No security for sd cards?!

We recently had two of the cameras stolen that had SD cards in them. I learned today from Wyze technical support that those SD cards can be removed from the cameras, plugged into a PC and their contents seen by anyone!!

The contents of the SD cards are not even encrypted or password protected!

There is no way to lock the SD card to the camera so that if it is removed it cannot be read!

There is no way to set a reformat remotely so that if the camera is plugged in and use attempted the SD card will be instantly reformatted should it be in the camera!

This is a strikingly severe lack of security in this system and should be addressed instantly as The top priority!!

It would be nice but is far from a top priority. The cameras are already underpowered for the other things they have to do. If you’re concerned then I would suggest not using SD cards in them. But I doubt the “cloud” videos are encrypted at rest either.

The Top Priority at Wyze seems to be rush products to market before reliability/ruggedness testing is complete.

I’m not a programmer, but how hard would it be to add a few lines of code that encrypt the card behind a password?

1 Like

Well then you have to also be able to read the card somehow after you remove it from the camera. Personally I prefer how it is now, wide open and you can just play your videos on your PC. Otherwise, done properly with key and/or certificate management the data would be forever locked to that particular camera. You would need special software to read or decrypt the video. There is management and revocation and key strength to worry about. It is not trivial.

If someone steals an indoor camera then they were already in your house. If someone steals an outdoor camera then they were outside your house. If they were inside, your privacy was already invaded and they could have easily taken your other property, still photos, etc. If they were outside then all the video on the card would have been public activity (typically). I personally don’t see a great need for what you are requesting but I’m sure others would agree with you.

2 Likes

Correct to say if someone was in your house your privacy has been invaded…n having an SD card stolen is further invasion/damage.

A camera outside your home taking video is also private if it is taking shots of your property and activities going on there.

Again, I’m not a programmer but I do see it IS possible to decrypt an SD card in a different device from which it was encrypted in.

Reference discusses this topic re cell phones

From what I understand, the micro sd card in the WCO only stores footage recorded in travel mode. When the camera is not in travel mode, footage is transferred to the base station (presumably locked in your home). If you never intend to use the WCO in travel mode, you don’t need to buy a micro sd card for it, only the one for the base station. Having said that…

  1. If someone steals the base station or V2 cams out of your home, then they’ll have the footage on the installed micro sd card. My view is encryption would be nice, but probably isn’t worth it from a business standpoint for Wyze at this point.

  2. If you’re using V2 cams as outdoor security cams, I already know what Wyze is going to tell you.

  3. It’ll be interesting to see if they add encryption for the V3 cams. These new V3 cams are rated for outdoor use, will be used for their security service, and have more processing power onboard the device. I’d be very disappointed if Wyze comes out the gate with V3 “security” cameras and unencrypted micro sd cards.

1 Like

Nope. I read your link. The first two methods require access to the original phone to either decrypt the card or extract the password. The third method just loses all the data and reformats the card. That is a dead end. As I said this is not a simple, trivial undertaking at all.

Yes I guess such is the truth. It is highly unlikely that someone interested in grabbing the camera would take the time to remove the SD card and leave the camera.

Again not knowing much about these things, I thought that perhaps public key to the encryption would remain on the camera in the private key to unlock the data would reside with the user