Ok, have it your way. Honestly I know I can’t change your mind because you can’t dispute emotion with logic. So I think the best we can do is agree to disagree. Now I need to get back to my island fortress and complete my plans for world domination one camera at a time!
3 Likes
Yes that is what multiple people are telling you.
Sure, that’s possible. About as likely as the alien contact post above.
2 Likes
Welcome to the community, @Nasdme. I will do my best to get Wyze eyes on this ASAP. Please post your support ticket number in this thread if you have one. 
Welcome to the forum, Nasdme. Sorry your first post has to be an unfortunate one.
Also love your user name “Nas D Me.”
You say you are going to keep some of your WYZE cameras … and get rid of the rest. Are the camera V2’s? If so, please pm me for my address. I’ll take them.
FYI, this issue has come up before … a similar incident happened to NEST cameras. It made all the papers and was all over the internet. Ends up it was a friend of the family’s who thought it would be funny to pimp the people after being shown how neat the Nest cameras were.
I do agree with others here that first thing everyone should do is activate 2 factor authentication. It’s easy to do … and something that would prevent unauthorized access to your cameras.
Like I said, I’m sorry your first forum post has to be about this event. You obviously have a lot of WYZE cameras and were able to set them all up without commenting on the forum … however, I’m sorry to hear you are going to get rid of them. But like I say, I’ll take them. Please PM me.
Thanks. I wasn’t on the 2fa at the time but have since updated it to that after the occurrence.
I’m a programmer as well, and I can say with a high degree of confidence that it is possible. Yes, there are not physically any “wires to cross”, but there are a huge number of ways software can go wrong.
Here are a couple of documented cases. I’ve heard of others, but my web search skills are not finding them within an amount of time that I care to invest.
- Steam Is Randomly Logging Users Into Other People's Accounts And Exposing Their Information [Update]
- Facebook logged a user into someone else's account with a recycled phone number | VentureBeat
And before anyone brings it up, these (especially the second example) may not be exactly analogous to what may or may not be happening here, but my main point is that discounting the possibility entirely is irresponsible. It’s also possible that OP is lying because of some ulterior motive (OP, no offense, but I don’t know you), or that his/her credentials were stolen out of user carelessness, or that they were hacked/stolen from Wyze itself.
Disclaimers: I’m generally favorable on Wyze, and I think they provide good value for money, but no one is infallible.
8 Likes
Why on earth would any system that calls itself secure allow enough log in attempts that a password cracker is even useful?
1 Like
I work as a supervisor in the cable industry and investigated a couple of trouble calls for phantom movie purchases on digital set top boxes. I too, was pretty full of myself and at first stated that there was no chance of this happening unless someone was in the home clicking with the remote. After some investigation I actually did find that the box in question had the same MAC as another box on another account, so they ghosted each other as each subscriber made purchases. So my lesson was not to say “I am certain that this could not happen”.
2 Likes
Because a number of sites, products and services that call themselves secure… are not.
1 Like
The two examples you cited are not even in the same ballpark. But I do get your point, and yes I am sure if an employee at Wyze wanted to badly enough and enough people at Wyze turned a blind eye, and the moon was full yes it might be possible.
Remember Wyze is a small startup not Google or Apple sized so anyone playing games is going to be known and visible.
Could it happen? Yes. Did it happen? I truly don’t think so. MUCH more likely the OP had someone look over his shoulder or whatever. Heck aliens are a more believable answer than that Wyze is peeking somehow at his cameras. But sure, anything is possible, including my 10 years dead Uncle coming back to life in the company of Elvis and Earhart.
YOU HAVE ENTERED THE UNKNOWN! 
Oh, golly! We are so sorry to hear about this, @Nasdme. I’m sorry to hear that you don’t have documentation of this so that we could look into it. Did you send a log to us after the event happened and before you unplugged the camera? I would like to get the team to look into this but it sounds like we may not have the data for it at this point.
