Allow Unsecure (no password) WiFi Networks

Not taking sides here, but I just want to point out that Wyze does have a valid stake in this. If someone hacked into a camera on an non secure network, it could go public and the detail of the nonsecure network would be lost in the weeds. The headline would be that Wyze got hacked. That would be a huge hit to their reputation. So I think this could be for their own protection as much as yours.

4 Likes

Just bought this wifi cam, doesn‘t say a wifi password is required … have MAC filtering and a junk camera I can‘t use until I figure out something.
[PROFANITY REMOVED]

MOD NOTE: Post edited to conform to the Community Guidelines

Worked for me. The question is: How long until this workaround is worked around?

There is very little chance that Wyze is going to change their minds on this. Don’t get your hopes up.

1 Like

We discussed changing this again but due to concerns about security, we will likely not allow Wyze Cams to be connected to unsecure WiFi networks.

2 Likes

Just FYI, MAC addresses are quite easy to spoof, so if you truly think MAC filtering is much more secure than passwords, you are very mistaken.

1 Like

Could you elaborate on what the concerns are? Especially when a device only needs to connect to known infrastructure that you control, the risks can be largely mitigated e.g. with HSTS, disallowing non-HTTPS connections to prevent SSL stripping-type attacks, limiting the set of root CAs you recognize, etc. These are good steps to take even if the camera is on secured Wi-Fi, e.g. if the attack is from farther upstream, like a compromised AP or wireless router.

Pushing people to workarounds like setting up a wireless repeater that ultimately goes over an open Wi-Fi network anyway just provides a false sense of security for people who don’t really understand what’s going on.

There is a balance here. You can just raise a suitably concerning warning when a user selects open Wi-Fi, or require an opt-in to allow open Wi-Fi behind “developer options” or similar.

PSA: This is not secure against anyone who has half a clue about computers and can do a simple web search to get the other half.

I’m sorry, I’m not involved enough with the tech end to have that level of information about the discussion. :sweat_smile:

While I do believe in security, I do not feel that companies should expect that all networks have a password. I am in the country, and I do not have a password on my Wifi. If I have to add a password to my WiFi, I will need to spend hours/days going to every device to set things up. For those who have passwords - Great - just don’t make it manditory.

I work with an organization who has campus-wide open WiFi which requires MAC address whitelisting for staff and trusted devices (connection permissions/bandwidth based on user/device), and requires landing page Ts & Cs acceptance etc… for the public (crippled permissions/bandwidth). They use all pretty hard core Cisco gear and have been in operation for some years.

I was hoping to run a pilot to replace some of their security cameras with Wyze so as to save their IT team on camera and system maintenance while improving feature set. But, due to this “feature” I can’t even get out of the gate. I guess back to the DVR box and old school security cameras!

The simple solution is for Wyze to use a secure protocol, such as htts. Even if https wifi traffic is intercepted, the attacker would NOT be able to decode it.

This is why Google has been pushing for all websites to switch over to use https.

The chances of an attacker being able to decrypt an https stream is pretty much IMPOSSIBLE.

I would say this is a pretty good reason for Wyze to use https or similar, secure protocol, and allow public, unsecured wifi networks, such as McDonald’s to be used, to view one’s cameras.

I do have a mobile lte connection, but given that a camera stream uses about 1 megabyte every 5 seconds, on average, that’s about 12 cent / minute (assuming a cost of a penny per megabyte, which is what it is on the Google Fi plan).

This isn’t bad, but public wifi’s are FREE, so 12 cents / minute versus FREE – I would go with the FREE option…

Just received several Wyze cameras that are useless to me…I don’t want or need a password on my router and will NOT reconfigure everything in the house to accommodate them. Had I known this was a requirement I would have purchased a different brand!

I just did a test, where I connected to a public wifi, optimumwifi, which is unsecured,

And I was able to view my Wyze camera feeds over it.

So the issue may not be due to the use of unsecured wifi.

What ports and transport types is Wyze using?

It may be that certain unsecured wifi networks disallow most ports and transports types, other than http and https, as a security measure.

If Wyze can auto-switch to using an https connection on such networks, that would resolve this issue.

Or simply use https all of the time.

I use my camera to secure my vacation house and notify me of motion or activity. I rely on the free wifi of the resort it is part of to connect to Internet. My Wyze cameras won’t allow me to use this as a “security feature”, which instead renders them unusable and my house unsecure. Can you please give me a check box override to ALLOW unauthenticated wifi access!?

For the recent posters on this thread: Please note that this topic is tagged “probably-not”, which means it is very unlikely to change. That said, in case you didn’t see the 2nd post on this topic, you may want to scroll up there and see the workaround described.

Forget the “probably not”…simply post the warning as a previous member suggested and allow users to use this function, as you did before.

Why are we glosing over the fact that WPA isn’t providing much for security in the first place? To be “more secure” they will probably add ethernet jacks and make you hard wire them in the next product rev.

Are they going to try to restrict which ISP you can use next? Nice cameras, helicopter parent company. Don’t want to give away the cameras, but I will.

In my case - want to give away some cameras to relatives, but their wifi has no password, so it’s useless to give away unless I can configure a guest account on their wifi.

1 Like

Please please let us connect to networks with no password. Put a HUGE warning… then put “ARE YOU SURE??” then get us to tick a box to say we take full responsibility, then cut our fingers and swear a blood oath. Seriously… I use the cam in hotels for securuty and you cannot use it now with hotel authentication. Don’t make me swap brands… I have 5 of these. Currently using an older APK to get around the problem.

2 Likes