa, while v1 only has Alexa; and v2 has a motion-tagging feature whereas v1 doesn't.
In any case, Wyze ended support for v1 back on Feb 1. That's ironic, because a Bitdefender white paper details how it first informed Wyze of these three security flaws back in March 2019, three years ago.
Bitdefender says that Wyze fixed or mitigated some of the flaws over the next year and a half without acknowledging Bitdefender's original messages. Wyze finally replied to Bitdefender in November 2020, according to the security firm's report, and the two then worked together to verify further fixes.
Remote takeover
Flaw no. 1, catalogued as CVE-2019-9564, lets you take control of a Wyze cam over the internet without a password. Using this flaw, you "can fully control the device, including motion control (pan/tilt), disabling recording to [the SD card], turning camera on/off," noted Bitdefender, although you couldn't view the live feed. This has been fixed on Wyze Cams v2 and v3, but not on Wyze Cam v1.
Flaw no. 2, catalogued as CVE-2019-12266, does let you view the live feed. It involves swamping the Wyze's camera's internal memory with too much data, letting a remote attacker take total control of the device. It's not completely clear whether this has been fixed on Wyze Cam v1, but it has been on v2 and v3.
Flaw no. 3 is uncatalogued but lets a remote attacker access the contents of the SD card inserted into the camera without any password. This has been mitigated on Wyze Cam v1, but fully fixed only on Wyze Cams v2 and v3.
