DE authentication Attack

Yes and no. :wink:

1 Like

I suggest you get a decent WiFi monitor App for your cellphone (such as Wifiman). When you have another day like your Oct 17th “attack”, monitor your WiFi signals (as well as the WiFi signals picked up at your location. Compare the signals near/at your problematic camera AND against the locations of you ‘good’ and not affected cameras. You should be able to see conflicts and/or jamming, then go from there. Having many users on the came channel from 1-14 for 2.4Ghz should not be a problem as nearly all WiFi devices will individually change their transmission/reception to go around and between conflicts (sort of like a ballon can change it’s shape). You can discover this by adding other WiFi units and changing their relative locations and their operating channels as you monitor the WiFi signals with your cellphone. For example, I have a Gateway running inches away from my Eero Router and have 3 active channels using 2 seperate SSID/Network names. They are able to reach different areas of the Eero Mesh beacons AND things like Laptops and Ring Devices. I have 5Ghz WiFi from the Eero mesh in every room in our 2,300 sqft 2-story home. I discovered that the WiFi signals are able to ‘punch’ thru , around, and between one another.

So, back to your issue, I suspect that one of the following might be happening: 1) someone playing around with a WiFi jammer <some theives use them to get around WiFi networked camera systems OR just to be a jerk,>, 2) someone close by has those ‘cheap’ chinese clone cellphones from China (you can see them on Ebay and I hear that people can get the latest cloned copies of Iphones/Androids at most every street corner for around $50 US or less for 1year or older copied models. The tip of of these are if you watch OTA brodcast tv, you will get bursts of modulated crap on your tv and/or sound loss. These phones are illegal because a) they have No SAR rating so are often transmiting way over FCC power limits and b) they have sloppy frequency tolerances and have harmonics transmitting+ sloppy sideband interference + could fry the user’s brain over time.

How do I know this stuff …because I have a wonderful neighbor that frequents China and have seen their phone and lived with the interferences to our tvs and dropped WiFi connections between the Gateway, printer, laptops. Could NOT get FCC to investigate… the hot line is manned by an incompetent person …another long story here.

If after you survey your Wifi signals with your phone, suggest you check out a 3 station Eero Mesh - you can get them direct OR thru Amazon. There are other actions you can take too. Too much to go over here. Good luck, hope this helps.

Good suggestions and thanks for your reply. I am now using multiple tools to detect these DE-authentication attacks. Since following someone outside that walked up and down my driveway to literally look at my 2 cameras mounted outdoors, I have seen a 99% decrease in the amount of attacks. (Now I know which physical direction to focus future efforts and the person I followed knows it!) In fact, the deauths are happening so infrequently (and only on one camera) that I now suspect what I am seeing is likely camera or wifi hiccups and not an attack.

There is no doubt that I was being attacked. I have screen shots and MAC addresses and plenty of proof. One of the tools I purchased allows me to perform this exact same attack on any device it can see. Two clicks and BAM that device is booted from its AP. Or two different clicks and BAM every device connected to an AP is booted from the access point. I have not and will not use this tool against anyone without their permission. However, I have used it against my own devices and all of the monitoring I now have in place looks exactly the same as when others were deauthenting my cams from my AP.

I have learned a good deal about WiFi and WPA2. I have more to learn, but I’m way ahead of where I was when I started this thread. As far as your idea to look at the signal strength of various wifi networks at the cam being attacked and comparing those networks/signal strength to other cams (not being attacked); unfortunately that is not going to get me anywhere. Reason being, the deauth attack is sent to the Access Point not to the camera.

With that said, I now have tools that are constantly sniffing the air. It’s really scary how much you can learn about someone just by looking at all of the MAC addresses tied to their AP. Yes, anyone can find that information with the right know how and tool(s).

