Wyze Launches VerifiedView for Enhanced Security

\n\n

In an effort to restore trust in the security of its cameras, smart home brand Wyze has developed VerifiedView—a new layer of protection that embeds user IDs into the metadata of every photo, video, and livestream. Wyze claims the system matches this data to user accounts before playback, effectively blocking unauthorized access to footage.

\n

“This is a safety net,” Wyze co-founder and CMO Dave Crosby tells The Verge. “On top of doing everything we can to protect users, we’ve built this double check at the end to make sure that they’re extra protected.”

\n

“We realized that we cannot survive if we keep making these stupid mistakes.”

\n

The initiative follows several challenging years for Wyze regarding security, beginning with a vulnerability in its v1 cameras that it knew about for three years and never disclosed, followed by two high-profile incidents in 2023 and 2024, where users saw images from other people’s cameras.

\n

Crosby states that Wyze now views the rectification of its security practices as existential. “We realized that we cannot survive if we keep making these stupid mistakes that we’re making,” he says. “We’ve got to make monumental changes so this kind of stuff never happens again.”

\n

VerifiedView is just one outcome of this significant shift; Wyze has also expanded its in-house security team, Crosby notes, and “invested millions of dollars” in fortifying its security architecture from top to bottom. This includes re-architecting its security stack, mandating two-factor authentication, launching a bug bounty program, and deploying monitoring tools to detect and prevent threats.

\n

Wyze is also committed to enhancing transparency regarding security. “One of the biggest mistakes we ever made was not being more transparent on that,” Crosby says, referring to a flaw Bitdefender identified in its camera in 2019, which the company did not disclose to customers until 2022.

\n

VerifiedView is currently available through a firmware update that began rolling out in April. “It’s 100% deployed on our most popular cameras—Wyze Cam v4, v3, Pan v3, and OG,” Crosby states, adding that it will soon be available for the rest. Some older cameras lack the hardware to support it, but Wyze is exploring ways to accommodate them. Users can check if their cameras are on the new firmware on Wyze’s site.

\n

Investing in Rebuilding

\n \n

Following the 2024 breach, Crosby indicates that Wyze regrouped around security. “We went through our entire security stack, evaluating where we can improve, reviewing third-party tools, and removing them where we can. Where we have to use them, we are only building with the best platforms,” he explains. “We’ve invested in AWS tools—including Lacework, Security Hub, GuardDuty, and Q CLI.” Wyze has also engaged several security firms “to verify and validate what we’ve done.”

\n

VerifiedView aims to prevent the types of scenarios Wyze experienced in 2023 and 2024 concerning issues with third-party tools. “If everything else fails and people get into the cloud or data gets switched, people cannot see other people’s content,” Crosby states. The system works by attaching user IDs to cameras, and consequently to any photo, video, or livestream produced. Before accessing the footage, VerifiedView checks that the ID from the device being used matches. If it does not, access is denied.

\n

The technology is akin to Digital Rights Management (DRM), which is designed to combat content piracy, explains Sharon Hagi, a cybersecurity expert and chief security officer at Silicon Labs, who reviewed Wyze’s published materials at The Verge’s request. “At the core of VerifiedView is a well-established and critical data security concept: cryptographic binding of user identity and device data to digital content,” he states, calling it a significant advancement in smart home security.

\n\n

While VerifiedView is designed to prevent unauthorized access to footage, it cannot stop someone with access to an account from viewing it. To address this, Wyze asserts that login security has been enhanced. Two-factor authentication is now required by default, secure sign-in options are available, and the company has deployed tools to detect suspicious logins.

\n

Crosby emphasized that Wyze has invested significantly in these changes and that the ongoing costs to maintain VerifiedView, including engineering and cloud infrastructure, are substantial. This raises questions about the sustainability of such investments for a bootstrapped startup with narrow margins. Could VerifiedView eventually become a paid feature? “We will never charge for this feature and we will never discontinue it,” Crosby asserts. “It will be a regular feature for all Wyze Cams going forward.”

\n

Another question arises as to why not implement end-to-end encryption (E2EE), which ensures that only the user and their authorized devices can access footage. Most cloud-based security cameras, including Wyze, encrypt data while “in transit” and “at rest,” which protects against malicious actors but allows the company to access it while on their servers to provide additional features.

\n

“VerifiedView offers very similar protections to E2EE without compromising the user experience—it felt like the perfect trade-off.”

\n

Crosby acknowledges that E2EE is the “holy grail,” but it compromises features that users value. “With E2EE, you can’t use third-party integrations like Alexa, and AI identifications in the cloud don’t work. VerifiedView offers very similar protections to E2EE without compromising the user experience—it felt like the perfect tradeoff.”

\n

It is true that encrypting footage prevents a company’s cloud servers from accessing it and acting on behalf of users to notify them when, for instance, a package is at your door. However, some companies like Apple, with its E2EE HomeKit Secure Video, utilize a local server for processing.

\n

Alongside the local storage offered on some cameras, Crosby mentions that Wyze is exploring the addition of more local processing, something it has on its higher-end cameras. “We want to move more and more to the edge,” he states, adding that this could involve new local devices, though he did not clarify whether this means new cameras or some type of hub for local processing. Wyze is also working on reintroducing Real-Time Streaming Protocol, Crosby notes. This would allow users to stream video to a local recording device and/or platforms like Home Assistant.

\n

When asked why not at least offer E2EE as an option, Crosby again pointed to the lost functionality of E2EE, such as Wyze’s new AI features that help reduce notifications. “We created VerifiedView to be a third layer of protection so users can benefit from the AI features while knowing their videos are secure.”

\n

Clearly, the cloud will remain a core component of the Wyze service. “There will probably always be some sort of edge-cloud collaboration,” Crosby states. “Today, we do the easy stuff on the edge and the hard stuff on the cloud. As our cameras become smarter, we will shift more to the edge. However, situations are becoming more complex, and we’re adding more use cases to what we monitor. Thus, it will always be a process of learning and improving, and then moving that to the edge.”

\n

Crosby believes that users should now feel secure using Wyze’s security cameras. “We are more locked down than ever,” he asserts. “I feel very confident. And while you can’t be too confident in this game, because everyone feels confident until something happens, we’re building layers of tools on top of each other. It’s the best we can do at this