Not taking sides here, but I just want to point out that Wyze does have a valid stake in this. If someone hacked into a camera on an non secure network, it could go public and the detail of the nonsecure network would be lost in the weeds. The headline would be that Wyze got hacked. That would be a huge hit to their reputation. So I think this could be for their own protection as much as yours.
5 Likes
Just bought this wifi cam, doesnāt say a wifi password is required ā¦ have MAC filtering and a junk camera I canāt use until I figure out something.
[PROFANITY REMOVED]
MOD NOTE: Post edited to conform to the Community Guidelines
Worked for me. The question is: How long until this workaround is worked around?
There is very little chance that Wyze is going to change their minds on this. Donāt get your hopes up.
1 Like
We discussed changing this again but due to concerns about security, we will likely not allow Wyze Cams to be connected to unsecure WiFi networks.
2 Likes
Just FYI, MAC addresses are quite easy to spoof, so if you truly think MAC filtering is much more secure than passwords, you are very mistaken.
1 Like
Could you elaborate on what the concerns are? Especially when a device only needs to connect to known infrastructure that you control, the risks can be largely mitigated e.g. with HSTS, disallowing non-HTTPS connections to prevent SSL stripping-type attacks, limiting the set of root CAs you recognize, etc. These are good steps to take even if the camera is on secured Wi-Fi, e.g. if the attack is from farther upstream, like a compromised AP or wireless router.
Pushing people to workarounds like setting up a wireless repeater that ultimately goes over an open Wi-Fi network anyway just provides a false sense of security for people who donāt really understand whatās going on.
There is a balance here. You can just raise a suitably concerning warning when a user selects open Wi-Fi, or require an opt-in to allow open Wi-Fi behind ādeveloper optionsā or similar.
1 Like
PSA: This is not secure against anyone who has half a clue about computers and can do a simple web search to get the other half.
Iām sorry, Iām not involved enough with the tech end to have that level of information about the discussion. 
While I do believe in security, I do not feel that companies should expect that all networks have a password. I am in the country, and I do not have a password on my Wifi. If I have to add a password to my WiFi, I will need to spend hours/days going to every device to set things up. For those who have passwords - Great - just donāt make it manditory.
I work with an organization who has campus-wide open WiFi which requires MAC address whitelisting for staff and trusted devices (connection permissions/bandwidth based on user/device), and requires landing page Ts & Cs acceptance etcā¦ for the public (crippled permissions/bandwidth). They use all pretty hard core Cisco gear and have been in operation for some years.
I was hoping to run a pilot to replace some of their security cameras with Wyze so as to save their IT team on camera and system maintenance while improving feature set. But, due to this āfeatureā I canāt even get out of the gate. I guess back to the DVR box and old school security cameras!
2 Likes
The simple solution is for Wyze to use a secure protocol, such as htts. Even if https wifi traffic is intercepted, the attacker would NOT be able to decode it.
This is why Google has been pushing for all websites to switch over to use https.
The chances of an attacker being able to decrypt an https stream is pretty much IMPOSSIBLE.
I would say this is a pretty good reason for Wyze to use https or similar, secure protocol, and allow public, unsecured wifi networks, such as McDonaldās to be used, to view oneās cameras.
I do have a mobile lte connection, but given that a camera stream uses about 1 megabyte every 5 seconds, on average, thatās about 12 cent / minute (assuming a cost of a penny per megabyte, which is what it is on the Google Fi plan).
This isnāt bad, but public wifiās are FREE, so 12 cents / minute versus FREE ā I would go with the FREE optionā¦
Just received several Wyze cameras that are useless to meā¦I donāt want or need a password on my router and will NOT reconfigure everything in the house to accommodate them. Had I known this was a requirement I would have purchased a different brand!
I just did a test, where I connected to a public wifi, optimumwifi, which is unsecured,
And I was able to view my Wyze camera feeds over it.
So the issue may not be due to the use of unsecured wifi.
What ports and transport types is Wyze using?
It may be that certain unsecured wifi networks disallow most ports and transports types, other than http and https, as a security measure.
If Wyze can auto-switch to using an https connection on such networks, that would resolve this issue.
Or simply use https all of the time.
I use my camera to secure my vacation house and notify me of motion or activity. I rely on the free wifi of the resort it is part of to connect to Internet. My Wyze cameras wonāt allow me to use this as a āsecurity featureā, which instead renders them unusable and my house unsecure. Can you please give me a check box override to ALLOW unauthenticated wifi access!?
For the recent posters on this thread: Please note that this topic is tagged āprobably-notā, which means it is very unlikely to change. That said, in case you didnāt see the 2nd post on this topic, you may want to scroll up there and see the workaround described.
Forget the āprobably notāā¦simply post the warning as a previous member suggested and allow users to use this function, as you did before.
1 Like
Why are we glosing over the fact that WPA isnāt providing much for security in the first place? To be āmore secureā they will probably add ethernet jacks and make you hard wire them in the next product rev.
Are they going to try to restrict which ISP you can use next? Nice cameras, helicopter parent company. Donāt want to give away the cameras, but I will.
1 Like
In my case - want to give away some cameras to relatives, but their wifi has no password, so itās useless to give away unless I can configure a guest account on their wifi.
2 Likes
Please please let us connect to networks with no password. Put a HUGE warningā¦ then put āARE YOU SURE??ā then get us to tick a box to say we take full responsibility, then cut our fingers and swear a blood oath. Seriouslyā¦ I use the cam in hotels for securuty and you cannot use it now with hotel authentication. Donāt make me swap brandsā¦ I have 5 of these. Currently using an older APK to get around the problem.
2 Likes