As previously mentioned, there is not a darn thing that can be done to stop these attacks as there is a HUGE very well known hole in WPA2 wifi security. WPA2 was ratified way back in 2004 and is still the primary standard used today by far to many vendors! Until vendors get off of there hind end and patch up these known holes by using well established NEW standards and fixes, anyone living in a densely populated area can look forward to experiencing this attack at some point.

As far as penalties for getting caught are concerned. Good luck proving it wasn’t the 12 year old living in that particular household that did it. Furthermore, this attack is so common and so easy to perform, I suspect the FCC has given up trying to enforce the law. Just like so many of our laws, but I digress.

The fact is WPA2 is a freaking joke in 2021 and everyone that has done any homework knows it. For instance, how many people do you know still running Windows XP? Yes, that was the “modern” / “secure” OS in 2004. Why are we still using the same wifi security standards that came out WAY back then?

Come on WYZE, take the lead in this IoT realm and support newer wireless standards.

Agreed. Only Wyze and all the other surveillance camera systems are small potatoes compared to the security holes in major US private, commercial, and government areas open to Cyber security attacks & Hackers with intent to do harm, which continue fall further further behind, as technology and electronics continue to advancing forward.

| Known1
October 27 |

  • | - |

Good suggestions and thanks for your reply. I am now using multiple tools to detect these DE-authentication attacks. Since following someone outside that walked up and down my driveway to literally look at my 2 cameras mounted outdoors, I have seen a 99% decrease in the amount of attacks. (Now I know which physical direction to focus future efforts and the person I followed knows it!) In fact, the deauths are happening so infrequently (and only on one camera) that I now suspect what I am seeing is likely camera or wifi hiccups and not an attack.

There is no doubt that I was being attacked. I have screen shots and MAC addresses and plenty of proof. One of the tools I purchased allows me to perform this exact same attack on any device it can see. Two clicks and BAM that device is booted from its AP. Or two different clicks and BAM every device connected to an AP is booted from the access point. I have not and will not use this tool against anyone without their permission. However, I have used it against my own devices and all of the monitoring I now have in place looks exactly the same as when others were deauthenting my cams from my AP.

I have learned a good deal about WiFi and WPA2. I have more to learn, but I’m way ahead of where I was when I started this thread. As far as your idea to look at the signal strength of various wifi networks at the cam being attacked and comparing those networks/signal strength to other cams (not being attacked); unfortunately that is not going to get me anywhere. Reason being, the deauth attack is sent to the Access Point not to the camera.

With that said, I now have tools that are constantly sniffing the air. It’s really scary how much you can learn about someone just by looking at all of the MAC addresses tied to their AP. Yes, anyone can find that information with the right know how and tool(s).

As previously mentioned, there is not a darn thing that can be done to stop these attacks as there is a HUGE very well known hole in WPA2 wifi security. WPA2 was ratified way back in 2004 and is still the primary standard used today by far to many vendors! Until vendors get off of there hind end and patch up these known holes by using well established NEW standards and fixes, anyone living in a densely populated area can look forward to experiencing this attack at some point.

As far as penalties for getting caught are concerned. Good luck proving it wasn’t the 12 year old living in that particular household that did it. Furthermore, this attack is so common and so easy to perform, I suspect the FCC has given up trying to enforce the law. Just like so many of our laws, but I digress.

The fact is WPA2 is a freaking joke in 2021 and everyone that has done any homework knows it. For instance, how many people do you know still running Windows XP? Yes, that was the “modern” / “secure” OS in 2004. Why are we still using the same wifi security standards that came out WAY back then?

Come on WYZE, take the lead in this IoT realm and support newer wireless standards.

1 Like

So what cameras do I use to replace the Wyze system to avoid this issue?

In my opinion, your best bet is to buy an access point / wireless router and IoT devices that support WPA3 instead of just WPA2. I am not aware of any IoT vendors that support WPA3.

Then there is the VERY best option. Don’t use WiFi and buy IoT devices that can be hard wired with Ethernet cables. This isn’t an easy option for most (myself included), but it is by far the most secure.

