Gee sure sounds like that NAT layer is providing security after all, eh.
I can seriously say that and I feel confident that what I have written is not nonsense.
I am explaining in minimal technical detail why jimrjimrâs comment is valid. It is bad advice to assume no one in the world can reach your cameraâs port 80 if you have a home router. Since an attacker can potentially get access to your camera without going through your router, that is not enough assurance.
I at no time suggested that oneâs router had anything to do with getting infected with malware. I said that a computer infected with malware could access the vulnerability of a camera on the same network. A computer infected with malware can be remotely controlled, or at least be programmed to send sensitive information from the inside of a network to the outside. It can also request new types of instructions.
Thatâs like saying your door lock is ineffective if a burglar is already living in your basement.
No, what I am saying is that if there is a burglar in your basement, you can not assume you are safe because your door is locked. You stated that since the door is locked (they have a router), no one has to worry. Meanwhile, attackers are coming in through the Window (pun intended).
Ah, but no one claimed that. We are saying that no one with a home router is susceptible to compromise by this Wyze vulnerability. That no one can reach your cameraâs port 80 through your router due to this Wyze vulnerability. That there are literally thousands of pieces of active malware that can compromise you in many other ways from inside your already compromised network is entirely beside the point.
If that is what jim had in mind (and he or she never actually said what he or she meant) then it would have been a disingenuous changing of the subject.
1 Like
Just to clarify. NAT is absolutely considered a security mechanism among networking professionals. It may not have been designed as such but it is considered as such now and has been for 20 years.
This is categorically not a serious security issue for the vast majority of people. It required that you put a MicroSD card into the camera and that your LAN be compromised to allow an attacker to discover and attack the camera.
That said, if you did have highly sensitive camera recordings the risk is significant enough that youâd want to take action (the backyard vs the bedroom sort of difference).
2 Likes
Thanks Timothy, no idea why these people act willfully ignorant on behalf of a company that has behaved so poorly. I hope theyâre paid for shilling for Wyze and making nonsensical security arguments that wouldnât pass muster with anyone that has a modicum of networking knowledge.
And ignoring the fact that the company hid a security flaw in their cameras for years.
I wonder if they advise against the Wyze safe - after all, you donât need it if you close your front door!
1 Like
No, it is not, and not a single reputable security professional would ever suggest that it is.
No need to reply, Iâm not interested in debating it with someone who is intentionally misleading and underplaying the danger Wyze introduced and left open for years.
1 Like
You may not be interested in debating but I will clarify for anyone else who stumbles upon this topic. I have a degree and certification in computer networking. If someone has a question about the attack vectors here Iâm glad to go into detail though confess I am not a security professional so use your best judgment.
NAT, subnetting, and software firewalls are all considered as part of the overall security of a network.
1 Like
âŚand now you owe me that hat.
2 Likes
What is your source for that?
NIST, NIST SP 800-41 is one of several publications which clearly explains this, but all you need is to know what the letters mean. NAT is used to route traffic, it is not a security mechanism.
1 Like
NIST SP 800-41
The security benefit of NATâpreventing a host outside the firewall from initiating contact with a host behind NATâcan just as easily be achieved by a stateful firewall with less disruption to protocols that do not work as well behind NAT.
Yes, a firewall is a great tool but NATs provide a very real security benefit. Please donât turn off your NATs. Thank you for the source.
1 Like
Ha, itâs pretty funny that his source confirms everything we have been saying about how effective a common home NAT router is against this internal port 80 vulnerability. Jim might owe me two hats at this point for so effectively dismembering his or her own position. 
2 Likes
The line right before your quote: âDespite the popular misconception, NAT is not part of the security
functionality of a firewallâ
[Mod Edit] Next quote:
âFor example, network address translation (NAT) is sometimes thought of as a
firewall technology, but it is actually a routing technology.â
This is why arguing [Mod Edit] is pointless, you will misconstrue absolutely anything to make yourself sound right.
[Mod Edit]
MOD NOTE: Post edited to conform to the Community Guidelines.
1 Like
So now itâs personal attacks because you canât support your position. I donât have room for this many hats.
1 Like
Here is the claim I am refuting.
It works if someone can reach your cameraâs port 80. No one in the world can do that if you have a home router. Period.
If you have a compromised device on your network through which a hacker may act, a hacker can access port 80 on your camera. The idea that you are safe because you ahve a good router is flawed.
If, however, you changed your message to read something like, âIf you have a modern home router with a firewall, it is safe to say that a hacker cannot access your camera directly. The hacker would have to find another way in,â then I would have no problem agreeing with you. I simply disagree that having a router means you are protected, âperiod.â You must also protect devices on the network that can act on a hackerâs behalf within your home network.
You donât have to agree with this statement. Iâm not putting it here to argue with you. Iâm putting it here so that other people who read this thread will have a second opinion on your advice.
1 Like
Thatâs not quite true, either. Having a firewall doesnât provide any additional protection unless you take the time and have the knowledge to configure it properly. It would still be an issue if an intruder was logged into your network or had access to a compromised device on the same network segment as the cameras.
Okay, I see your point. And it does mean more potential victims. But in the scheme of things thatâs a given - if someone is already inside theyâre inside. The threat people are worried about is a new one from outside their network.
If a PC on your LAN is already compromised then all bets are off - all your keystrokes, all your files and photos and web browsing and mail, etc., etc. Itâs separate / tangential from talking about what this Wyze vulnerability means.
Some posts were removed or edited that did not follow the Community Guidelines. Please flag posts that violate the guidelines so the moderators can respond appropriately.
Key points from the guidelines to keep in mind:
- Remember to criticize ideas, not people
- Please avoid name-calling
Important sections:
Always Be Civil
Sometimes We Disagree
2 Likes
So, you just donât know a lot about networking then eh?
Thatâs your big statement? Not an impressive debut.
3 Likes