Warning: *privacy not included with this product
Wyze Robot Vacuum
LiDAR! Everyone needs a vacuum with LiDAR! LiDAR is basically a spinning laser on top of your vacuum that spins around 6 times a second mapping out your home to 2,016 points in your room. Cool! LiDAR mapping is generally a safer bet than cameras in your home. However, researchers found that LiDAR robot vacuums can be hacked and used to spy on voice conversations, even without a microphone. Creepy! The Wyze App allows users to set virtual boundaries to keep the vacuum away from off-limits areas. Want to vacuum while you are away from home? Use the app to track your vacuum in real time as it cruises around your house. So, how is Wyze as privacy and security? Well, not so great we're afraid.
What could happen if something goes wrong?
Oof, Wyze! What happened? You went from being a fairly OK, affordable smart home company to quite a questionable one in just a couple of years. Not good. In fact, we must warn you that some Wyze products -- particularly their security cams -- likely come with *Privacy Not Included.
Let's start with Wyze's last couple of very checkered years when it comes to security and protecting the sensitive personal information their security cams can collect through video and audio. First, in 2022, security researchers at publication Bitdefender "found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.
That was in 2022, and then again in 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras. All this, on top of Wyze's massive data leak in 2019 that exposed the personal information of 2.4 million customers when they left a database unprotected for 22 days.
Wyze also says they can share de-identified or aggregated information with third parties, which is pretty common and not always a concern. Although it’s a good time to remind you that it’s been found to be pretty easy to re-identify some types of de-identified data and track down an individual’s patterns, especially with location data.
So, what's the worst that could happen? Well, the worst probably already has happened for those poor Wyze users whose cameras were exposed and open to strangers on the internet to spy inside their home without their knowledge. That is very bad. Unfortunately Wyze seems to have gone from an affordable smart home company without too many privacy and security issues, to one of the worst offenders on the market with recurring issues. Our recommendation is to beware that your Wyze smart home devices could come with *privacy not included.
Tips to protect yourself
- Review Wyze's recommendations to keep your account secure
- Check Wyze security & trust tips
- Be very careful who you chose to share your Wyze wellness data with.
- Don't connect your Wyze app to any social networks like Facebook.
- Enable two-factor identification
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible.
What can be used to sign up?
What data does the company collect?
"Name, email address, postal address, phone number, photographs (such as for your profile picture). social media profile information, demographic information, your birth year, height, weight, gender, and personal fitness goals (for Wyze fitness devices). Approximate and in some cases precise location Data about the device and network you use, such as your hardware model, operating system version, mobile network, IP address, unique device identifiers, browser type, and app version. Information about your activity on Wyze Services, such as access times, pages viewed, links clicked, and the page you visited before navigating to our websites."
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In 2023, Wyze admitted to a security vulnerability that exposed the private video recordings from some of their user's cameras were exposed to people on the internet. The Verge reported that some Wyze users were able to see video of cameras not their own through the Wyze web portal. This resulted in the NY Times' Wirecutter to pull their recommendation of Wyze cams to their readers. USA Today also pulled their recommendation of Wyze security cameras.
In 2022, cybersecurity publication Bitdefender reported that their security researchers " found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card." Consumer Reporters followed with a report calling out Wyze for not fixing the security flaws in some Wyze Cams for three years and did not communicate with users promptly about this vulnerability.
In 2019, a massive data leak happened at Wyze, exposing information from 2.4M customers.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
You can submit security vulnerabilities to Wyze: https://wyze.com/security-report
Wyze and Guardzilla Security Cameras Have Security Risks, Consumer Reports FindsConsumer Reports
Could your vacuum be listening to you?Science Daily
Should you be worried about cameras in robot vacuums?Digital Trends
Is Your Robotic Vacuum Sharing Data About You?Consumer Reports
Robot vacuums have a lot of dirt on you. Is yours sharing data?Komando.com
Got a comment? Let us hear it.