Wyze continues to put out very clever and affordable smart home devices and cameras, but a sour note on the company for years has been a security incident that allowed your camera’s feed to be viewed by others. With its new “VerfiedView” security, Wyze promises that can’t happen anymore.
In 2022, it was revealed that a security flaw in Wyze’s systems left a backdoor that could be used to view the camera feed from someone else’s cameras. The problem was known for three years before Wyze finally issued a fix in 2022. Then, in 2024, an outage in Wyze’s system led to a glitch showing camera feeds and thumbnails from one user’s camera in another person’s app. 13,000 users were affected, and it left a bad taste right ahead of the company’s newest camera launch. It’s not like other brands haven’t run into these issues – Eufy comes to mind – but these problems certainly didn’t earn Wyze the greatest reputation.
Wyze is now launching “VerifiedView,” a new security method that’s primarily designed to ensure the footage from your camera is only accessible by you – as it should be.
To strengthen its existing security – which Wyze describes as “your Wyze Cam content [being] surrounded by barbed wire fencing, booby traps, security guards, acid sharks, laser scanners, and AI robot guard dogs” – this new “VerifiedView” system puts an ID marker on your footage that ensures no one but you can view it. If the ID on the footage doesn’t match your account, the app won’t show it. Wyze describes this as “a security guard with an eye scanner standing on every single photo.”
Wyze breaks down the process as follows:
| Step | What Happens | Where It Happens |
|---|---|---|
| 1. Bind user ↔ device | When you add a new camera to your account in the Wyze app, Wyze cloud writes a hashed (scrambled up) version of your user ID onto the device firmware. | Wyze Cloud → Device |
| 2. Embed hash list | The camera firmware stamps this hashed user ID into the metadata of every single video, image, or stream captured by the camera. | Device |
| 3. Authenticate requester | Before a user can view content captured by the camera, VerifiedView checks user ID of the user trying to access the content against the hidden user ID stamped into the metadata. | App / API |
| 4. Access granted or denied | If they don’t match, access is denied — even if they somehow already got through storage-level permissions. | Verified View Core |
As for livestreaming content, if someone were to bypass everything else, this new system would prevent viewing as “your user ID now gets double checked right at the doorstep,” turning up a 403 error if things don’t match up.
This change has been rolling out “over the last few months” and is now active on Wyze’s most popular cameras. Remaining models will see the change “in the coming weeks.” As long as the Wyze app and camera firmware are up to date, this is all active. “VerfiedView” is referred to as “SightSafe” in release notes.
How do you feel about this new change?
More on Smart Home:
- Wyze just built a camera into a light bulb, and it only costs $50
- Philips Hue launches new ‘Wall Washer’ light, AI-powered scene generation coming soon
- What’s new in Google Home app 3.33: ‘Substantially’ improved video scrubbing
Follow Ben: Twitter/X, Threads, Bluesky, and Instagram
FTC: We use income earning auto affiliate links. More.
Comments