Require existing account to release camera before it can be set up on new account

Currently, if a camera is stolen, the thief can set up the camera to their own Wyze account. The owner of the camera then loses access to any cloud video clips currently stored. This would require that the current camera owner approve (release) the camera before it can be set up on a new account.

Absolutely. This is very necessary! At the very least, access to cloud recordings should be retained for the original account. That’s the minimum that needs to happen, otherwise someone with mal intent has every opportunity to rob you, then basically wipe the incriminating evidence that you’d expect to be able to access to remotely. To me, that’s a security flaw.

But overall, I think all of this needs to be implemented. It shouldn’t be possible to assign a camera to a new account without the original account’s permission, or first removing it from the original account.

3 Likes

Funny, was just setting up a Zmodo camera the other day - and was positively pleased that it could not be added until “owner” had released camera. Was going to see how/if Wyze is handling this issue, and see @Loki had alreasy addressed it TODAY :slight_smile:
Locking down a camera to an account is definitely something that is needed.

2 Likes

I ordered a zmodo camera years ago. It turned out to be a return. The previous owner registered but didn’t “release” it when it was returned.

The seller had no idea about the need to “release”. The owner couldn’t be contacted. I had to throw away the camera.

This is a bad idea.

Wait, there is no way to vote against?

1 Like

I appreciate this concern, but on these types of devices, it really is a security issue. Many similar devices work this way. Even iPhones do. If you’re buying something aftermarket, the onus is on you to be an informed consumer, and to make sure you know what you’re buying. You need to ask the right questions and make sure everything checks out. If someone sells you an unusable camera on an online marketplace like eBay, you’d deal with that through eBay’s customer service. If you buy it in person without checking it out first, I don’t even feel sorry for you, really. Haha.

It doesn’t make sense for Wyze to sacrifice the security of the customers who put money into their pockets (Those who buy their devices retail) for the sake of saving a few headaches for customers who DON’T put money into their pockets. (Those who buy their devices aftermarket.)

That being said, there are other potential ways to address this. If someone tries to set up a camera that’s already tied to another account, the app could send a notification to the account it currently belongs to. In most cases, this is probably all that’s necessary to solve the problem, since it would prompt the original account to take action. If someone knows they’ve sold their camera, it’s unlikely that they’ll refuse to release it, unless something shady has happened. (e.g. you bought a stolen camera)

That just leaves the possibility that the original account has been abandoned. If so, it would be easy for Wyze to see that no one has logged into the app for XX days, that data/events aren’t being generated on the account anymore, etc. If that’s the situation, they could trigger a “claim window” for the camera on the original account. If email and notifications fail to result in any response after a certain period of time, (Let’s say 2-4 weeks) then they could release the camera to be added to a new account after that time. (This should only be possible if the new account holder has physical possession of the camera, of course.)

I don’t think Wyze would have the responsibility to help aftermarket customers who have gotten screwed, but if they wanted to, a system could certainly be implemented.

5 Likes

Great idea.

If the seller sold you an item that was unusable, why not return it? Why throw it away?

It was a returned item. Only that person can release the previous installation lock.

Cost to ship the item back for refunds wasn’t worth it.

This is why I don’t like this software lock proposal.

Where did you buy it? Any reputable merchant or marketplace should cover you in the event that they sell you an unusable item, including return shipping. Even on something like eBay, if the seller refused to cover it, you’d just open up a formal dispute and eBay would withhold the funds from the seller. The seller is obviously the one at fault, not you.

Craigslist or a garage sale is about the only scenario in which I can imagine someone getting stuck in a situation like that.

1 Like

This is a cool idea. Hope Wyze will make this possible.

I can see how you would lose access to anything stored locally on the camera Sd card, but if it gets setup on another account how does that make you lose access to clips stored in the cloud.
Surely those clips in the cloud are protected with your username and password and can still be accessed after the camera is stolen and set up on another account.
How do you lose access to cloud stored clips supposedly protected with a password.

It used to be that if the camera was set up on a new account, the old account would lose access to the cloud recordings. They’ve now fixed this aspect of the issue. However, it’s may be preferable for a number of reasons not to allow the camera to connect to a new account in the first place, without the old account first releasing it. That’s not yet possible.

2 Likes

Wow that’s ridiculous, I didn’t realise they were initially set up so insecurely.
Regarding locking the camera to one account, why would that now matter, you would still lose all the recordings on the Sd card which is the main problem with having it stollen.
As I in see it, there are more urgent things that need fixing such as having the camera set the time from the router or at least stop the app asking every 7 days if I want to sync the time when in a different time zone.

