People love convenience. The ability to perform tasks without lifting a finger is one of the things many people wish to have. And it can even be better if things happen before they even think about it. That is what smart home devices provide. These technologically-advanced devices do things on their own. Robot vacuum cleaners clean the floor for you, and smart thermostats adjust the temperature based on your preferences and the weather outside.
But here’s a problem. If you want almost everything in your house to be automated, you need to buy many devices. But you increase the risk of getting hacked for every device you add to your home Wi-Fi network.
The story of a popular Utah blogger, Isabelle Baker, serves as a great example. She wrote on her ihonestlyloved Instagram account about how her son was a great sleeper and then suddenly is not. Isabelle and her husband could not figure out why their son was now afraid and having night terrors.
Then one night, Isabelle heard a man talking to her son in a distorted voice. The said man used the baby monitor. So, Isabelle unplugged the baby monitor and got rid of it.
That is not the creepiest part of the story. Isabelle claims that she received many messages after she posted her story. Apparently, the same thing happened with many people’s baby monitors.
The Camera You Need to Stop Using
The research firm Bitdefender has reported vulnerabilities in at least two baby monitors over the past couple of months. One of those cameras is the Wyze cam that Isabelle Baker used.
Bitdefender found the potential for an attacker to access the video feed when it looked in the first version of the Wyze cam. And so, Wyze discontinued that model in January.
However, Wyze only told its customers that the camera would not receive necessary security updates. The company did not inform them about the risk of hackers gaining access to the camera.
Bitdefender reached out to Wyze three years ago to discuss its potential privacy issue. However, neither company publicized any specific details. That is, at least until Wyze released a blog post urging customers to stop using the Wyze Cam v1.
There is no need to worry if you own either version two or three of the Wyze cam. These versions do not have the same vulnerability.
Wyze says that it takes all security concerns seriously. Thus, they are constantly evaluating the security of Wyze’s systems and taking appropriate measures to protect their consumers’ privacy.
Wyze wrote that they appreciated the responsible disclosure provided by Bitdefender on these vulnerabilities. Furthermore, they worked directly with Bitdefender to patch the security issues in supported products before the public report.
Wyze explained to its customers how cybercriminals could gain access to their devices. “The vulnerabilities required some form of local network access.” Therefore, the actor could not gain access if you did not expose your network to him or on the internet at large. As long as you don’t do that, these vulnerabilities should not be exploitable remotely.
As Bitdefender reported previously, Wyze issued the first patch in the month following their notification. Then, the company continued to mitigate the risk of these exploits with additional patches in the subsequent months.
Wyze has fixed these issues, and they no longer consider them ongoing. That was after the release of the final critical security updates for the last of the local vulnerabilities found in the report in February 2022.
The company adds that they want to respond to issues more quickly and make significant advances in its security infrastructure. Thus, Wyze is hiring a team of dedicated security engineers to work exclusively on responses to security events and strengthening protection.
Unfortunately, Wyze Cam v1, last sold in March 2018, could not support the necessary updates. It has a limited camera memory, and hence, Wyze can’t patch the issues on that product.
The company says that they are transparent and disclosed their inability to fix the issue in an upcoming email about Wyze Cam v1’s end-of-life.
Wyze discourages people from continuing to use the Wyze Cam v1 and other EOL products.
How Safe Are You?
This issue has started a debate on Wyze’s community forum. Some commenters say you are very safe because hackers need to tap into your home Wi-Fi network to access your baby monitor.
However, security company Avast disagrees with that. It reports that router hacks can happen to anyone and could cause major damage. Hackers can spy through connected cameras, change passwords, or steal sensitive information.
Therefore, it is best to ensure your smart home devices are as secure as possible.
How To Prevent Hacking of Your Smart Devices
To make your smart home devices like baby monitors secure, you need to secure your network.
The first thing you need to do is change your passwords and change them regularly. Keep in mind that there are two different passwords on your router. One is used for the device’s settings, and the other is what the other devices need to connect to the network. Changing the default passwords to long and complicated ones is good practice. Furthermore, experts recommend changing passwords every three months or so.
Next, make sure your firmware is up to date. If available, enable automatic updates. Isabelle Baker discovered that her router’s firmware was not up to date. So if you don’t want what happened to her to happen to you, do not skip this step. Updating the firmware for new routers is made easier through apps.
Then, change the name of the Wi-Fi network. The default ones often include details about the make and model of the router. That information can help hackers penetrate the network. Also, hiding the network is highly recommended.
Last, logging into a Wi-Fi network that is not the secure network in your home opens up an opportunity for hackers. With that said, if you can avoid checking your baby monitor while not at home, try to do that.
It is also best to minimize the number of people connected to your cameras.