Currently, if a camera is stolen, the thief can set up the camera to their own Wyze account. The owner of the camera then loses access to any cloud video clips currently stored. This would require that the current camera owner approve (release) the camera before it can be set up on a new account.
Absolutely. This is very necessary! At the very least, access to cloud recordings should be retained for the original account. Thatâs the minimum that needs to happen, otherwise someone with mal intent has every opportunity to rob you, then basically wipe the incriminating evidence that youâd expect to be able to access to remotely. To me, thatâs a security flaw.
But overall, I think all of this needs to be implemented. It shouldnât be possible to assign a camera to a new account without the original accountâs permission, or first removing it from the original account.
5 Likes
Funny, was just setting up a Zmodo camera the other day - and was positively pleased that it could not be added until âownerâ had released camera. Was going to see how/if Wyze is handling this issue, and see @Loki had alreasy addressed it TODAY 
Locking down a camera to an account is definitely something that is needed.
4 Likes
I ordered a zmodo camera years ago. It turned out to be a return. The previous owner registered but didnât âreleaseâ it when it was returned.
The seller had no idea about the need to âreleaseâ. The owner couldnât be contacted. I had to throw away the camera.
This is a bad idea.
Wait, there is no way to vote against?
1 Like
I appreciate this concern, but on these types of devices, it really is a security issue. Many similar devices work this way. Even iPhones do. If youâre buying something aftermarket, the onus is on you to be an informed consumer, and to make sure you know what youâre buying. You need to ask the right questions and make sure everything checks out. If someone sells you an unusable camera on an online marketplace like eBay, youâd deal with that through eBayâs customer service. If you buy it in person without checking it out first, I donât even feel sorry for you, really. Haha.
It doesnât make sense for Wyze to sacrifice the security of the customers who put money into their pockets (Those who buy their devices retail) for the sake of saving a few headaches for customers who DONâT put money into their pockets. (Those who buy their devices aftermarket.)
That being said, there are other potential ways to address this. If someone tries to set up a camera thatâs already tied to another account, the app could send a notification to the account it currently belongs to. In most cases, this is probably all thatâs necessary to solve the problem, since it would prompt the original account to take action. If someone knows theyâve sold their camera, itâs unlikely that theyâll refuse to release it, unless something shady has happened. (e.g. you bought a stolen camera)
That just leaves the possibility that the original account has been abandoned. If so, it would be easy for Wyze to see that no one has logged into the app for XX days, that data/events arenât being generated on the account anymore, etc. If thatâs the situation, they could trigger a âclaim windowâ for the camera on the original account. If email and notifications fail to result in any response after a certain period of time, (Letâs say 2-4 weeks) then they could release the camera to be added to a new account after that time. (This should only be possible if the new account holder has physical possession of the camera, of course.)
I donât think Wyze would have the responsibility to help aftermarket customers who have gotten screwed, but if they wanted to, a system could certainly be implemented.
8 Likes
Great idea.
1 Like
If the seller sold you an item that was unusable, why not return it? Why throw it away?
It was a returned item. Only that person can release the previous installation lock.
Cost to ship the item back for refunds wasnât worth it.
This is why I donât like this software lock proposal.
Where did you buy it? Any reputable merchant or marketplace should cover you in the event that they sell you an unusable item, including return shipping. Even on something like eBay, if the seller refused to cover it, youâd just open up a formal dispute and eBay would withhold the funds from the seller. The seller is obviously the one at fault, not you.
Craigslist or a garage sale is about the only scenario in which I can imagine someone getting stuck in a situation like that.
1 Like
This is a cool idea. Hope Wyze will make this possible.
1 Like
I can see how you would lose access to anything stored locally on the camera Sd card, but if it gets setup on another account how does that make you lose access to clips stored in the cloud.
Surely those clips in the cloud are protected with your username and password and can still be accessed after the camera is stolen and set up on another account.
How do you lose access to cloud stored clips supposedly protected with a password.
It used to be that if the camera was set up on a new account, the old account would lose access to the cloud recordings. Theyâve now fixed this aspect of the issue. However, itâs may be preferable for a number of reasons not to allow the camera to connect to a new account in the first place, without the old account first releasing it. Thatâs not yet possible.
3 Likes
Wow thatâs ridiculous, I didnât realise they were initially set up so insecurely.
Regarding locking the camera to one account, why would that now matter, you would still lose all the recordings on the Sd card which is the main problem with having it stollen.
As I in see it, there are more urgent things that need fixing such as having the camera set the time from the router or at least stop the app asking every 7 days if I want to sync the time when in a different time zone.
