Gee sure sounds like that NAT layer is providing security after all, eh.
I can seriously say that and I feel confident that what I have written is not nonsense.
I am explaining in minimal technical detail why jimrjimr’s comment is valid. It is bad advice to assume no one in the world can reach your camera’s port 80 if you have a home router. Since an attacker can potentially get access to your camera without going through your router, that is not enough assurance.
I at no time suggested that one’s router had anything to do with getting infected with malware. I said that a computer infected with malware could access the vulnerability of a camera on the same network. A computer infected with malware can be remotely controlled, or at least be programmed to send sensitive information from the inside of a network to the outside. It can also request new types of instructions.
That’s like saying your door lock is ineffective if a burglar is already living in your basement.
No, what I am saying is that if there is a burglar in your basement, you can not assume you are safe because your door is locked. You stated that since the door is locked (they have a router), no one has to worry. Meanwhile, attackers are coming in through the Window (pun intended).
Ah, but no one claimed that. We are saying that no one with a home router is susceptible to compromise by this Wyze vulnerability. That no one can reach your camera’s port 80 through your router due to this Wyze vulnerability. That there are literally thousands of pieces of active malware that can compromise you in many other ways from inside your already compromised network is entirely beside the point.
If that is what jim had in mind (and he or she never actually said what he or she meant) then it would have been a disingenuous changing of the subject.
Just to clarify. NAT is absolutely considered a security mechanism among networking professionals. It may not have been designed as such but it is considered as such now and has been for 20 years.
This is categorically not a serious security issue for the vast majority of people. It required that you put a MicroSD card into the camera and that your LAN be compromised to allow an attacker to discover and attack the camera.
That said, if you did have highly sensitive camera recordings the risk is significant enough that you’d want to take action (the backyard vs the bedroom sort of difference).
Thanks Timothy, no idea why these people act willfully ignorant on behalf of a company that has behaved so poorly. I hope they’re paid for shilling for Wyze and making nonsensical security arguments that wouldn’t pass muster with anyone that has a modicum of networking knowledge.
And ignoring the fact that the company hid a security flaw in their cameras for years.
I wonder if they advise against the Wyze safe - after all, you don’t need it if you close your front door!
No, it is not, and not a single reputable security professional would ever suggest that it is.
No need to reply, I’m not interested in debating it with someone who is intentionally misleading and underplaying the danger Wyze introduced and left open for years.
You may not be interested in debating but I will clarify for anyone else who stumbles upon this topic. I have a degree and certification in computer networking. If someone has a question about the attack vectors here I’m glad to go into detail though confess I am not a security professional so use your best judgment.
NAT, subnetting, and software firewalls are all considered as part of the overall security of a network.
…and now you owe me that hat.
What is your source for that?
NIST, NIST SP 800-41 is one of several publications which clearly explains this, but all you need is to know what the letters mean. NAT is used to route traffic, it is not a security mechanism.
NIST SP 800-41
The security benefit of NAT—preventing a host outside the firewall from initiating contact with a host behind NAT—can just as easily be achieved by a stateful firewall with less disruption to protocols that do not work as well behind NAT.
Yes, a firewall is a great tool but NATs provide a very real security benefit. Please don’t turn off your NATs. Thank you for the source.
Ha, it’s pretty funny that his source confirms everything we have been saying about how effective a common home NAT router is against this internal port 80 vulnerability. Jim might owe me two hats at this point for so effectively dismembering his or her own position.
The line right before your quote: “Despite the popular misconception, NAT is not part of the security
functionality of a firewall”
[Mod Edit] Next quote:
“For example, network address translation (NAT) is sometimes thought of as a
firewall technology, but it is actually a routing technology.”
This is why arguing [Mod Edit] is pointless, you will misconstrue absolutely anything to make yourself sound right.
MOD NOTE: Post edited to conform to the Community Guidelines.
So now it’s personal attacks because you can’t support your position. I don’t have room for this many hats.
Here is the claim I am refuting.
It works if someone can reach your camera’s port 80. No one in the world can do that if you have a home router. Period.
If you have a compromised device on your network through which a hacker may act, a hacker can access port 80 on your camera. The idea that you are safe because you ahve a good router is flawed.
If, however, you changed your message to read something like, “If you have a modern home router with a firewall, it is safe to say that a hacker cannot access your camera directly. The hacker would have to find another way in,” then I would have no problem agreeing with you. I simply disagree that having a router means you are protected, “period.” You must also protect devices on the network that can act on a hacker’s behalf within your home network.
You don’t have to agree with this statement. I’m not putting it here to argue with you. I’m putting it here so that other people who read this thread will have a second opinion on your advice.
That’s not quite true, either. Having a firewall doesn’t provide any additional protection unless you take the time and have the knowledge to configure it properly. It would still be an issue if an intruder was logged into your network or had access to a compromised device on the same network segment as the cameras.
Okay, I see your point. And it does mean more potential victims. But in the scheme of things that’s a given - if someone is already inside they’re inside. The threat people are worried about is a new one from outside their network.
If a PC on your LAN is already compromised then all bets are off - all your keystrokes, all your files and photos and web browsing and mail, etc., etc. It’s separate / tangential from talking about what this Wyze vulnerability means.
Some posts were removed or edited that did not follow the Community Guidelines. Please flag posts that violate the guidelines so the moderators can respond appropriately.
Key points from the guidelines to keep in mind:
- Remember to criticize ideas, not people
- Please avoid name-calling
So, you just don’t know a lot about networking then eh?
That’s your big statement? Not an impressive debut.