Mainly because if it’s locked to your account, there wouldn’t be privacy issues if you wanted to look at the device’s history to see whether it connects to the internet again, for example. In most cases, it probably wouldn’t, but it seems like a better way to do it.

That’s the only reason I could think of but in order to reconnect it would need to stay in range of your wifi after being stolen which is extremely unlikely.
Also since the cameras are relatively inexpensive who really cares if they reconnect.

The only way this feature adds value would be if the Sd card was encrypted and could only be read with the camera connected to the account.
That way if it’s stolen your privacy is protected as the thief can’t look through all the recorded footage.
However turning the cameras off whilst at home is a more effective way to ensure privacy.

Locking the cameras to one account is just not worth the effort for the practically non existent benefit.

The videos in the cloud will still be available to you if your camera is stolen and set up on another account , the person that stole your camera has no access to any of your videos on on the cloud , I don’t think it’s necessary for this to be implemented

Exactly my point and especially since the time would be better spent adding missing features that should have been there from the start.
Seems like they have their priorities wrong.

1 Like

It has come to my attention that some really insufficient security meansures are presently being employed by Wyze and their devices, specifgically in regards to the cameras and any and all associated accounts.

Any sufficiently ‘smart’ device should employ ‘smart’ forward-thinking tactics, such as: requiring cams to be ‘released’ from an account once initially set up, but prior to being automatically being transferred automatically (to anyone with physical access tot he device), and then automatically removing all access from the previous (thieved) cam owner?

Mac addressed should be recorded and associated with accounts initially, but after that, requiring the device to first be designated as released, sold, retired, or no longer possessed.

Previous account access to a cam should NOT be revoked and removed simply due to the device being registered to a new account without first being designated as released, indicating a stolen device, or physical access to a particular device with nefarious intent. Presently I could walk up to any Wyze camera installed outdoors, reset, have access to and cause access to be revoked immediately from the legitimate, rightful device owners by using my phone’s hotspot as the local network to setup the new device on, and right there on the spot be complete with my ‘attack’. Huge security flaw imo, which should be addressed immediately for all devices, not just cameras (though they present some obvious security threats which may warrant prioritization on the Wyze fix-list).

Seems like the mac addresses should be saved to the cloud and not editable by account owners (though it wouldn’t hurt to display them for the account owner) and associated with a specific account until otherwise ‘released’ to the new owner, OR disabled in the device itself (possibly requiring Wyze intervention to release and correct the issue). I would immediately flag an account and temporarily disable the camera for having been set up on an initial account and then again on a new account without, first, having been released by the previous owner. There are some really basic and fundamental steps which could and probably SHOULD be employed already on, both, the devices, locally, and at Wyze, remotely, to protect consumers and increase device security. Anything less than the aforementioned is just negligence on Wyze’s part imo.

I would also suggest that a device be allowed to be designated as stolen and (possibly even) disabled locally on the stolen device semi-permanently and irreversibly, requiring Wyze intervention and assistance in resolving. Should be easy enough to prove device ownership via receipts/initial device setup. Heaven forbid someone sells a camera and forgets to designate it as released or sold first and the new owner has to get on the phone with Wyze to enable camera operation and association with
an account. Maybe send a notification to the previous owner alerting them and prompting them to either confirm or deny the legitimacy of the new device possession by others, this could fast-track the process getting the device back operational for the new device owners, get them new account association ability. or fast-track the disabling of a device designated as stolen in response to the attempted new account association.

Just require thing to be registered, explicitly associated, and require intervention by Wyze and/or confirmation in each step of the device transfer and setup process after the initial setup has been done and the device has been previously associated with an account. Send notifications to current account owners and encourage them to dictate device access or account access changes first before actually allowing device registration/account access/ownership/possession transfer/compromised physical access with nefarious intent.

Did you not read the previous posts.

According to folks on here, a thief doing what you suggest could not get access to clips stored in the cloud and could not revoke the owners access to these clips. They would still be accessed with the owners username and password.

Yes with physical access, a thief could prevent the owner from accessing the actual camera itself and SD card if fitted.

However having the camera locked to the owners account wont prevent this.

Even with the camera locked to the account, it would lose connection to the internet when the thief takes it out of range of the owners WiFi at which point the owner losses access to the locked camera as it can no longer connect to internet.

So very little benefit locking the cameras especially given how cheap they are.

1 Like

This is one reason here why locking down the cameras to an account is not so much of a good idea , but it’s just unnecessary anyway