Secure/hackability of cams on local network

Concern is that how secure is WYZE cams outside of the app to view?
They can only be viewed via the app and after one logs into their account true as far as we know.

But, can these cams be messed with or viewed outside of that app in anyway, on the local network level.
I have a user who has connected their cams to neighbors 2.4ghz wifi to use, user has onlya 802.11a 5ghz AP. (why, don’t ask))
I am concerned having cams setup on a network that is not under their control.

In my own testing, with scanner app and network viewers, the cams just show up as Generic devices with an IP address and MAC, and refuse any connections to them. But…is there anything more to them one could possible gain access to?

Maybe this support article would be helpful to you. :slight_smile:

I’d be more concerned about the neighbor finding out.

That does give some basic insight…thanks.
However, there is nothing in that article that mentions what or how the cam device it self show up as on local network, what ports and services may be visible to those folks who are technical enough to try and poke at it.

I recall some YT vids and some articles a few years ago where guy used WireShark and other sniffing tools to pull traffic and stats on these cams and reported on how they were talking to some shaddy China servers and other things…so there is some proof that these things (as do all IoT devices) are indeed visible and can be poked at on the network level, outside of the proprietary app, to some extent. Probably not able to acces the video or audio stream or take control of the cam…so that may be safe, assuming that encryption is not flawed and is string enough against someone who know what they are doing.

I recommend installing Fing (or something similar) on your phone and checking what ports are responding on the Wyze cam.

There’s a quote from Gene Spafford, " The only truly secure system is one that is powered off , cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." It’s like locking up your house the best you can. If the bad guys want your stuff, they’re going to find a way to break in.

My opinion is Wyze is doing their best to secure your data while connected across the internet. There have been many stout advocates of that with them in several instances while testing their products, and they have listened to us and responded favorably. However, while connecting inside a local network, that is up to the individual user to secure their network the best they can.

1 Like

One of the most popular (maybe the most, didn’t check) requests is for Wyze to develope a PC or web based viewer. If there were a way to access the video stream locally someone would have done it by now.

Yea. That would be easy and nice.
A way to do it is to use an Android Emulator like BlueStacks.
I have that installed and the WYZE app shows as if it is a regular app on my PC and I can just open the app and see the cams on my PC that way.
Also, Chromebooks, i can install Android apps so u can use WYZE on those.

I am complementing dropping a small fortune to switch over to Ubiquiti Unifi cams, which are wired and POE. but, they do no have the feature to just 'Turn off" each cam in the app, like WYZE does. I really like that as I don’t want the cams on while I am at home. I only use them to monitor things when I am away.

I have MEMU Android emulator installed on my Windows PC. I’ve found it to be more stable than BlueStacks.

1 Like

Can’t talk about it. Notional security. :sunglasses:

My cameras are uploading to an ip that resolved to Mar-A-Lago :man_shrugging:

2 Likes

Swarm!

Are the any people outside the Wyze Cam group that are working on security flaws?
I assume they’ve got a crack team, but I’m sure that outside pen testing would be welcomed given the bug report system, etc.
Just curious if anyone is publishing or if this is an appropriate place to share hacking vulnerabilities.
Might be a good time to start mapping the potential inroads or holes that need to be plugged, as with any network system, to ensure security.
Access to the cameras physically would allow someone to flash a firmware of their choosing that could route traffic anywhere, potential masking as Wyze app, possibly as Tiny Cam as been able to reverse the auth protocoenmasse. l and “non-public” API (read unpublished), and get cam streams into the app.
Again, open official Wyze feedback, and otherwise.
Edit: Also understand the official Wyze stance on ensuring that the cameras, unadulterated, communicate with the phone apps, and cloud storage in a super safe and secure manner is paramount to the unlikelihood of physically altering every camera sold by Wyze. But also consider physical person-in-the-middle logistics hacks that we saw with crypto wallets or U2F being sold via 3rd party that had been comprised en masse. Given the right incentive…

Hey robert

I’ll defer to… well, anyone else… on those questions. As to appropriate place, I know there’s a Wyze reddit group where they juggle the acronyms with (seeming) ease.

I know a little and infer a lot. As long as I don’t forget that fact I get along ok. :wink:

1 Like

Interesting article.

There are a lot of vague statements dressed up to sound like facts in that article.

For instance, when it says “it’s security camera systems which are the most hacked IoT devices” they are talking about some early models that people set up as baby monitors and never changed the default password.

I would classify the “article” as click-bait.

Is the WYZE live and playback video stream Peer to Peer?
Meaning that nothing is connected to or stored on any WYZE or otherwise servers (excluding the 12sec cloud stored clips wich i think is stored on AWS).

There’s some good info in this article:

Security and Privacy

Hi Rex, I don’t have the chops to endorse or dismiss this piece:

https://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-internet-of-things/

but it does go beyond click-bait, I think. :slight_smile: