← Smart Home
F

Wyze Thermostat

Fail
Wyze Labs · 🇺🇸 United States · WiFi + Bluetooth
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: Wyze
Manufacturer: Wyze Labs

⚠️ The bottom line

Wyze knew hackers could access their camera feeds for three years and said nothing. Bitdefender told them in 2019. They didn't fully fix it until 2022. They never told customers. If they hid a camera vulnerability for three years, what are they hiding about the thermostat that knows when you're home, when you sleep, and when you're away?. Your Wyze thermostat knows your schedule. The camera knows your face. The door sensor knows when you leave. The motion sensor knows which rooms you use. Together, Wyze has a complete map of your life inside your house — stored on the same cloud that hid a camera vulnerability for three years.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
1/4 LOW
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
0/4 N/A
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
2Contradictions
1Critical
1High
0Medium
2Sources
Findings by concern
Security 3/4 HIGH 2 findings
⚠️ criticalmarketing vs regulatory
Wyze knew hackers could access their camera feeds for three years and said nothing. Bitdefender told them in 2019. They didn't fully fix it until 2022. They never told customers. If they hid a camera vulnerability for three years, what are they hiding about the thermostat that knows when you're home, when you sleep, and when you're away?

What they claim: Wyze promotes affordable smart home devices with strong security

What we found: Wyze concealed a security vulnerability for three years (2019-2022) that allowed attackers to access Wyze Cam v1 video feeds. Bitdefender researchers discovered the flaw in 2019 and notified Wyze, who did not fully patch it until 2022 and never notified affected customers. The same security culture applies across all Wyze products including the thermostat.

⚡ highprivacy policy vs third party research
Your Wyze thermostat knows your schedule. The camera knows your face. The door sensor knows when you leave. The motion sensor knows which rooms you use. Together, Wyze has a complete map of your life inside your house — stored on the same cloud that hid a camera vulnerability for three years.

What they claim: Wyze describes data collection as necessary for smart home functionality

What we found: The Wyze thermostat reports heating/cooling schedules, occupancy patterns, and temperature preferences to Wyze cloud servers. Combined with Wyze's camera, door sensor, and motion sensor products, the ecosystem builds a comprehensive home activity profile — when you wake, when you leave, when you return, which rooms you use. All stored on Wyze's cloud, subject to data breach risk.

Sources