Meaning of end to end encryption?

support

#1

I was trying to parse the Wyze statement to understand who can theoretically view the cloud stored files:

“We take our customers’ data safety very seriously. The communication between your mobile device, the Wyze Cam, and the AWS Cloud Server is made via https (Transport Layer Security (TLS)). We used symmetric and asymmetric encryption, hashing and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the data. Even if a hacker intercepts the data package, the data cannot be decrypted”

This doesn’t say whether the stored files are only viewable by the camera owner. Its mostly talking about how content is secure between the server and the client (in transit).

Since multiple (authorized) users can decrypt the cloud files, I conclude that the key needed for decryption is stored in a Wyze database and transferred to authorized users for their replay.

But this would imply that anyone with access to the Wyze managed server(s) or their backups can decrypt and decode the files stored in AWS (given access to those files as well).

If the servers are on US soil (users may not like it stored elsewhere), presumably that means the stored info can be accessed by court order.

I’m not saying this is wrong or devious in any way… But, in an ideal world somehow the file images and sound really could not be viewed by anyone except the owner. But this would mandate keeping the decryption key only with the owner so the file data is opaque and that is difficult to reliably accomplish and share.

Please correct me if this interpretation is wrong.

Thank You


#2

The cloud video files are stored on Wyze AWS S3 account. All files are stored within US. We rely on AWS to protect data on server end. Authorized clients can acquire access tokens after authentication hand shake. After that the user can download the file via HTTPS protocol. We don’t have extra file data encryption on top of HTTPS.

Another thing I want to mention is that the access token has an expiration time. After a certain time the token can’t download the file anymore. This is an extra level of data protection. Hope that helps!