Response to the 3/29/22 Security Report

Not exactly Bill. A listener on port 80 doesn’t mean it returns a valid response a browser understands. Script based web services often run on port 80 and don’t generate anything a browser would understand. You would have to follow the bitdefender recipe. Seemingly: *The card contents can be viewed through the hello.cgi functionality located at /cgi-bin/hello.cgi; then the files can be *
downloaded through the /SDPath/ path.

Given a decent net connection, our show is incredibly stable. It doesn’t have a night vision mode, however. You can control it with the app and I believe it has some other abilities it didn’t have a few years ago to monitor its location.

Isn’t it sad that you can find a kennel to put your dog in that has a “kennel cam” but we can’t do the same for our loved ones?

1 Like

Absolutely. Even worse, the ALF balked at the idea of my putting a cam in Mom’s room because “it would violate the privacy rights of the staff.” However, they did offer the option of allowing me to install a self-contained trail cam with no remote access and only if they would have exclusive access to its sd card contents. WTF?!

If there IS a vulnerability, Wyze should disclose that there IS a vulnerability (not necessarily the full details) so that customers can make an informed decision as to whether or not to continue operating the cameras until a patch has been issued. Especially if the issue is going to take 3 years to fix.

How would you feel if the manufacturer of the lock on your front door knew that the lock just didn’t work but didn’t want to tell you until a fix could be offered (which in this particular case would be 3 years)? Whereas if you knew the lock didn’t work you could take matters into your own hands and switch the lock out yourself.

2 Likes

I suppose by Wyze’s twisted logic, even just letting the public know there’s a vulnerability would set criminals off on a scavenger hunt to figure out what the vulnerability is and how to exploit it.

But I believe as a practical matter, the crux of Wyze’s silence lies in its fear that it would lose customers or sales and its own immediate survival or convenience was judged to be more important.

2 Likes

Oop. I hadn’t seen these before.

I don’t know how much more national recognition of Wyze’s mishandling it’s gonna take before the big retailers stop selling Wyze hardware in order to distance themselves from the situation.

Especially when added to its other concurrent security lapse;

2 Likes

image image image :question:

image All ears, love it! :slight_smile:

Won’t Wyze security engineers and their new hires:

Though we kicked off development quickly, we want to respond quicker in the future and have made significant advances in our security infrastructure, including hiring a team of dedicated security engineers to work exclusively on responses to security events and strengthening protection.

love the chance to hone their game in the never ending quest for truth justice and a better tomorrow?

Lol, I say “look, you’re all ears!” sometimes too. If I could only set her “detection zone” to exclude anyone walking by on the front sidewalk :slight_smile:

Security pros are, pardon the pun, a breed unto themselves. I know a few and they command big $$ and share the same intensity that my buddy in the picture does when it comes to security. While they have to deal with challenges at times, their main job is to prevent them in the first place.

3 Likes

Yeah, isn’t that kind of them. I get that it could be a PITA to them, but then again, if you have nothing to hide… I could relate a few experiences we had when my wife’s mom had to spend short times in an ALF but I’m guessing we’d just be swapping war stories.

2 Likes

A friend adopted a Mexican street dog, a little terrier who’s adapted well to pampering, seems to have got his ‘alert’ dialed-in, not too little, not too much, she thinks he’s psychic, his nemeses are the squirrels who bomb him (and my friend) from the flame (?) trees with dagger-like seed pods, then chatter cruelly while he licks his paw…

The breed

Do any of your pals of ‘the breed’ laugh like T.Hulse in Amadeus?

image

When they’re among ‘people,’ I mean, doing it when alone don’t count… :wink:
 

What does this have to do with security and wyze?

Well, she had a situation virtually demanding a v3 aimed through a window to counter the mischief of local ne’er-do-wells in her open backyard.

After speaking a few minutes we mutually agreed her radar pup was sufficient - and the degree of mischief insufficient, to warrant the electronic eye.

They’re addictive, y’know. Watch out. :wink:

1 Like

Which? The dogs or cams?

I’d say both.

2 Likes

Good grief, this is none-sense. How much does Wyze pay you?

1 Like

Such an interesting response. I think we are mostly in agreement except two small points.

  1. Context isn’t victim-blaming. I mean, we aren’t even sure there are victims but let’s assume for the sake of argument that there are. I would fully support blaming Wyze because it would be completely Wyze’s fault. Anyone who interprets my remarks otherwise is confusing painting a full picture of the actual risk with the assignment of blame.
  2. You can’t have it both ways. “…we all need to try harder and be much more vigilant in our efforts to protect our privacy.” We are in absolute agreement! We do all need to try harder! but those same people who don’t understand technology can’t then claim there is a profound and huge security breach. They fundamentally don’t have the understanding. Now I’m glad to sit down with whoever and explain the implications of this breach and how it could have impacted them and why I would rate the severity as relatively low.

If someone then refuses to learn about the technologically complex they are condemning then they have lost the right to contribute because they aren’t, they are spreading misinformation.

So I feel completely comfortable educating my family and members of the public that giving out their wifi password is the technological equivalent of giving someone the key to your house. The vast majority of people are trustworthy and won’t abuse your trust but it isn’t without risk.

Let me emphasize, in case it’s unclear, we are in total agreement that Wyze was irresponsible (see my post above). We are in total agreement that Wyze has an obligation to inform their customers (see my post above).

Maybe it’s silly to want reason and nuance to prevail in this age of extremism and emotional newsporn around every corner but I don’t see any way out of our collective information quagmire than, when possible, trying to fight oversimplification of complex systems.

All the best, Mx. Beans.

3 Likes

I truly liked that expression! :thinking:

1 Like

Who are you referring to as “wanting to have it both ways”? I’ve never claimed the risk was massive nor any more than theoretical. I haven’t seen any proof that either of those things are true and wouldn’t assert either without that knowledge.

I have only ever contended that those things are irrelevant to the more important concern that Wyze deprived customers of the disclosure that would allow them to make an informed decision about how to protect themselves from accidental, or intentional but misguided, practices that might have left them open to risk.

1 Like

Then I misunderstood the gist of your post. Apologies.

I must have confused those who are claiming some profound risk with your remarks :smiley:

2 Likes

I don’t get to my computer as much as I want to lately but I want Wyze Labs to read another opinion from long time customer and for myself I was a staunch supporter of the company since all they had was just the original WyzeCam that was it, not even called V1 and such. Going out with my now late wife would be an advocate Wyze made security monitoring available to anyone at an affordable price but this allowing any type of vulnerability kept hidden from the consumer for three years is absolutely inexcusable plus from what I recall there was no proper notice to customers of this severe issue and it was exposed. It just feel like as a company you will do whatever you can to sweet problems under the rug, so what happens when there is another massive issue that effects customers, are they just going to hide it and do the same thing all over again?

Well after this my trust and loyalty for this brand is broken and I need to revaluate what I want to do as I feel this company couldn’t care less to have me as a respected customer. They have done some good but there have been many problems that have been getting worse over the years including not listening to customer demands with certain product updates that aren’t camera related.

I hope this event can be a changing point for Wyze Labs to be better but if not then I will move on and figure something else out as there are many more options since they started in 2017.

3 Likes

You all Forget …$20us camera … and your a fool if you didn’t format your old card before you use it and why wouldn’t you… more space = more recordings… lol … BEERS ! … ( Back to reading more stuff …)