“The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has customers including the Chinese electronics giant Xiaomi. ThroughTek says 83 million devices made by other brands, such as the camera vendor Wyze, run its software.”
Apparently Wyze is not interested in addressing this concern, there is another post that brought this subject up and Wyze refuses to respond to this.
I flagged that post from 2 months ago for Wyze staff to answer and nothing but silence, I even DM @UserCustomerGwen with no response.
The fact that many of us have been asking Wyze to address this and never any response is very concerning.
I have posted this information to the Cve-2021-32934 post that @RLBK has provided here.
Cve-2021-32934
2 Likes
Another FYI, as I also mentioned in the other thread you linked to, the 90 day CERT non-disclosure period literally just lapsed the other day, meaning they really have only been able to openly discuss this for the past two days. This prohibits any company from discussing or acknowledging vulnerabilities. This is a security mechanism to allow impacted companies time to research and resolve before public disclosure. The “security firm” that discovered this vulnerability failed to follow proper procedures by disclosing it early. This will severely impact their credibility moving forward.
1 Like
We’re aware of the potential vulnerabilities with the third-party system and have been actively addressing the issue since before the public announcement. But with some security topics, it can be more appropriate to be prudent about the information we share so we won’t be giving further details yet. We always prioritize our customers’ safety and we appreciate your patience.
6 Likes