While we haven’t had a confirmed case like we’re all concerned about here, we take these seriously and want to look into them. Yes, 2FA should do the trick if this is a compromised account issue. But we would also like to look into this further.
@kyphos, I apologize for us making you feel as if we dismissed your case out of turn. I will talk to the team about better ways to approach this in the future. Have you run into this problem again since then?
1 Like
Gwen,
It’s only happened to me once (a mystery voice emerging from the Wyze app while viewing a V2). No recordings of the errant voice were captured on SD card. I did not have Wireshark running, so no packet captures to share that might shed light on the root cause. If it happens again, I will be sure to update the post.
Thank you for letting me know. Please be sure to tag me although I hope that you never need to make that update.
I humbly bow to your superior experience and knowledge you are no doubt 1001% correct.
I agree that if the software is working properly it can’t happen. But software has bugs, and if there’s a bug, there’s no telling what can go wrong.
E.g., memory gets overwritten with the wrong IP address and suddenly your “wires are crossed”.
As a fellow programmer I concur with jayl. In fact, I had the same thing happen (voice coming from IP camera, albeit a different brand, when it was being used as a nanny cam). Credentials are not the only way to access functionality of IoT devices.
The simple truth is that there are numerous layers of software involved in making a hardware device available over the internet, and any one of those layers can have vulnerabilities either purposefully or accidentally built in. These kinds of things are what make unauthorized access to corporate systems as common as they are.
I’m no expert, but I believe that even 2fa cannot protect you from these sorts of vulnerabilities, but it’s definitely more secure than having 2fa off.
5 Likes
In the old days before the FCC, radio station signals were so powerful, you could receive them on your dental bridgework! If there is/are wire(s) in the camera resonant with, say, a local ham radio operator, you might snag that signal and it will be heard on your camera. I won’t get into the details of this, but just plant the seed. You might try a RF choke on the power cord.
I live close to a DHS subservience tower loaded with advanced/secret technology and I’ve had some “interesting” events occur and poor cell phone reception.
2 Likes
This was my first thought as well. Probably because I grew up during the CB radio craze.
2 Likes
Obviously, I disagree. In any scenario I could think of, an error like this would ultimately stem from identifiers being confused or reused, whether because of a simple coding error, or a design error where some condition was not anticipated (either by mistake, or because it’s a truly unexpected condition that’s “never” supposed to happen).
For example, I refer you to these posts:
(1) gives an overview of how Wyze cams connect, where TUTK refers to ThroughTek, a third-party company that provides the service by which phones and Wyze cams communicate. (2) describes an issue where the Wyze cams can load the wrong MAC address.
Hypothetically, what happens if two cameras somehow report the same MAC address? Could TUTK connect to the wrong camera as a result of this? Or what happens if TUTK, through some coding error on their side, simply establishes a connection to the wrong camera? In step 2/3 in the Wyze connection sequence, it sounds like Wyze runs a key exchange between the phone and camera, but does it verify that it’s the right camera, or does it just trust that TUTK did its job properly? (This paragraph is meant to be rhetorical. It would not be productive to debate these questions without the implementation details, but I bring them up as specific examples of how things might go wrong.)
As described, it seems unlikely a Wyze employee is going to be bored enough to say “is anybody there?” to an empty room. And since you mentioned aliens, I imagine the same to be true of an alien civilization that has achieved interstellar travel.
This type of issue is actually more likely at a small company, where responsibility for the entire system is concentrated among a small group, and everyone generally wears more hats and has more access. Also, a small company may not find it the best use of resources to build a sophisticated auditing system to track what employees are doing.
In contrast, a large company tends to have multiple teams with more narrow responsibilities, which makes it less likely for any one person to have sufficient visibility or control of the system.
And usually, people don’t build functionality labeled “User Surveillance”. More likely, any “spying” would be via misuse of test/diagnostic functionality. That said, for the reason I mentioned above, I think misbehaving Wyze employees are among the least likely explanations in this case.
3 Likes