I’m going to investigate hard wired units for indoors.
Then, of course, a thief walks up and cuts the cable line to the house.
Thanks for the reply.

I have a combo of video devices (2 Rings, 6 V3s, a Lorex 4k DVR -analog system, a Qsee 4K DVR - analog system, and old Zmodo 550 TVL DVR <for quick scan of 8+ hour activities and to get time of Events that look suspicious. All the DVR systems are standalone - not accessable thru the Internet/network with on board HDD storage. Most of the camera have view of of other cameras so they can record any people/animals that get close to them.

ALL cameras and systems are on UPS units so they will continue to record activity should there be a power loss (whether natural or man-made). The non-DVR cameras: Ring Doorbell+StickUp and the V3s are all remotely accessible. Ring is useless if there is powerloss OR loss of the ISP - V3s are only down if there is Power loss as the individual MicroSDs can continue to record without network connections + you can access the V3s if your WiFi is still active (so we’ve got our Gateway + WiFi mesh also on UPS units.

Some things I would have changed if I had to start new:

  1. use NVR wired systems (these are use digital cameras and wire POE compliant ethernet cables from inside to outside thru your attic, crewlspace, chiminey, roof pipe vents for your plumbing, or worst case thru your wall). Select a NVR unit that can support future devices (beyond 4K) and select from units that have the highest FPS (Frame Per Second) in Low Light Conditions that you can afford. That way, you can just swap out cameras as more affordable 4K, 8K, and etc cams reach the consumer market. Those units often can also support LPR (License Plate Recognition) cameras to capture the license plates of vehicles as they drive by during the day and night. If I were to add up all the NVR systems I purchased since 2012, I could have spent that money getting a high end NVR system!
  2. keep an eye on your total data bandwidth usage from any cameras/systems that will be on your Network (wired or wireless). Ring, for example has about 4-5 threads of stuff that is sent and received when it is triggered OR receiving an automatic update …compared… to V3s which seem to be frugal on bandwidth hogging. I notice the one Ring device uses approximately the same as 2 to 3 V3s. So not only are the V3s at a costs advantage and have local microSD storage, it doesn’t not eat away at your total bandwidth (also results in less data usage if your a data limited ISP plan). Plus there’s the option for the experimenters to replace the firmware to use RTSP which I don’t believe Ring does or will.

==> NOW, being in California there’s:

  1. “kids” up to their 30s who will target and mess around with homes that have cameras …use it as bragging rights …sometimes look directly at cameras and smile because of the who Law Enforcement “issues” in CA + the ‘activist’. Bottomline: some criminal don’t care if they and their vehicles are recorded, they get arrested and are often released within a few hours or less.
  2. There just are not any affordable cameras or camera systems that have WDR (Wide Dynamic Range) - simply the signal processing circuitry, firmware, and technology to miniaturize and provide good night vision. The V3 is probably one of the best BUT because of it’s low light sensitivity, just a little environmental light (LED, Incandescent, fluorescent, IR, & etc) that is pointed towards the camera, will blow-out (overexpose and white out) a wide area of where the light is coming from. It’s the same problem that for film and digital cameras have had for yours and minimized by changine ISO, saturation, aperture, and other settings depending on type of camera). You would need pro video cameras to further improve the V3 and the industry is not there yet from a cost perspective.

P.S. If you do plan on upgrading or getting a NVR system, your better off selecting the NVR unit first and get 1 or 2 cameras to try them out. Once your are satisfied with a digital camera with your System, then you can add more cameras as needed + upgrade them or try others such as a PTZ camera. The worst thing to do is to buy a Camera system (NVR or DVR) that comes with 4, 8, or 16 cameras …then find in a few years there’s better cameras that are not compatible with your system - this is what happened to me.

Hope this helps someone a little …bugging out for awhile. Enjoy!

