A Major New Security Update for Wyze Cams
TL;DR 🔐 🖼️ Wyze Cams now use an additional security layer called VerifiedView, which stamps your user ID onto every single video. Before anyone can view that video, not only do they have to get through cloud protections, Wyze does a second check to make sure the user ID matches your account right at the video — keeping your data protected even during extreme events like system errors.
Wyze already uses strong protections like password requirements, 2FA, cloud security, encryption, tools to detect suspicious logins, and much more, all following industry-standard security practices. Now we've got VerifiedView, an additional layer of protection that goes beyond industry standards to act as a final safety net or last minute badge check. It provides peace of mind that even in extreme scenarios, content captured on your Wyze Cam can only be seen by you.
Imagine your Wyze Cam content surrounded by barbed wire fencing, booby traps, security guards, acid sharks, laser scanners, and AI robot guard dogs. That was the Wyze security system a few weeks ago. We've still got all that.
If all of those protections miraculously get bypassed, now we've got a security guard with an eye scanner standing on every single photo, video, and stream your Wyze Cam captures. If you're not you, you're gonna get bounced.
How It Works
VerifiedView works by stamping your user ID onto your camera during setup, which then stamps the user ID onto every photo, video, and livestream. Before anyone can view, download, or share that content, Wyze runs an instant double-check verification process to make sure the user ID on the content matches your account.
Photos and Videos
|
Step |
What Happens |
Where It Happens |
|---|---|---|
|
1. Bind user ↔ device |
When you add a new camera to your account in the Wyze app, Wyze cloud writes a hashed (scrambled up) version of your user ID onto the device firmware. |
Wyze Cloud → Device |
|
2. Embed hash list |
The camera firmware stamps this hashed user ID into the metadata of every single video, image, or stream captured by the camera. |
Device |
|
3. Authenticate requester |
Before a user can view content captured by the camera, VerifiedView checks user ID of the user trying to access the content against the hidden user ID stamped into the metadata. |
App / API |
|
4. Access granted or denied |
If they don’t match, access is denied — even if they somehow already got through storage-level permissions. |
Verified View Core |
Livestreaming
| Livestream Connection | Your user ID is sent straight to the camera, and the camera checks to make sure it matches the ID it has saved. | Device |
Let's just make up something totally random and say an unexpected cloud outage causes an issue with a cloud caching tool that inexplicably bypasses storage level permissions which could potentially show you images from the wrong camera. Even in completely unimaginable scenarios like this, your photos and videos can never be seen by anyone but you, and you could never see images belonging to someone else, because your user ID now gets double checked right at the doorstep. If you don't have the right credentials, you get a 403 error. Access denied.
What Do You Need to Do?
Nothing! There’s no setting or toggle you need to find. Just make sure your Wyze app and camera firmware are up to date.
VerifiedView has been slowly rolling out to most cameras over the last few months and is now on our most popular models (you might see it in the release notes under the internal project name “SightSafe”). It will continue rolling out to more cameras in the coming weeks.
We will also allow older app versions to access their own camera content without performing the verification process for a few more months to allow everybody time to update.
A serious investment to protect Wyze users and change the way you think about Wyze security.
VerifiedView is not the flashiest product we’ve ever launched… it's actually designed to silently update in the background and go almost completely unnoticed by Wyze users. But that doesn’t mean it wasn’t the result of a TON of hard work from our security team. Its a reflection of the investments that we promised our users as we try to earn back the trust we lost after security incidents of the past. Storing user credentials on hundreds of millions of photos and videos and then running a cloud process to double check those credentials is a serious investment to protect our users. We promised to take security seriously, and we’re doing it. 🔐
