Unknown voice from camera

I humbly bow to your superior experience and knowledge you are no doubt 1001% correct.

I agree that if the software is working properly it can’t happen. But software has bugs, and if there’s a bug, there’s no telling what can go wrong.
E.g., memory gets overwritten with the wrong IP address and suddenly your “wires are crossed”.

As a fellow programmer I concur with jayl. In fact, I had the same thing happen (voice coming from IP camera, albeit a different brand, when it was being used as a nanny cam). Credentials are not the only way to access functionality of IoT devices.

The simple truth is that there are numerous layers of software involved in making a hardware device available over the internet, and any one of those layers can have vulnerabilities either purposefully or accidentally built in. These kinds of things are what make unauthorized access to corporate systems as common as they are.

I’m no expert, but I believe that even 2fa cannot protect you from these sorts of vulnerabilities, but it’s definitely more secure than having 2fa off.

5 Likes

In the old days before the FCC, radio station signals were so powerful, you could receive them on your dental bridgework! If there is/are wire(s) in the camera resonant with, say, a local ham radio operator, you might snag that signal and it will be heard on your camera. I won’t get into the details of this, but just plant the seed. You might try a RF choke on the power cord.

I live close to a DHS subservience tower loaded with advanced/secret technology and I’ve had some “interesting” events occur and poor cell phone reception.

2 Likes

This was my first thought as well. Probably because I grew up during the CB radio craze.

2 Likes

Obviously, I disagree. In any scenario I could think of, an error like this would ultimately stem from identifiers being confused or reused, whether because of a simple coding error, or a design error where some condition was not anticipated (either by mistake, or because it’s a truly unexpected condition that’s “never” supposed to happen).

For example, I refer you to these posts:

  1. Wyze is a Big Brother? The Company Failed Us
  2. MAC Address changed?

(1) gives an overview of how Wyze cams connect, where TUTK refers to ThroughTek, a third-party company that provides the service by which phones and Wyze cams communicate. (2) describes an issue where the Wyze cams can load the wrong MAC address.

Hypothetically, what happens if two cameras somehow report the same MAC address? Could TUTK connect to the wrong camera as a result of this? Or what happens if TUTK, through some coding error on their side, simply establishes a connection to the wrong camera? In step 2/3 in the Wyze connection sequence, it sounds like Wyze runs a key exchange between the phone and camera, but does it verify that it’s the right camera, or does it just trust that TUTK did its job properly? (This paragraph is meant to be rhetorical. It would not be productive to debate these questions without the implementation details, but I bring them up as specific examples of how things might go wrong.)

As described, it seems unlikely a Wyze employee is going to be bored enough to say “is anybody there?” to an empty room. And since you mentioned aliens, I imagine the same to be true of an alien civilization that has achieved interstellar travel.

This type of issue is actually more likely at a small company, where responsibility for the entire system is concentrated among a small group, and everyone generally wears more hats and has more access. Also, a small company may not find it the best use of resources to build a sophisticated auditing system to track what employees are doing.

In contrast, a large company tends to have multiple teams with more narrow responsibilities, which makes it less likely for any one person to have sufficient visibility or control of the system.

And usually, people don’t build functionality labeled “User Surveillance”. More likely, any “spying” would be via misuse of test/diagnostic functionality. That said, for the reason I mentioned above, I think misbehaving Wyze employees are among the least likely explanations in this case.

3 Likes

@ rbruceporter It’s concerning that you think that. What company do you work for? I’d like to reconsider my faith in it… Considering you have no idea what’s happening on their servers to pair up your video to your account and your devices I’m amazed at your confidence in their code. Not trying to be a {jerk} but your false testimony isn’t helpful in this situation.

As a fellow IT guy and programmer, I too am skeptical but am confident that it’s totally possible. Databases get jumbled up, things happen.

MOD NOTE: Post edited to conform to the Community Guidelines

6 Likes

I’m not insinuating that Wyze has an Elasticsearch database or that it is exposed to the internet. I’m also not insinuating that Wyze is not concerned about its user’s data and security…but I’m also saying it’s foolish to think that mistakes can’t, don’t, and/or won’t happen.

2 Likes

Jayl - Sensible reply. Never say that something involving software is impossible unless you are intimately involved in the coding, understand every line of code (that may have been grabbed from somewhere else) and know that noboby else has had access to it.

