Wyze in the news today, and it’s not good

Before anyone gets too excited about this, this is a TOTAL NON ISSUE for almost everyone. Unless your camera is directly connected to the internet, this is a non issue. If your camera is behind a NAT router (your typical home router for example), unless you specifically set up port forwarding to it (why would you do that?) the camera is not accessible from the internet via this hack.

4 Likes

Click the   image   to reveal the poll and vote.   image

Vote immediately. Or read the thread first and then vote.

Vote can be changed if your mind has. :slight_smile:

It’s an issue because the way Wyze decided to handle it is an indicator of corporate culture and the consumer relationship behind the curtain. While this issue may not directly affect us all, in a way it does directly affect us all, you know what I mean?

1 Like

Only sort of. As an analogy, if General Motors found that if you drive a Chevy Silverado at 150 mph, it is unsable - then GM did not reveal and immediately fix that problem, they are being wrong. No, since you can’t get a Silverado to 150 mph, so it’s a non-issue. Just as this hack is a non-issue.
Wyze has promptly fixed a couple real security issues in the past, so for real problems, they have taken it seriously. This is a non-issue so it went onto the “we’ll get around to it list” - which they did months ago.

And I agree with that sentiment about the corporate culture. I considered this. I told my fiance that it shouldn’t affect us because of that specific reason but I was still going to be replacing my cameras anyway. It’s great that this didn’t affect me personally. Could it have? Maybe. Maybe I own a coffee shop. Maybe I just don’t know anything about networking and I do something stupid (and I’m definitely not an expert). Would I ever have known about it if this was a vulnerability that affected me? And that’s the problem.

@bdragule @timothynott

Does this make any sense to you:

Thanks. :slight_smile:

Can you expand a little on this? Because I still have a V1 inside my house. I use a typical AT&T provided WIFI router. With no settings changed. Am I still good?

Thx!

If that were the case, Wyze could have just come out and said so three years ago. The lack of disclosure is the issue, not that a technical flaw exists in the first place.

You can never be TOO transparent or overcommunicate with your consumer base. But if you under communicate, we all have ask… why?

I’m not buying the whole “it’s low priority, we’ll get around to it later” argument. Evidently this was a big enough problem for Wyze that they developed a new generation of the camera, at least in part to get around the vulnerability. The whole thing seems unnecessarily sneaky.

Saw the news and headed here to what the thoughts are on the issue. For me, from the start, I just assumed if it’s connected to the net in some way, it’s hackable in some way - should someone with the skills and know-how find an interest to do so, they can gain access. I would never feel comfortable having any cam from any company looking at anything other than what it can see out the window.

1 Like

In the case you describe, there couldn’t be a report that it would be unstable. So, work on the analogy. Perhaps if the vehicle is unstable at 100mph they could decide it is not an issue since no one is supposed to be going that fast? The bug that affected Wyze cams up until 1/29 did not require anyone to do something that is impossible.

1 Like

Might have to do with funding at the time. I recall the dumb video wyze posted about securing additional cash that would save the company. I believe prior to that they didn’t have the cash to exchange, recall or even patch their devices.

So many “smart” devices they’ve put out without any recent software updates.

But the gun safe will turn things around……

2 Likes

Why would the logs, UID and ENR be stored on SD card?

I can only offer conjecture. You would have to ask Wyze why they decided to do it for a specific answer.

Unfortunately not all of us have the same luxury.

In 2015, our family adopted 3 kids. Due to reasons I don’t want to get into, we were advised by social workers to set cameras up in their bedrooms until some milestones were crossed in therapy.

They’re all much older now and the cameras have long been removed, but it really sickens me to think that this vulnerability existed without my knowledge for a number of years while I was using a v1 camera in a child’s bedroom.

Also, NAT is a zero-security solution. Get a router with a firewall or assume you are going to be hacked.

Beyond that, any device on the network that is compromised can be used to connect to other devices on the network. The assumption that one can be careless because a device will be in a safe space is not a valid approach to security.

Understood. Just to explain…

From my intermediate-knowledge-lay-user-of-the-cams POV… the SD card is optional, not all cams have 'em. In that case, why would important security stuff be stored on 'em?

bdragule, I worked in a children’s psychiatric facility for a few years. I realize you were advised to do so, but personally, I wouldn’t violate a child’s privacy that way. I get that you were protecting them, but for me, that feels like a lack of trust. We had cameras in the facility, but only in public areas, and in outside areas. No bedrooms, bathrooms, locker rooms, etc. But again, you were following advice and that is the right way to do it.

Would this be sufficient do you think?

Intrusion Prevention System:

Protects your system and applications from external attacks and eliminates vulnerabilities. This is accomplished by detecting and preventing network attacks from known, unknown, and zero day exploits that infect other networks throughout the world.

Infected Device Quarantine:

Prevents infected devices from sending sensitive information or security threats to clients outside your network. Also, protects your internal network from being further infected while you get the infected system cleaned.

History:

Records the devices that have been successfully protected by the Antivirus software as well the source and classification of the attack.

I’m skeptical because it was initially provided for a few years free w/router purchase (thereafter pay) then they changed course, tossed it in gratis ‘forever’… :thinking:

I hear you, and I agree. Didn’t have a choice in my case.

Agreed – I don’t think it was a matter of “have to.” The problem does not describe saving vital information to SD instead of inside the cam. The description reads to me that the information was being written out to log files along with other information the camera wanted to log. This would probably have been done in error, not as a necessary feature.

1 Like