“This is a safety net,” Wyze co-founder and CMO Dave Crosby tells The Verge. “On top of doing everything we can to protect users, we’ve built this double check at the end to make sure that they’re extra protected.”
“We realized that we cannot survive if we keep making these stupid mistakes.”
The move follows several rough years for Wyze on the security front, starting with a vulnerability on its v1 cameras that it knew about for three years and never disclosed, followed by two high-profile incidents in 2023 and 2024, where users saw images from other people’s cameras.
Crosby says that Wyze now sees fixing its security practices as existential. “We realized that we cannot survive if we keep making these stupid mistakes that we’re making,” he says. “We’ve got to make monumental changes so this kind of stuff never happens again.”
VerifiedView is just one result of this major shift; Wyze has also expanded its in-house security team, Crosby says, and “invested millions of dollars” in strengthening its security architecture from top to bottom. That includes re-architecting its security stack, requiring two-factor authentication, launching a bug bounty program, and deploying monitoring tools to detect and prevent threats.
Wyze is also committed to being more transparent around security. “One of the biggest mistakes we ever made was not being more transparent on that,” Crosby says, referring to a flaw Bitdefender identified in its camera in 2019, but which the company didn’t disclose to customers until 2022.
VerifiedView is available now via a firmware update that began rolling out in April. “It’s 100% deployed on our most popular cameras — Wyze Cam v4, v3, Pan v3, and OG,” Crosby says, adding that it’s coming to the rest soon. Some older cameras don’t have the hardware to support it, but Wyze is exploring ways to accommodate them. Users can check to see if their cameras are on the new firmware on Wyze’s site.
After the 2024 breach, Cosby says Wyze regrouped around security. “We went through our entire security stack, evaluating where we can improve, reviewing third-party tools, and removing them where we can. Where we have to use them, we are only building with the best platforms,” he says. “We’ve invested in AWS tools – including Lacework, Security Hub, GuardDuty, and Q CLI.” Wyze also hired several security firms “to verify and validate what we’ve done.”
VerifiedView should prevent the types of scenarios Wyze experienced in 2023 and 2024 around issues with third-party tools. “If everything else fails and people get into the cloud or data gets switched, people cannot see other people’s content,” Crosby says. It works by attaching your user ID to your camera – and therefore onto any photo, video, or livestream it produces. Before you can access the footage, VerifiedView checks that the ID from the device you’re using matches. If it doesn’t, access is denied.
The tech is similar to DRM (Digital Rights Management) created to combat content piracy, explains Sharon Hagi, a cybersecurity expert and chief security officer at Silicon Labs, who reviewed Wyze’s published materials at The Verge’s request. “At the core of VerifiedView is a well-established and critical data security concept: cryptographic binding of user identity and device data to digital content,” he says, calling it a significant step forward in smart home security.
