Hi! Just wondering how easy it is to break into the Wyze cameras. For example, we all have heard of creepy people talking to babies over other web cams or being able to see what the webcam is recording.
Is there a way to keep our cameras and speakers on our cameras safe from those on the outside of our homes?
It’s basically impossible for someone to hack into your Wyze camera. Assuming you have a strong password on your account.
From the FAQ: How do you make sure my personal data and video stream are secure?
We take our customers’ data safety very seriously. The communication between your mobile device, the Wyzecam, and the AWS Cloud Server are made via https (Transport Layer Security (TLS)). We used symmetric and asymmetric encryption, hashing and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the data. Even if a hacker intercepts the data package, the data cannot be decrypted.
From another post:
we do take user security very seriously and all of the uploaded video clips have multi-layer encryption. We at WyzeCam do not have access to that footage, and neither does Amazon. Even if those videos happened to be intercepted, which is unlikely, the amount of work required to dismantle multi-layer encryption is usually unappealing to most hackers. https://www.wyzecam.com/forums/topic/wyzecam-microsd-only/#post-70713
The password for the cameras is the same as used on this forum (if it’s possible to make them different, let me know). If an attacker were able to exploit a vulnerability exposing user account information and unencrypted passwords, no amount of password strength will protect you. You can’t tell if another user is connected to the live feed, unless they use two-way audio, or your networking equipment supports monitoring. My wife and I have both connected to the live feed of one of our cameras at the same time and used it to talk to the kids. Neither one of us would have known the other was connected but for the two-way audio.
My point is, an attacker who doesn’t use the two-way audio feature would be very difficult for most people to detect. That being said, a couple features that could help: 1) being to able to see details of users connected to the live feed, or an event log, although logs can be manipulated. 2.) support two-factor authentication for first-time connection.
2FA is a no brainer to support. TOTP is not technically challenging to implement. Supporting U2F also is ideal because the user experience is much nicer.
Auditable access logging is also a no-brainer, particularly an option to enable/disable and configurable alerts. The lack thereof is currently keeping me from actually buying the product, considering the scarcity of info about the security architecture of the system.
The little bit of information I’ve found about digital security and privacy has been reassuring, but there’s so little info published I can’t have much confidence. More detailed and complete documentation about the security and privacy architecture should be considered a core feature for a product that has security uses. Look at LastPass for a great example of how to get this right.
With GDPR imminent, I’d also like to see more information about how users can review, export, and delete all data pertaining to them within the system. What I’ve read so far sounds reasonable from a security/privacy standpoint if the claims are true but I can’t verify those or apparently make any decisions about it if I change my mind after trying the product. All of these concerns are extra important for a product that’s often used for security in the first place.
I’d ultimately really like to see more controls in place that transfer control over data and device access to the owner (purchaser). I’m tech savvy enough to manage my own encryption keys, use my own cloud storage APIs, etc. and just don’t want to have to manage the whole product software lifecycle end to end unnecessarily. I think there are a decent number of potential customers who are in the same boat. We’re also all tech influencers. Our friends and family respect our recommendations about what tech products to use or avoid. What I’ve seen about this product so far looks pretty promising, or else I wouldn’t bother commenting. Can the company deliver the whole package?
Just got a WyzeCam Pan. Very pleased with it so far but signed in to +1 everything @deesplease said here. These same questions came to my mind as I was setting up the WyzeCam and I was glad to find someone else raising them when I searched the forum.
This degree of auth and visibility is simply expected these days.
Me and my wife were in the living room watching TV when we heard a cough come from the kitchen where I have two of the cameras we thought it was strange and couldn’t find anyone around who would have made that cough I played back the one camera and I could hear the cough and on the other camera at the same time it went silent for a few seconds I don’t know how to report it to wyze but I figured I’ll be moving them out of my house and to the outside where I don’t care as much what could possibly happen
We have a cam in the laundry room so we can keep an eye on the dog during the day when no-one is home. My daughter was doing her homework in the basement tonight when she heard a mickey mouse like voice say ‘Hello’ from the laundry room. My wife and I were out at the time and it scared the hell out of her so much she grabbed the dog and ran to the neighbors house.
The Firmware is up to date and am not sure how to lock this down. Is there any way to track, log or even disable the audio on the camera? Should I remove and re-add the camera with a new password?
Thanks for the link Rick. I did look for other potential sources but its a pretty empty room. No radio, toys, dog toys, open windows, house creaks or anything else that would mimic the sound like this.
Ill change the password and see what happens. Im sure it was just a fluke.
I bought my girlfriend two wyze cams for Christmas, on multiple occasions now shes heard someone come over the camera speaker saying “hello” multiple times. The other camera did pick up this event. I had her change her wyze password, and within minutes of changing her password the issue happened again… any ideas on how to stop this?
Popping back in to ask if there has been any progress made on the issues discussed in this thread. @Loki are you the person to follow up with?
From my perspective, the issues of unintended device access either across accounts or by means of an account breach are the exact kinds of things that can be prevented with the types of controls I asked about. When I install a security product at home, it should decrease risk rather than add new potential threats. So far the only solid options I’m aware of are relatively old-fashioned tech, but if it comes down to it that’s what I’ll have to go with.
Cover the little pin hole below the camera with black electrical tape. Far less audio will be heard this way. Use two or three layers of tape over the mic pinhole a slight increase? Only a very small piece of tape is required to cover that small pinhole. Remember there are vent holes in the bottom of the camera and the electret condenser mics are pretty sensitive. You will still be able to be heard in close proximity to the camera.
Security Wyze it would be very helpful to have a log(s) of the device(s) & time(s) accessing the account and the cameras. Working two fold to 1.) Preventing anyone from saying there was outside access, and 2.) Knowing for certain if there were any outside access to the account and/or cams.