I know it’s not needed at this point, but just to backup those who have said it here: I work in software engineering/research as well. There are absolutely ways that this could happen beyond someone having a username and password. I don’t think Wyze people would do it, but like it’s been pointed out over and over, wires do get crossed and radio waves behave in weird ways. And no, the moon doesn’t need to be full and the stars aligned for weird stuff to happen or bugs to manifest themself.

Anyone that says otherwise is ignorant or trying to mislead you. Thanks for continuing to stick with this thread @Nasdme.

7 Likes

Hi, thanks for reporting your issue. I checked your ticket. Given the info you provided, we checked that only one phone (it should be your phone) used Wyze app on your account. It is unlikely that another person hacked into your Wyze account. The best way is to check camera log but it was not included in the ticket. A camera usually stores 1-2 days of logs on itself (assuming no reboot in between). I think it is too late to get useful info from your cameras. We have a few logs that may be useful. We are checking now and will respond to you soon.

I understand you don’t have any useful event video for it. Do you happen to have SD cards installed in each of your camera? If yes, we can check if there is any sound from the specific day. That will be the best proof for the issue. If not, I suggest you get a SD card for each of your camera so you can check the footage+sound if it happens next time.

If it happens next time, please take out an SD card and insert into the camera. You should hear two chime sound and there should be a log_XXXXXXXX.txt on the card. Please collect log soon after the incident and send the log file to us. We can take a look.

5 Likes

Hi - The log auto-generated when I reported the issue via the app. I will provide more details via email to you. Thanks

1 Like

Any and all brands have the potential of being hacked, Ring and Google Nest have had security issues in the past and continue to today. People have said this a lot but turning on 2FA for all of your accounts will help with protecting yourself (I use this on all my accounts).

Nothing on the web is 100% secure…you can only do your best to make it as difficult as possible. If a person can hack your webcam on the computer or your router, they can hack a webcam in your living room…but honestly the bigger question would be why would they. Usually they are looking for incriminating information, like nudes or people having sex, they aren’t going to watch you cook dinner. I wouldn’t put a webcam in a bedroom, personally, nor would I use one for a nursery.

If you want to watch a good video on webcam hacking, you can check out the Rogue Rocket on YT and webcam hacking. To me that is a bigger issue than someone hacking a wyze cam…billions of laptops in the world, only millions of wyze cams.

2 Likes

I feel like you hear your iPhone’s Siri voice assistant.?

1 Like

The Wyze Camera is a transmitter and a receiver. Since this incident involved receiving mysterious audio, let’s focus on the receiver. It’s possible that the audio amplifier could have picked up some random audio signal and sent it to the speaker. I wonder how well shielded it is?

First a few “FACTS”.

  1. While Google and AMAZON voice assistants are very helpful, both companies do capture and take data
    and video. (Just as Google Chrome).
  2. I have had both ANDROID and Apple iPhone(s) = BOTH capture all data and record conversations
    24/7. I was in a PRIVATE Corporate meeting with phone notice sounds turned off. In the discussion
    of business with client the phone SPOKE OUT AND SAID “i AM LOOKING THAT UP FOR YOU ON
    THE INTERNET NOW”. FROM THAT POINT ON, I left my Phone at my desk when attending
    meetings. and reported it to management for new meeting policies and technologies.
  3. SOFTWARE PLATFORMS - (MICROSOFT WINDOWS) If user takes time to read eery word of their
    policy for users they find that all data (emails sent/received) word documents created or received
    and the list goes on… Microsoft clearly states they have the right to retain copies from users. (that
    includes anything stored on MS Windows (Photos and videos as well).

SET ALL OF THAT ASIDE:

I set up my personal home security network on a SEPARATE ROUTER NETWORK / than what we have set up for Computer, IPADS, PHONES TO USE WIFI TO SAVE DATA COUNT, GAME CONSOLS, ROKU FOR TELEVISION AND MORE to tap into WIFI/network to access internet which includes GUEST and family members that visit my home.

I created my own voice command unit. I use LINUX based computer on the HOME SECURITY NETWORK.

It is isolated from outside access except from WIFI hackers that may ride to my residence. I challenge a local hack attempt.

They are welcome to try but I have that double layered with the most complex passwords ever. I also have $200.00 linux based pc that guards network from NEW Access into network. (Router with wifi has built in protection as well.)

