Hacked: Man’s voice in sons room

Very disturbed tonight as a man voice was talking into my sons room as he was sleeping. My wife walked upstairs to check on something and heard a strange noise. She opened the door and heard a voice say “why did you come up here you bitch”. She called for me and I quickly came upstairs. The voice said several things before asking if we wanted to sing his petition. I quickly unplugged every camera we own. WYZE?!?

I would contact security at security@wyze.com immediately. That is freaky to say the least.

Welcome to the Wyze User Community Forum @Member20!

@habib is correct. Definitely a case for Wyze Security to investigate. They can look at the IP login Hx to your account and perhaps pull cam history logs to see what happened. Just make sure you email them from your Wyze Account login Email address.

Beyond that, insure that you change your account password and enable two factor authentication. It also might be a good idea to change your WiFi password and check your router firewall security protocols.

Same thing happened at about 7:30am ET this morning (Feb. 26) on our wyze cam pan in my son’s room. Woke up to all sorts of weird nose and before I realized what was going on, I heard a man’s voice saying things like “do you want to s__k my d__k”. I unplugged the camera, then heard the voice on another camera in my house screaming and making noise, like he was trying to wake us all up. I powered down all cameras and changed my password, setup 2 factor authentication, and updated firmware. Sounds like it could be the same idiot.

Leaving off the interior cameras for the time being…

Welcome to the Wyze User Community Forum @sym!

Sorry you experienced that. But, same recommendation as above.

Wyze Security takes these reports seriously and investigates them. They have access to very detailed information on your account and cams. Information you provide can help to prevent it in the future or identify the person doing this.

Thank you all. I have changed passwords, set up 2FA, and changed wifi passwords and email. I’ve also checked status on data leaks. I just emailed WYZE security and look forward to hearing from them.

Sorry to hear you dealt with the same issue. Certainly a scary experience.

Check your router setting too.

We get reports like this every couple of months. Just once I’d like to see Wyze and/or the reported victim come back and explain exactly what happened, whether it was a security breach, on whose part, etc.

Here are some things to try and think about while waiting for Wyze to respond. You might aim your cameras looking through an outside window with the Status Lights on. When checking recordings you should see the reflection of the Status Lights which would tell you if it detects someone viewing the camera. Aiming cameras toward the outside means they can’t see anything sensitive while you are testing.

How does the male voice know your wife came upstairs to your son’s room? How does the male voice know you live in a multi-story residence? It almost sounds like the male voice is familiar with your house.

This is a very scary situation and I hope you get a response from Wyze.

I didn’t intend to say that he knew it was my wife or my sons room was upstairs necessarily. We have a few cameras that give an idea of the layout of the house. The voice addressed my wife when she walked into his room after she heard something. Sounded like the intent was to get attention.

I will certainly take fault for not have two factor authentication and old passwords as log ins. I guess I feel that some more apparent notification of a potential issue from WYZE would be nice. Not sure that it’s a fault of WYZE or another breach of some sort. I’m taking measures to make sure I clean up everything on my end.

That’s exactly the right thing. I’m glad you know how to secure yourself and I’m sorry you got this a-hole on your cameras. For the rest of us we are usually left wondering - was this just someone whose credentials got stolen - maybe by someone they know - or is there a deeper security vulnerability in the platform that should be concerning for everyone.

I will come back and update as I get more info.

I’ve seen several who reported back, often on Reddit, etc. Especially back during that period when there was a lot of credential stuffing attacks and Wyze pushed everyone toward 2FA.

None that were surprising results though. I’m sure you can easily guess the outcomes.

In some cases we’d even ask the person to go check one of the various “Have I be pwned?” type of sites that will tell you if your credentials have leaked on the dark web, and ask them about 2FA.

In almost every case, the situation is resolved by changing the password, and preferably using 2FA too (just in case it is someone you know who has access to your password manager for some reason).

Almost always ends up being credential stuffing from leaked reused passwords, instead of a unique one. Though it was interesting in some cases for the people to tell us the location of the IP address (usually another country or VPN).

Speaking of multi-factor Authentication though, Wyze now supports Authenticator Apps, SMS, secondary SMS number, AND email all at the same time, and they have started allowing us to use Google Passport to log in to some things too, which I absolutely love (because I don’t have to go look up an annoying code…as long as my device is authenticated for my Google account, then logging in with my Google passport proves I own that email account and Wyze lets me in even though my Wyze password is different because I had to use MFA to get Google’s approval for the device already…I love that! So much more convenient/quick).

Very important to contact security@wyze.com as @habib and @SlabSlayer recommended.

Great idea to have 2FA turn ON

I reached out to Wyze Customer Support through the app and had a live chat with a service rep.

They were unhelpful to say the least. The first rep I spoke with asked if I had a video of the guy’s voice. I went to that section of the app to try and find the video and was disconnected from chat. I then received an emailed transcript of the chat, showing the rep promptly followed his message with another, stating that I’d be disconnected if I checked (would have appreciated being told that before he requested the video).

I powered back on the camera and it looks like the recording stops around 7:15am before I heard the person’s voice (checked my clock and it was about 7:30 when everything went down). The event recording is still confusing to me b/c they’re trying to make it harder to use SD storage for recordings since they want to push their subscription plan on, so I wanted to spend more time checking.

I went back to live chat and spoke with a second rep. Despite having already provided all the same details to the first rep and the 2nd rep putting me on hold to review the case background, I had to explain the situation all over again. Several hours later and lots of the standard “did you reset your password, setup 2FA, etc.” (which I had already done before calling them) she continued to ask me for the video. I inquired about camera logfiles and she kept saying they don’t have access to video records because “privacy is important” (I’m paraphrasing of course). I explained that I wasn’t referring to video recordings and instead to text-based logfiles of some sort.

I finally bluntly asked for her to acknowledge my repeated requests for the camera logfiles and if I was correct in understanding that she’d only be willing to help if I can provide a video. She she said will “connect” me with management. However, by “connect”, she meant they’d send me an email, which she cleared up in her next message.

I’m incredibly frustrated with the whole situation and Wyze’s incompetence in handling it. I’ve read dozens of forums where login notifications/device history has been requested for years now and the feature still hasn’t been introduced. I’m sure that the hacker probably got access to my credentials through data leaks through other providers and I know what needs to happen to prevent it.

But it would put me more at rest if I had a clue about if they legitimately logged in or it was some sort of camera exploit. I’ve been a big Wyze proponent for several years now (I own several pan cams, v2/3 cams, night lights, the original doorbell camera, the scale, etc.) and am on the verge of transitioning to a company that actually cares about security.

EMail Security@Wyze.com, they always look into these issues.

As spamoni4 said, and as has been mentioned in several other posts, for this kind of issue and what you are requesting, it is better to send an email to security@wyze.com from the same email address your Wyze account is setup with. The security department is the one with access to look up the information you need to know. Contact them instead of support for this particular concern.