A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.
A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research.
The security flaws involve iLnkP2P , software developed by China-based Shenzhen Yunni Technology . iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders.
What SDK does Wyze use? I love the Wyze company story and really want to buy more products, but I’m nervous. I suspect that while you build a lot of software yourselves, that under-the-hood you’re using an SDK produced by a Chinese company. Having this software on my home network will compromise it because the Chinese Government, via Chinese companies, is actively trying to extract information from US companies for intelligence and corporate espionage. Can you please give us more details about the software that comes on Wyze hardware? What SDKs do you use? Should my Wyze devices connect to any servers outside the US?
From what I understand they use a Russian company for P2P services. Can’t find the name though.
However, the cameras are manufactured in China and white-labeled to Wyze. Wyze provides the firmware for the camera. I doubt these camera would fit into any corporate security plan. They aren’t even sold as security cameras but rather as novelties for the home market.
Maybe one day, Wyze will allow you to setup an NVR on a local linux based NAS in order to store your video in-house and not allow it on the web at all.
Lovely. Russian p2p and Chinese hardware/boot loader. Any firmware will likely be written on the vendor SDK. At least the Ingenic cpu is RISC V and the sdk disassemblable. If I can control the hardware, the firmware barely matters. The two countries known in sec circles as the root of many sophisticated attacks against the free world. Know your risks and your risk tolerance.
The fact that we cannot set the AES-128 security key for you personal protection of the data speaks volumes about who can read the data even if everything else is secure.