The New York Times’ consumer-oriented publication Wirecutter says it will stop recommending Wyze security cameras to its readers after the company provided an unsatisfactory response to a large-scale technical glitch.
The issue, first reported by users on the social media platform Reddit and confirmed by The Verge earlier this month, allowed Wyze security camera customers to view live feeds of other users when logged in through the web version of the Wyze camera portal.
Officials at Wirecutter said a Wyze spokesperson characterized the incident as relatively small, affecting “no more than 10 users.” But the company has not provided any follow-up information about what happened, nor did it notify all of its customers about the issue, Wirecutter said.
“With this incident, and others in the past, it’s clear Wyze has failed to develop the sorts of robust procedures that adequately protect its customers the way they deserve,” Rachel Caricola, a senior staff writer at Wirecutter, wrote in her article on the matter.
Caricola said Wirecutter reached out to several “peers, colleagues and experts in the field,” including a Mozilla privacy director and another Wirecutter senior staff writer, and all were unanimous in their belief that Wyze had not taken enough steps to address the security issue or adequately notify customers about the matter.
Wirecutter pointed to numerous other security incidents affecting Wyze products, including its surveillance cameras. Early last year, a study produced by security firm Bitdefender found Wyze knew about a security issue impacting its cameras, but took around three years to address it publicly. When it did, the company told customers that continuing to use their first-generation Wyze Cam “carries and increased risk, is discouraged by Wyze, and is entirely at your own risk.”
“The fundamental relationship between smart-home companies and their customers is founded on trust,” Caricola wrote on Tuesday. “No company can guarantee safety and security 100 percent of the time, but customers need to be confident that those who make and sell these products, especially security devices, are worthy of their trust. Wyze’s inability to meet these basic standards puts its customers and its devices at risk, and also casts doubt on the smart-home industry as a whole.”
The condemnation by Wirecutter has the potential to complicate a relatively-new business arrangement between Wyze and Roku, in which white-label versions of Wyze products are manufactured and sold under the Roku brand.
Over the past year, officials at Roku have expressed a desire to push further into the smart home market by selling devices like surveillance cameras, home monitoring systems and smart lights that integrate natively with Roku’s streaming TV hardware.
“We are proud to further extend Roku’s Smart Home lineup with affordable, simple ways to secure the safety of any home,” Mark Robins, the senior vice president of smart home initiatives at Roku, said in a statement this past May after the company unveiled its Wyze-made home security system.
While the affected Wyze cameras essentially share the same internal and connected technology as ones made and sold under the Roku brand, a Roku spokesperson told Caricola that the security incident impacting Wyze did not necessarily affect Roku camera users, because the company does not offer a web portal for viewing live feeds.
Instead, live video captured by Wyze-made Roku cameras are available to view within Roku’s own distributed apps for smartphones and tablets, as well as on Roku streaming TV devices.