Packets going to something called "Omegle" - Pedophile ring?

Thanks, travega. I have a relatively shallow understanding of the technology you all are talking about, good enough to follow along, usually, good enough to ask a good question, sometimes, good enough to solve many of my own problems, yes, given enough time.

Are you a networking pro? Or?

1 Like

Nope! Methinks something I shan’t say.

3 Likes

What about this???
.
.
Omegle is a free online chat website that allows users to socialize with others without the need to register.
.
That’s not so suspicious … however
.
The service randomly pairs users in one-on-one chat sessions where they chat anonymously using the names …
.
Comparisons have been made to early-1990s AOL
.
Other products that provide similar services include Tinychat and Whisper

1 Like

Slightly more concerned about…

…and why Wyze cam would deem it necessary to stream packets from a camera mounted in a child’s bedroom to that service for any reason.

1 Like

TL;DR there are only WyzeCams on that network. The DPI has identified packets routed to that Omegle service. Why?

I really need someone from Wyze to respond at this point. Is the only option to take it to Twitter?

1 Like

Can anyone with home grade wifi router can inspect for this? if so, how?

1 Like

Have a look at @rbruceporter’s post above for packet inspectors you can run in your own network. Probably the best you can do with the expensive stuff.

2 Likes

Unfortunately, Fiddler works at the HTTP layer (as a proxy) - great if you’re debugging a webapp (i use it quite a bit).

Wireshark is a much more powerful tool as it digs much deeper, as it can capture any type of network packet, though people are at odds with its UI … but hey, it runs on many platforms.

3 Likes

Yes Fiddler is a proxy which is fine for his stated issue. Omegle is a web site, so if packets are going to a web site, a proxy works just fine. :grinning:

2 Likes

Is there any dynamic network behavior that could be videoed and uploaded here that would be minimally intrusive privacy-wise and more illuminating/persuasive than a screenshot?

1 Like

Very interesting situation! Some questions that may provide food for thought…

Is this traffic from just one of your Wyze cams, or do several of them show the identical traffic pattern?

Aren’t QQ, 24im and Caihong also Chinese based instant messaging apps?

Not just Netflix and YouTube, but personally I would worry about a cam talking to FB, WebFileTransfer and iMessage as well…?

Are you running the UniFi client app on a jailbroken iDevice?

How much total data flow is going to these sites over time? A lot or just light test ping type traffic?

1 Like

Hi everyone,

@travega reached out to us through Twitter earlier and I know that we’re reaching out to the engineers. @travega, if you haven’t provided the MAC and date/time of this, please do so for us to look into this.

While I would be surprised if our cameras were reaching out to these areas, we still take this seriously and want to make sure.

9 Likes

@UserCustomerGwen can you reach out directly via email please as I’d like to include some other parties in the conversation?

1 Like

I imagine you already have but I would block the Omegle site direct on your router/hardware firewall. You seem very knowledgeable so this is more for someone searching for this problem and looking for solutions.

4 Likes

@UserCustomerGwen requesting again as there seems to be no active assistance for this issue. Can you please reach out directly? If I am sharing MAC addresses I would prefer if it’s not done publicly. Also, I will need to include some others in the conversation. I really don’t want to have to go the Twitter route again but it seems to be the only way to get any kind of response.

1 Like

Agreed, there is a very long list of very suspicious recipient services to which the traffic from these cameras is going. Two of them at least are showing almost identical patterns. I’m focussing on the one device at the moment that was named “Kid’s room” as it is for obvious reasons the one I am concerned about most. But, will check all of them.

The UniFi client is not running on a Jailbroken device.

Most of the services show traffic in the hundreds of bytes and kilobyte range. Then there is 1.4GB going to an “Unknown” service where the next largest and largest recipient overall is “Amazon” at 3.32GB. So, the scenario I suspect is either 1) a callback mechanism where the camera pings a service to send connection details after which the “Unknown” service intercepts packets and streams them to a paedophile ring. Assumption is that a vulnerability in the device is exposed or malicious intent on the part of the manufacturer. Or 2) the first version of the suspicious activity was too conspicuous so an update was pushed to the device that sends all request to and from the device via a proxy gateway not identified as “unknown” by Ubiquiti.

Either way @UserCustomerGwen and her organisation are responsible for an explanation and solution if it is fact what it appears to be. I will be seeking legal advice and notifying law enforcement so they can help me get to the bottom of this. Also, I see it as my primary responsibility as a customer and parent to alert any other existing and potential users of these devices so anyone else experiencing the same issues can take the necessary precautions to protect their children and personal lives from any potential exploitation. It may be too late for my family and the damage caused by that potential exploitation could have untold consequences. But, certainly common sense would suggest that prevention is better than cure and I’m thinking about how best to proceed on that front. I have some thoughts on who I will consult but it needs to be done in the right way to ensure the best possible preventative success.

1 Like

I’m confident name resolution is enabled, so “unknown” is displayed because the IP address can’t be resolved.

I would hope you could select those entries to see the IP address???
(would be nice if there was an option, “if name can’t be resolved, display IP address”)

1 Like

The turnaround time here on the forum can be a day or two. Longer if there’s a weekend involved. I have alerted @UserCustomerGwen again to hopefully get back to you soon.

In the mean time, you can use the personal Message feature on the forum to share information privately. Click on a user name then then click the Message button.

Also, you can send a camera log privately to the support team from the app by tapping the Account tab, then Help & Feedback > Submit a Log. This would include the MAC address. You can mention in the body that it was requested by Gwendolyn.

7 Likes

Hey travega

I hope you get some satisfaction on this. @Loki 's rec’s just above are spot on, imo.

I notice you joined and first posted a short comment in the middle of the data leak thread last January. No more (public) activity here 'til now.

Were you satisfied with Wyze’s response and efforts to remediate in that instance?

Confident enough to continue using the cameras in your kids’ rooms?

You seem like an analytical chap, conversant in networking tech, so I’m sure you appreciate these are obvious questions in the context of the forum. :slight_smile:

Cheers, -peep

4 Likes

Thanks @peepeep :+1: Certainly analytical enough to identify the difference in nature between January’s breach and this, for sure. As for trust, I’m pragmatic about the potential for a data breach but as I’m sure you’ll agree this is not the same as January’s incident.

I’m not out for “satisfaction” I do expect support and a solution if applicable. I expect Wyze to treat this with the urgency it may merit given the symptoms.

But yep I would like this resolution in private and @Loki’s suggestion is a helpful start.

1 Like