Mainly because if itâs locked to your account, there wouldnât be privacy issues if you wanted to look at the deviceâs history to see whether it connects to the internet again, for example. In most cases, it probably wouldnât, but it seems like a better way to do it.
Thatâs the only reason I could think of but in order to reconnect it would need to stay in range of your wifi after being stolen which is extremely unlikely.
Also since the cameras are relatively inexpensive who really cares if they reconnect.
The only way this feature adds value would be if the Sd card was encrypted and could only be read with the camera connected to the account.
That way if itâs stolen your privacy is protected as the thief canât look through all the recorded footage.
However turning the cameras off whilst at home is a more effective way to ensure privacy.
Locking the cameras to one account is just not worth the effort for the practically non existent benefit.
The videos in the cloud will still be available to you if your camera is stolen and set up on another account , the person that stole your camera has no access to any of your videos on on the cloud , I donât think itâs necessary for this to be implemented
Exactly my point and especially since the time would be better spent adding missing features that should have been there from the start.
Seems like they have their priorities wrong.
1 Like
It has come to my attention that some really insufficient security meansures are presently being employed by Wyze and their devices, specifgically in regards to the cameras and any and all associated accounts.
Any sufficiently âsmartâ device should employ âsmartâ forward-thinking tactics, such as: requiring cams to be âreleasedâ from an account once initially set up, but prior to being automatically being transferred automatically (to anyone with physical access tot he device), and then automatically removing all access from the previous (thieved) cam owner?
Mac addressed should be recorded and associated with accounts initially, but after that, requiring the device to first be designated as released, sold, retired, or no longer possessed.
Previous account access to a cam should NOT be revoked and removed simply due to the device being registered to a new account without first being designated as released, indicating a stolen device, or physical access to a particular device with nefarious intent. Presently I could walk up to any Wyze camera installed outdoors, reset, have access to and cause access to be revoked immediately from the legitimate, rightful device owners by using my phoneâs hotspot as the local network to setup the new device on, and right there on the spot be complete with my âattackâ. Huge security flaw imo, which should be addressed immediately for all devices, not just cameras (though they present some obvious security threats which may warrant prioritization on the Wyze fix-list).
Seems like the mac addresses should be saved to the cloud and not editable by account owners (though it wouldnât hurt to display them for the account owner) and associated with a specific account until otherwise âreleasedâ to the new owner, OR disabled in the device itself (possibly requiring Wyze intervention to release and correct the issue). I would immediately flag an account and temporarily disable the camera for having been set up on an initial account and then again on a new account without, first, having been released by the previous owner. There are some really basic and fundamental steps which could and probably SHOULD be employed already on, both, the devices, locally, and at Wyze, remotely, to protect consumers and increase device security. Anything less than the aforementioned is just negligence on Wyzeâs part imo.
I would also suggest that a device be allowed to be designated as stolen and (possibly even) disabled locally on the stolen device semi-permanently and irreversibly, requiring Wyze intervention and assistance in resolving. Should be easy enough to prove device ownership via receipts/initial device setup. Heaven forbid someone sells a camera and forgets to designate it as released or sold first and the new owner has to get on the phone with Wyze to enable camera operation and association with
an account. Maybe send a notification to the previous owner alerting them and prompting them to either confirm or deny the legitimacy of the new device possession by others, this could fast-track the process getting the device back operational for the new device owners, get them new account association ability. or fast-track the disabling of a device designated as stolen in response to the attempted new account association.
Just require thing to be registered, explicitly associated, and require intervention by Wyze and/or confirmation in each step of the device transfer and setup process after the initial setup has been done and the device has been previously associated with an account. Send notifications to current account owners and encourage them to dictate device access or account access changes first before actually allowing device registration/account access/ownership/possession transfer/compromised physical access with nefarious intent.
2 Likes
Did you not read the previous posts.
According to folks on here, a thief doing what you suggest could not get access to clips stored in the cloud and could not revoke the owners access to these clips. They would still be accessed with the owners username and password.
Yes with physical access, a thief could prevent the owner from accessing the actual camera itself and SD card if fitted.
However having the camera locked to the owners account wont prevent this.
Even with the camera locked to the account, it would lose connection to the internet when the thief takes it out of range of the owners WiFi at which point the owner losses access to the locked camera as it can no longer connect to internet.
So very little benefit locking the cameras especially given how cheap they are.
1 Like
This is one reason here why locking down the cameras to an account is not so much of a good idea , but itâs just unnecessary anyway