Security concern

wyze-cam

#1

Got my Wyze Cam v2 last week and set it up with my phone. My nanny also connected to my wifi created her own account and was able to connect to the camera. Now she can be at home and can connect to the camera over the Internet. Isn’t this a security loophole? Shouldn’t a camera be tied to one account and at least ask for username and password before it lets anyone connect to it? Am I missing something? I can see how this could be easily exploited. Thinking of returning this thing.


#2

You meant your nanny added your camera to her account by scanning the QR code etc ?


#3

@amangb… Please clarify what happened, because nobody should be able to access your camera unless they have your Wyze account username and password, or if you shared the camera to their separate Wyze account. Simply connecting to your local wifi alone should by no means allow access to the camera.

You imply that your nanny created her own Wyze account. If so, then either she used your phone/account to create a share of the camera to her account. To check this, open the Wyze app and tap the Share button above the camera thumbnail in the device list. If the camera is shared, you will see it listed under “Shared Users”. You can cancel the share from there.

Another possibility (as mentioned above) is that she reset the camera to her account by physically pressing the setup button, scanning the QR code, etc. If this is the case, then you will not be able to connect to the camera from your account,.

The final possibility is that she has your Wyze account login credentials and is using those to access the camera. If that’s the case, then change your Wyze password and she will no longer have access.

Please report back what you discover.


#4

You are right. After talking to her again she actually followed what the app told her to press the button and scan the qr code.


#5

Thanks for getting back on that. So, she “stole” your camera feed. To get it back, you just need to press the setup button and scan the QR code again with your app logged into your account.

For future use, you can share the camera to her account and then revoke it when she should not have access. Unfortunately, there’s no way to schedule share access at this time. However, that idea is being tracked and I’ve added your vote for it to Wyze’s feature request tracker.


#6

Interesting. Is there a way for the app to detect a missing or “stolen” camera and send notification to owner? Or a way to lock a camera to an account which can only be unlocked by rightful owner?


#7

No there isn’t. If there is physical access to the camera, it can be reset to a different account. I know that Wyze is working on making previously recorded cloud clips still available to the camera’s former account in the event that the camera is re-initialized to a different account.


#8

I know Wyze are forward thinking and always looking to improve, maybe such a locking mechanism will be reality one day.


#9

How about having the camera to send push/email notification to current account owner before being reset ?