1 Like

Nice post. Just one point…

The implications are very different in talking about local vs. Internet bandwidth, and it’s not clear which you really mean. The Wyzecams (and other P2P cameras) use no Internet bandwidth to transmit live video, so the only impact is on your local wireless network.

You’re kidding right? :rofl: :rofl: :rofl: :rofl: :rofl: :rofl:

I have a dedicated cellular router on my Wyze Cams and VOIP which is rarely used.
Here are my data usage statistics for September and October to date.

September I only had my 16 V3’s on CamPlus - October i put all cams on CamPlus 16 V3’s, 7 V2’s, and 1 pan-Cam

September usage 16 V3’s Only on CamPlus
32.10 GB Downloaded
100.68 GB Uploaded
132.78 GB Total Data used for month

October (to 10-28) usage 16 V3’s, 7 V2’s and 1 V1 Pan-Cam all on CamPlus
33.78 GB Downloaded
156.94 GB Uploaded
190.72 GB Total Data used to October 28th 15:48

Screen shot from Cellular router below:

I have a separate cellular router & services for Home equipment like smart TV’s, Laptops, etc,
And a separate cellular router on company network (Private APN) for home office.

I am a Telecommunications engineer so I get True Unlimited data on all 3 cell modems/routers from all 3 major carriers (AT&T, Verizon, and T-Mobile)

Between all 3 routers/networks I consume between 400 GB to 1 TB per month depending on work and entertainment, I eat data like a piggy :pig:

1 Like

With 16 cameras on CamPlus, that comes out to about an average of 8MB per camera per hour - which is not really all that much for something that is sending video any time it is detecting anything. Obviously that will very massively depending on what that camera is looking at.
I know that I have about 30 cameras on RTSP and run about 16 - 18 Mb/s continuously - which comes out to a little under a quarter GB per camera per hour on average… That is a total of all traffic coming from my IoT LAN, so that is CamPlus + RTSP + a few other minor things.
And yes, I know that what is being sent to Wyze CamPlus and what is being sent to my BlueIris server is not exactly an apples to apples comparison.

Then look at my weak signal strength through 7 miles of pine trees and I feel lucky to even get any data…LOL

I have Eero mesh WiFi, it gives a daily & weekly stats on Download Data, Upload Data, Scans, and threat blocks for every device connected. It is great at monitoring usage and logging any device that connects or tries to connect into my mesh Wifi which is my high speed network vs my snail speed Gateway 2.4 WiFi basically used for our printer.

My Ring Doorbell took Ring 2nd level support 3 years to finally fix a problem that was due to my Gateway disconnecting after 2 to 3 seconds the six upstream data streams that Ring uses. My gateway has numerous firewalls built-in to prevent “unknown data streams” from going to or from the modem portion. The fix was to create Port forwarding exception rules to send the 6 streams to the Ring Cloud/Server each stream used UDP, TCP, or both UDP+TCP Protocols. If you have lots of time, you should be able to search the RING support Blog and find out more details. What and how they are used is not described, but it has been documented for use by other 2nd level support people should the have Customers using modems (or Gateways) with similar issues that I had with my fairly new modem.

Also, be aware that the amount of video streamed data is highly dependent on the amount of movement being captured by your camera. You can prove it yourself by ‘saving’ a 1 minute video clip to your phone of a V3 recording with very little movement …such as a cat walking by. Then save another 1 minute clip of a video of many vehicles travelling by on a freeway. You will see that the size of the two 1 minute clips can be vastly different.

So back to the comparisons of a Ring versus a V3 cam, over a 12 or 24 hour period of “low” activity (e.g. little or no motion events), the Ring activity is greater than the V3s>. In my case I have 2 Rings (a doorbell and one in a garage. The V3s are inside leaning against windows pointing out the N,S,E, and W sides of the house. One V3 cam is pointed to the front where there is about a regular 24/7 Events every hour or more <got strange neighbors, one with typically 5 to 7 vehicles going leaving and coming, another house that has 2 vehicles that go in/out at least every 2 hours, and the others have normal activities and none at night, the 2nd V3 is out the back pointing at the road up the hills it is busy during peak times during the day, sunset, sundown, and night people, the other 2 V3s point South and North, one has very few Events and the other only if the winds is able to blow the tree limbs.

So, from all that I’v3 seen, those Rings are doing something quite often …I assume it’s downloading “updates” and uploading "logs, perf data, or keeping watch??? - your guess is as good as any! I have NOT seen that much activity with the V3s. Most people don’t care, we’re cheap and on a metered plan, we do not streamed broadcasts, play games, or most of the other stuff our neighbors do. So, I try to watch our ISP data usage. For us, an occasional Zoom twice a week is a big deal!

Gee, this is why I don’t like social media …always get flak. I’m out & done with this topic.
EmojiEmojiEmojiEmojiEmojiEmoji

| bryonhu
October 28 |

  • | - |

SanJose_Scrooge:

V3s which seem to be frugal on bandwidth hogging.

You’re kidding right? :rofl::rofl::rofl::rofl::rofl::rofl:

I have a dedicated cellular router on my Wyze Cams and VOIP which is rarely used.
Here are my data usage statistics for September and October to date.

September I only had my 16 V3’s on CamPlus - October i put all cams on CamPlus 16 V3’s, 7 V2’s, and 1 pan-Cam

September usage 16 V3’s Only on CamPlus
32.10 GB Downloaded
100.68 GB Uploaded
132.78 GB Total Data used for month

October (to 10-28) usage 16 V3’s, 7 V2’s and 1 V1 Pan-Cam all on CamPlus
33.78 GB Downloaded
156.94 GB Uploaded
190.72 GB Total Data used to October 28th 15:48

Screen shot from Cellular router below:

Wyze Cam usage

I have a separate cellular router & services for Home equipment like smart TV’s, Laptops, etc,
And a separate cellular router on company network for home office.

I am a Telecommunications engineer so I get True Unlimited data on all 3 cell modems/routers from all 3 major carriers (AT&T, Verizon, and T-Mobile)

What flak? He or she said that his or her impression and experience of V3 bandwidth usage was very different than yours, to the point that it seemed funny. It was entirely good natured in my perception…

SanJose_Scrooge is his name and you know how Scrooge’s can be, I took no offense to his remarks.
And intended no offense to Mr. Scrooge Bah-Humbug :smiley:

For some of us I consider that amount of data usage to be large, but then again I’m not on Fiber, Cable, or City Folk Broadband…

You’re dong well then.

I’m in the Los Angeles metro area, but DSL was the best I could get for many years. Cable became available maybe 10 years ago, but I did not get it until about three and a half years ago. That gave me about 120Mb/s down and 12Mb/s up. About a year later that got upgraded to about 240 / 12.5. A month ago, I got fiber to the house. It’s a little faster now :slight_smile:


I think I can live with just under a gigabit up and down! OK, I’m spoiled now…
I turned off the DSL. Still have the cable, but that is now my backup.

1 Like

Nice! I’m curious, what is your monthly recurring cost for the gigabit fiber connection? Also, any up/downstream limits with your service? Meaning, can you only upload and download so many Gigabytes per month?

I’m on the Elon Musk - Starlink waiting list and estimated installation is late 2022 to early 2023.
Then I will get better speeds but nothing like your fiber.

But for now I can live with 3 cellular routers as it does do the job, even with the low dBm signal and all 3 are on 3 separate LTE MIMO Yagi’s just to get that -99dBm or worse signal…

The Gig fiber is about $70 per month (I don’t remember the exact amount) from Frontier. I don’t have limits on data.

I’m waiting on StarLink mobile service. They’re not even taking deposits on that - last I checked…
That will go into my truck for when I’m away, and be able to serve as a backup when I’m home.

Guess I was lucky then getting my deposit in at beginning of this year for a reserved spot on Starlink then.