Cve-2021-32934

There was a post about a very serious security concern but the title needed more clarity to be noticed.

Wyze Staff needs to address this issue

Please see this post Cve-2021-32934

Wonder when Wyze will comment on this security issue?

ANY data transferred over the internet is subject to hacking.

1 Like

True but that’s like saying any lock can be broken or any person defeated or any food overeaten. This is about a specific identified vulnerability that may or may not apply to us Wyze users.

1 Like

And Wyze staff has failed to even comment on this subject, and it was flagged for their attention…
Just Crickets…

2 Likes

Hey @bryonhu … Man, you’ve been a member (almost) since Wyze’ inception! :slight_smile:

In the past, when you’ve flagged a topic for staff attention have you received either a public or personal response? I haven’t done it for years but I often received a private message, I think.

FYI, as discussed in another topic:

In the past back when they were only a camera producer only, V1. V2, and Pan Cam they were more responsive and addressed issues that were directed to Wyze Staff.

Since they went crazy on new products releases they do seem far less responsive to questions/issues directed to Wyze Staff. Guess they are to busy working on the Wyze WiFi-Bluetooth Toilet to answer us on a Critical Security Concern.

Maybe they know it is a issue and won’t address it until they have a solution, rather than reveal to the Interwebz that they are vulnerable. But their Lack of Response tells me they are vulnerable in my opinion.

2 Likes

I throw in valuable factoid keying off single word:

  • Roaches can hold their breath underwater for 30-40 minutes.

I don’t know what Wyze can do about that, but there it is.

I now have sent a DM to WyzeGwendolyn hopefully she will answer back on this, fingers crossed…

1 Like

Great, hope that helps, and hope it’s nothing in the end.

Apparently NOT, Question was posed in the WyzeGwendolyn post Wyze App 2.23 and Wyze Sense Hub 4.32.4.295 Released - 8/4/21 And she replied to other question about Geo-Location.

But Just the Same CRICKETS in response to this.

Radio silence in the face of reasonable and persistent inquiry. Could be a legal or liability issue constraining them. Who knows. :man_shrugging:

It all depends on the SDK that they are utilizing.

Gee really Captain Obvious…LOL

We already know this and would like Wyze Staff to reply whether they are or are not using ThroughTek’s P2P Software Development Kit (SDK)

But since they don’t want to respond to many inquirers one must assume that they are using that SDK and avoiding the question.

No need to be a jerk about it…especially because I didn’t really state something that is “so obvious” everyone would know that off the top of their head.

Even if Wyze is still using it, it can easily be secured. See this excerpt from the CISA advisory:

4. MITIGATIONS

ThroughTek recommends original equipment manufacturers to implement the following mitigations:

  • If SDK is Version 3.1.10 and above, enable authkey and DTLS.
  • If SDK is any version prior to 3.1.10, upgrade library to v3.3.1.0 or v3.4.2.0 and enable authkey/DTLS.

See here for the full advisory: ThroughTek P2P SDK | CISA

1 Like

And they’ve had 3 months and yet are silent about it. :frowning:

The last time people had concerns about TUTK Wyze was very quick to address them, so this is a bit surprising.

1 Like

Anyone whom followed and read the original posts and links would know about the SDK :stuck_out_tongue_winking_eye:

Wyze is using the vulnerable SDK and that’s why we get ZERO response from Wyze.

Glad All my cameras are outside, and in barn.
No cameras in living areas of home.

Shame on Wyze for not fixing this vulnerability in all their cameras :rage:

2 Likes

The possums, raccoons and cats around here will be happy to know they are internet influencers. I hope they don’t ask for a raise. :moneybag:

1 Like

Well who cares,only people that are doing bad stuff must hide…who gives a [bleep]
let’s just hope that all cameras are working.

MOD NOTE: Post edited to conform to the Community Guidelines.