Never go with basic settings of name and password. Get someone to go through router settings to beef it up some.

Everywhere you have WIFI device and password access. make the password impossible to figure out.
On WYZE devices and other brands.

(I have a password creator, I set the number of characters and it creates, logs under secured file I have on removable storage (sd card). I copy that one to a backup SD and both are put in safe place.

I USE WYZE HARDWARE. NO ISSUES WHAT SO EVER. HOWEVER, i DO NOT USE FEATURES THAT SEND DATA THROUGH INTERNET FOR PHONE TO ACCESS WHEN AWAY FROM HOME.

i HAVE A CHEAP USED PC RUNNING LINUX. iT RECEIVES MESSAGES FROM WYZE UNITS/ SENSORS ETC. iF IT DETECTS A “BREAK IN” LEVEL WARNING AND I know no one is home. I have a very loud siren and police are alerted to go to my home. I call them and tell them exactly what window or door was breached. They check it out. Cameras catch details. In that situation Police can obtain what they need without me there. Very good friends with Police, Fire, County and State Police in the area.

I periodically connect my HOME SECURITY NETWORK (FOR BRIEF MOMENT) TO INTERNET “AFTER” I RECEIVE NOTICE THERE ARE SOFTWARE/FIRMWARE updates available from WYZE.

THEN i DISCONNECT the Home Security Network from internet to it’s protected secure status.

AS FOR YOUR issue.
If you have google or amazon device connected. It can stem from there. Another home user with same device as all devices are not perfect can create cross communication issues.

Any connection to any other device other than WYZE leaves another vulnerable spot for access or ISSUES. I trust WYZE and their intent, product, services, software, etc…

JUST IN CASE there is an issue where POLICE need to access my camera recordings, (I only use cameras in locations IN DOORS pointing at “house access points” such as doors / windows, garage, Separate office/work area building inside, I have separate outside cameras that cover every window, door access with face recognition. I have long drive way. I use sensors/ camera for tag ID and face recognition (even if they just use drive way to turn around).
(Nobody wants footage of me coming from shower. LOL)

I have AMAZON purchased very bright LUMEN LED flood lights and placed them through all sectors of the property… (I have 2 acres.)

I also created 40 SMART DEVICES from watching YOUTUBE videos. Automation ran by Linux pc. I am now integrating WYZE products into my Linux full home manager.

EMBRACE technology but be smart on implementation.

2 Likes

What’s odd about that? My cameras talk to me all the time;) We chat about the weather and work conditions; they even help me pick out clothes in the morning. But we never get into politics or religion b/c that would be rude. Of course, it is sometimes hard to distinguish between the camera voices and the voices that are normally in my head. Either way, I’m happy. The more the merrier!
Seriously though, this is why I don’t point any of my cameras inside my house. I have them facing out the windows and in the garage only, but never anywhere that could be deemed private. It’s not that I don’t trust the good intentions of Wyze programmers. But mistakes happen. To those people out there saying “not possible”, I wish that I lived in your unsuspecting world. The information just bounces too many places to put 100% trust in. As a rule of thumb, if it leaves your private (hopefully secure) network, treat it appropriately; always with some level of caution.
Having said all that, are you sure you didn’t just dream it? Happy sleeping…:zzz:

1 Like

Using a MAC address to confirm payment of a PPV or movie is very different than a voice coming through an iPhone. Even if a Wyze cam had the same MAC address of another, it shouldn’t allow a person to speak though your iPhone speaker. I agree that they might seem similar on the surface, but a cable box an iPhone are very different on how they are authenticated. An kid with $100 and an internet connection can clone a cable/model MAC address, but iPhone/authenticated app from the Apple App Store is very different.

I have always wondered if someone could hack them and look into your house

There is an old saying to the effect of, anything man can devise, man can circumvent, corrupt, or otherwise mess with. So is it possible? Sure. Is it likely? I don’t think so but that’s my opinion not necessarily the gospel. Question is I suppose what do you think? And what do you consider a reasonable level of risk.

I worry a lot about known bad actors such as Google and Facebook. They are making money off everyone they can get their hooks into. I truly don’t think companies like Wyze are doing anything nefarious. But again, my opinion and YMMV. But I look at it this way, if I don’t trust a company or its products then I don’t buy them. But I also believe in Occam’s Razor, the simplest answer is usually the correct one. :grin::grin::grin:

2 Likes