Wyze revises its safety practices

In an effort to restore confidence in the security of its cameras, the Smart Home Wyze brand has developed VerifiedView – A new protective layer that incorporates your user ID into the metadata of each photo, video and livestream. Wyze claims that the system corresponds to this data to your account before reading, blocking unauthorized access to your images.

“This is a safety net,” explains the co-founder of Wyze and CMO Dave Crosby The penis. “In addition to doing everything possible to protect users, we built this double check at the end to make sure they are more protected.”

This decision follows several difficult years for Wyze on the security front, starting with a vulnerability on its V1 cameras that it To know for three years and has never disclosedfollowed by two high -level incidents in 2023 and 2024, where users Given images of other people cameras.

Crosby says Wyze now considers the repair of its safety practices as existential. “We realized that we cannot survive if we continue to make these stupid mistakes that we make,” he says. “We have to make monumental changes so that this kind of thing does not happen again.”

VerifiedView is only a result of this major change; Wyze has also widened its internal security team, known as Crosby, and “invested millions of dollars” to strengthen its security architecture from top to bottom. This includes the reaching of its safety battery, the need for two -factor authentication, the launch of a bug bonus program and the deployment of monitoring tools to detect and prevent threats.

Wyze is also committed to being more transparent around security. “One of the biggest errors we have ever made was not to be more transparent on this subject,” says Crosby, referring to a defect Bitdefender identified in its camera in 2019But that the company only disclosed customers in 2022.

VerifiedView is now available via an update of the firmware that started deploying in April. “It is 100% deployed on our most popular cameras – Wyze Cam V4, V3, Pan V3 and OG,” said Crosby, adding that it will soon come to the rest. Some older cameras do not have the equipment to support it, but Wyze explores the means to welcome them. Users can check if their cameras are on the new firmware On the Wyze website.

After the 2024 violation, Cosby says that Wyze gathered around security. “We have traveled all our safety battery, assessing where we can improve, examine third -party tools and delete them where we can. Where we have to use them, we only build with the best platforms, ”he says. “We have invested in AWS tools – especially lace, Hub Security, Guardduty and Q Cli.” Wyze also hired several security companies “to check and validate what we have done”.

VerifiedView should prevent the types of scenarios that Wyze suffered in 2023 and 2024 around problems with third -party tools. “If everything else fails and people enter the cloud or the data is switched, people cannot see the content of others,” says Crosby. It works by attaching your user ID to your camera – and therefore on any photo, video or live broadcasting it produces. Before you can access the images, VerifiedView checks that the ID of the device you use corresponds. If not, access is refused.

Technology is similar to DRM (Digital Rights Management) created to combat content hacking, explains Sharon Hagi, an expert in cybersecurity and Silicon Labs chief security officer, which reviewed the published documents from Wyze to The penis request. “At the heart of VerifiedView is a concept of well-established and critical data security: the cryptographic link of the identity of users and data from the device to digital content,” he said, calling an important step in intelligent internal security.

While VerifiedView is designed to prevent unauthorized Access to your images, this cannot prevent someone with access to your account from visualizing it. To remedy this, Wyze claims that connection security has been reinforced. Authentication with two factors is now required by default, secure connection options are available and the company has deployed tools to detect suspicious connections.

Crosby stressed that Wyze has invested a lot of money in these changes and that continuous costs to maintain VerifiedView, including engineering and cloud infrastructure, are substantial. This raises the question of how sustainable it is for a bootstrapated startup with thin razor margins. Could VerifiedView finally become a paid feature? “We will never charge this feature and we will never stop it,” says Crosby. “It will be a regular feature for all Wyze cams in the future.”

Another question is why not simply build end -to -end encryption (E2EE), which guarantees that only the user and their authorized devices can access images? Most of the cloud -based security cameras, including Wyze, encrypt the data “in transit” and “at rest”, which protects against bad players, but allows the company to access it during its servers to provide additional features.

Crosby says that E2EE is the “Saint Grail”, but it breaks the features that users appreciate. “With E2EE, you cannot use third -party integrations like Alexa, and IA identifications in the cloud do not work. VerifiedView offers very similar protections to E2EE without compromising the user experience – it was like the perfect compromise.”

It is true that the encryption of your images prevents a company’s cloud servers from looking at it and acting in your name to tell you when, let’s say, A package is at your door. But some companies like Apple, with its E2EE Homekit secure videoUse a local server to do this treatment.

In addition to the local storage he offers on certain cameras, Crosby says they explore by adding more local treatment, something he has on its high -end cameras. “We want to move more and more towards the edge,” he said, adding that this could mean new local devices, but has not clarified if they are new cameras or a type of center for local treatment. Wyze is also working on bringing the streaming protocol in real time, says Crosby. This would allow users to broadcast a video on a local recording device and / or platforms like Home Assistant.

When asked why not to offer at least E2Ee as an option, Crosby again underlined the lost functionality of E2EE, like Wyze New AI features This helps reduce notifications. “We have created VerifiedView as a third protection layer so that users can benefit from the functionality of AI … knowing that their videos are secure.”

Obviously, the cloud will always be an essential part of the Wyze service. “There will probably always be a kind of Cloud collaboration on board,” says Crosby. “Today we are doing easy things on the edge and difficult things on the cloud. While our cameras become smarter, we move more towards the edge. But situations become more difficult too, and we add more use cases to what we are monitoring. So it will always be a learning process and better improve something, then move it to the edge. ”

Crosby believes that users should now feel safe using Wyze’s security cameras. “We are more locked up than ever,” he says. “I feel very confident. And even if you cannot be too confident in this game, because everyone feels confident until something happens, we build layers of tools on each other. It is the best we can do at this stage, and I feel very confident. ”