Mod Edit: Investigation of latest firmware after a router detected port scanning

Firmware update (upgraded yesterday 2021-12-06) for Wyze Cam 3 contains malware.

Likely attack on Wyze servers

Extremely unlikely and not okay to post here without proof. Just because your android app that ‘scans for malware’ can’t understand the code in the Wyze firmware does not make it malware.

That is not a scanning app. That is AI router monitoring activity on network. the proof - you can see a screenshot

Btw: port scanning is not malware (I’m a Network Engineer & Wyze explained this at least 2 years ago).
Port Scanning is Not Malware - Wyze

1 Like

That’s not proof of malware. Many devices scan UDP ports nonmaliciously.

This was found with a quick google search of “Wyze port scanning”. Lol

The situation in your link is different - iphone from wan bombarding the external address where the cam sits behind.

In my case there is no app or smartphone is involved at all. The cam itself port-scans other devices on my network for no apparent reason

And another:

Your so wrong,there’s no way that it could happen and we just checked all of our 12 sites and nothing found you need to make sure before you post such issue

Again this your link is about port forwarding / NAT for Wan-Lan connection.
This is understandable, legitimate and even essential.

But there is no legitimate reason for Wyze Cam to scan Lan devices.

Lan’s gateway is known to Wyze Cam by default. DNS etc addresses also too.
So what is the real reason for Wyze cam to test ports on my printer / NAS / TV etc?

It is like telling a police - I’ve tried to open all entrance doors on this street because I want to fly to Mexico but was not sure how to check in and where the airport is

i can confidently tell you that the cameras will have to scan ports every once in a while to ensure the ports necessary to communicate with any server are open. otherwise, the camera will show as disconnected, as it cannot get the data outside of the network. out of curiosity, what ports were being looked at specifically?

1 Like

Lets look at this without any adverbs and without any references to mysterious 12 holy sites.

Please explain me in plain English

  1. Why does Wyze Cam need to scan ports on ALL devices on my LAN?
  2. Why other cams / smart devices have never been caught doing that for years?

Ports scanning essential for connecting to external server should stick to LAN gateway.

There is no point to scan what is in neighbor’s backyard if you really want to send a parcel to Miami.
Such parcel by default goes to post office. There is no excuse for such sender to try to open neighbor’s door for that

Jeez. First, the thread title is alarmist and almost certainly wrong.

Second, trusting add-on router security features or 3rd party tools without understanding them is not a good idea.

Third, at worst case the camera may be doing a local network discovery for other Wyze devices. I honestly wouldn’t care if it were.

Fourth, “rogue device trying to infect other devices” is scare language and an enormous leap. It might be true, and it might not. What is your “router AI” brand? I would treat anything it reports with big grains of salt.

It would be nice to know what port(s) it’s actually scanning for.



Thanks for bringing this to our attention, @Sasha. I sent this over to the security team and they scanned our firmware with 54 different antivirus software and the results were returned with 0 reports of malware. They’re going to do a deep dive to be safe but those take a day or two to run. It is possible that your router returned a false positive (this happens sometimes) but we’re checking our end of things instead of assuming.

In the future, please contact our security team directly by emailing if you think there’s a security issue! They’re really prompt with replies and that’s a good space for them to be able to work directly with folks in a secure way if they need further information about a report. It also helps keep other customers safe if there is a security issue at some point because it will give us the information we need to fix something without alerting bad actors who may want to exploit a vulnerability. :slight_smile:


Hi, thank you for your reply and effort to figure it out.

While it might be a false positive my router is not to reactive or too sensitive on this.

Last time I got a similar warning was several years ago after some connected iPhone was compromised by installing controversial plugins on it. It was real threat.

The router is definitely not in a habit to set off alarms like this every quite a bit of time.

1 Like

Totally makes sense! And that is definitely the kind of thing that we also want to take seriously. If you would like, you could email with more information like your router model to contribute to us looking into it. That’s up to you, though! We’re already setting up the deep dive infrastructure. :slight_smile:


Hello, I posted in the firmware update thread and was recommended to this thread:

I just updated my V3 to the latest firmware and now my ATT Fiber router/gateway is constantly spamming me with notifications saying that a DDOS attack was blocked with my V3’s ip address being the target.

I have since turned off ALL my wyze cameras and I am still receiving the DDOS attack notification.

I know for a fact I’m not getting attacked because 1. I’m not that important, and 2. No other devices are effected nor my network traffic.

Any ideas why this would be with the new firmware?

Edit 1: I was able to “pause” the device in my gateway and that seems to stop the notifications also clarifying that it is only my V3 camera, still unsure why it’s happening.

I wonder if Russians hackers breached Wyze’s firmware production pipeline. They are everywhere these days exploiting all brachnes of access ( for instance first breach Wyze server then get through Wyze camera update to home lan then at home network sniff router credentials then get credentials of work / VPN then get into work network and install backdoors there.

A very plausible scenario.

Just being small and unimportant is no longer a protecting factor.

Well if I was you I would do a hard re boot of your router and then power on 1 camera at a time and see what you get,it’s highly unlikely that there’s an issue with the firmware