Camera sharing serious security permission flaw

So the cameras can be shared and person with whom the camera is shared cannot view the recorded data as that feature is disabled by defaultfor security purposes, ok we know that already. Then why that very same person is able to turn the camera on/off in the app, thus disabling the cameras ability to stream live view and record?
Yes, one can unplug it just for that purpose, but if that person is not at the location, their actions can be performed in malicious act. It is much easier to disable the cameras via app than unplugging them and this is a serious security flaw. Update the shared users permissions to disallow shared users being able to turn camera off.

13 Likes

Huh? Can’t the next app user just turn them on again when he or she wants to *stream live view"?

I totally agree we currently have over 44 cameras at remote sites the new firmware needs to have the power on/off be removed from the share option

6 Likes

True, but your missing the point here. Someone can turn it back on, that say for example the primary user or other responsible party would have to open the app and try to view the turned off cam in question. This may not happen as soon as the cam is turned off and there is no notification of any kind to alert to the main account holder that cam was turned off by someone.

6 Likes

Yes, and I can see that’s an issue for recording or motion detection. I’m just saying it’s not really an issue for live view at all.

Well, you have your own opinion on this issue and I do not agree with you on that.

1 Like

In my opinion, a share user should have no capability to do anything except watch live video. They should not have the ability to make any config changes at all. Been that way since the cameras cam out and needs to get changed.
Now granted, that most likely we would not b sharing a camera with someone we don’t trust, so I’m not overly worried about a shared user intentionally changing config, but accidents happen.

16 Likes

I agree 100% thanks

3 Likes

If you’ve granted permission for someone to view your cameras and your system and they are doing malicious things perhaps you’ve had an error in judgment in who you allowed to have access to your cameras?

3 Likes

When you’ll give your kid keys to your car and he/she will get involved in accident or something else cruising with friends, then is it going to be an accident or error in judgement on your part ?

3 Likes

Not even close to an appropriate analogy, but give access to your private life to whomever you chose. Just don’t say it’s a security issue with the App when it goes bad. Be your own best security guard.

1 Like

It’s not a judgement error but teenage adolescence. Some kids are more unruly than others but you love them because their your children and want to keep them safe. Access to the cameras for security purposes restrict their ability to control camera a safety issue.

If you’re a parent then you understand. If you’re a child you don’t understand.

If I may chime in, security is usually paramount in these situations. Sometimes it is for the benefit of the child if they not have access to functions where they would be tempted to disable them. I understand both sides, but perhaps there is a compromise, for instance, not sharing “ALL” devices, just some. Also, if there are areas that you would like available to the teen but worried about mischief or accidental disablement, perhaps a dual camera setup is appropriate, one they can view and control, and one they can’t disable so you’re not blind to that area. I know it costs a little extra, but a little extra $$ in just a few areas is worth reinforcing the safety and security of one’s child right?

2 Likes

Matthew Hernandez
This is the current structure for sharing. It doesn’t seem like sharing more like giving away your rights.

When sharing please give us the option to share or not share certain attributes of the device.

Shared users will be able to:
View the Live Stream and Event Videos. Record a Live Stream.
Turn on and off Notifications.
Create Rules, Schedules and Automations. Move Wyze Cam Pan devices.
Enable and disable Motion Tracking.
Use the Sound, Speak, and Take Photo tools.
Turn on and off the device.
Turn on and off Night Vision.
View the Device Info.
Remove the device from their Wyze app.

Shared users are NOT able to:
Share a device shared with them.
Rename a device shared with them. Change the Detection Settings or Alarm Settings.
View microSD card footage.

4 Likes

I agree. “Sharing” is used very generic way. I really don’t disagree @ all. But I wonder if the team who develops the app can get into rights management without some additional liability when things get hacked. They may not be willing to split those rights and totally leave users on the hook whether they trust someone almost completely with the devices or not. Without rights management, you will never please both crowds. If Wyze changed it so that shared users could only view, use speak, sound, & photo - it wouldn’t be a day before someone complained how stupid it is that shared CAMS can’t do anything. Now, What Wyze could do is create Two or 3 prepackage security profiles for us to assign a shared user, basic, advanced, and admin function - that would resolve most issues I believe.

2 Likes

Thank you for pointing out this flaw. You are 100% correct! I’m confident Wyze staff @WyzeGwendolyn will filter out nonsense arguments against this and get it changed.

What are you talking about. It is not a flaw at all. It is working exactly as Wyze designed it to work. You would simply prefer (with good reason) that it work differently. What nonsense arguments?

2 Likes

This will take us way off topic but why does Wyze do beta testing?

No one is perfect but One. Everything else is flawed. If it works the way they designed it then they wanted it that way. Yes you are right.

To give us something to do.

I am not sure what you are saying but will assume you’re referring to some pretend invisible friend. It is not remotely possible Wyze wasn’t aware of the features it was exposing through the sharing functionality for 3 years. They do not view the features as a flaw.

And of course they do beta testing to avoid problems and increase customer satisfaction, why else?

Point taken, people suspected of malicious intenet should never be given any access to cams! But there are accidents and casual sharing to consider:

  1. Casual sharing of a cam or two of a bird feeder, osprey nest, garden plants, tide levels, etc. I’m not overly concerned who sees the cam feed, but I don’t anyone to have the ability to muck it up for everyone else. Think back to the very first web cam ever.
  1. I freely admit to hitting the wrong keys at times. I would actually prefer that the cam on/off switch be a bit more hidden because I’ve accidentally turned on cams without realizing it - which really messes up continuous recording!

This :point_up:

1 Like