Lol, not sure about that, peep.
I don’t dislike Wyze and I’m not affected by the cameras in question. It doesn’t give me a lot of faith in the ones I have but I only have the inside ones on when we aren’t here and all it records is my active alarm and theft deterrent system that isn’t Wi-Fi connected.
That would be this
If there IS a vulnerability, they won’t disclose it until it’s fixed. Which is smart. If they did disclose it, it’s like advertising your house is unlocked when you’re not home.
Leo Laporte , just keeps nailing WYZE, for keeping a security flaw in V1 cameras, quiet for 3 years… Seems like a real shot in the arm to inherent trust. I mean you gotta keep the customers safe. Am i wrong? Whats your opinion.
And in that scenario, if there’s an unplugged ongoing undisclosed vulnerability, that customer could be unknowingly advertising their schedule of when they aren’t home because that’s the only time they record.
Tech risks are like a red, red rose. It’s complicated and I’m feeling a little thorny, to mangle a line from The Mask*. 
That’s true and that extends to other connected devices as well.
But again, if you have someone behind your router/firewall, there’s lots better targets that don’t require any patience. I know, the neighbor who manages to hack your poorly chosen, common knowledge Wi-Fi password is out there and probably represents the greatest or only threat raised by this. The router hacks are looking for command and control, which these cams don’t possess.
But again, again. It flat should have been fixed faster and/or they needed to be more transparent.
LOL. Did you read above? There’s A LOT of what you’re requesting that is already available right there for the reading.
But, yeah, say your piece and maybe those who haven’t already run out of steam from the prior debate will respond. Or folks new to the forum and/or debate will find some satisfaction in venting anew. That’s fine.
But if you don’t get a flood of responses from members who’ve already said their piece, don’t assume nobody cares. It’s just that they may have nothing more to add that they feel holds any hope of changing anyone else’s mind. If you read the entire thread, you will probably see that there are vast differences of opinion that are at once informative, confirming or infuriating depending on your own take.
On the chance that Wyze is monitoring this thread, adding your own voice might serve to inform their future choices. So speak your mind.
On the other hand, if you need more input, you can also find lots of discussion about these issues on Reddit in Wyze’s own subreddit.
Good luck!
Welcome!
Leo’s found something that can maybe increase his audience. He chooses his words and how he emphasizes them to get the most bang for the buck. The boring truth doesn’t play as well.
It’s not “fake news” and there is a good point about Wyze not addressing the issue for such a long time.
You are correct, in this piece of the tech business, it should be priority one that you keep your customers safe. After all, that’s a big reason why we’re buying this stuff in the first place.
I appreciate your reasoning. But I also think it’s an error in logic to assume all users fit into the same neat box where they have the option of adhering to black and white rules of best practices.
For instance, my 94 year old mom lives in an assisted living facility that provides wifi access. While the wifi password is not openly published and I had no knowledge of what it is, it took me all of 5 minutes to guess the password.
I’ve been wanting to install a cam in her room at her request in order to monitor her treatment, the security of her belongings and be aware if she suffers a fall. But that means I have to also weigh the risk vs benefit if that cam could actually introduce an additional risk.
I have zero control or influence over the IT guy in charge of that facility’s tech policies, practices or infrastructure. So what can I do?
Check. 
And how do I trust that there currently is no ongoing undisclosed vulnerability in v2 and v3?
Disclosure years after the fact is not helpful while it’s happening.
It’s your mom, Money should be no object, Put a AV20476RS in there.
LOLZ. Funny guy.
Regardless if it is a serious flaw or a minor one 3 years is, indeed, ridiculous for a fix and a statement.
Aye! THAT is the point.
I certainly don’t wish to sound like Wyze but, hey, using 2FA is a start toward a little account protection. I always prefer the choice of generating my own TOTP over getting an SMS.
Actually, I might consider a V2 instead and putting non-Wyze firmware on it like dafang. Quite a bit more complicated and it certainly is not a solution for the average consumer, but that is what I might do.
If ya wanna spend $1800 or so why not just buy some Wyze stock?
“I certainly don’t wish to sound like Wyze but, hey, using 2FA is a start toward a little account protection. I always prefer the choice of generating my own TOTP over getting an SMS.”
Gee that sounds great. Where can I buy it?
But seriously, I did say I have no control or influence over the administration of her facility’s wifi. Their router’s password is THE ACTUAL EFFING NAME OF THE FACILITY. I guessed it on my first try. Oof.
Because I want it to have worth in six months. Bah dum bump. 
Yeah, sadly that is often the case but putting 2FA on your Wyze account will make it harder to get to the account, especially if your account controls several cameras. Or, if ya wanna be daring, pickup and V2 and hack it, put non-Wyze firmware on it you’re done. So, there!
Ah, fine. For that kinda money you can get yourself roughly 7 shares of NVDA, wait till they double, then sell them all. Better?
For that money, I could employ a human fulltime body guard with somewhat better build and quality than a v1, v2 and v3 for the rest of her limited natural life.
Sorry for taking us down this tributary everyone. Carry on.
Can someone tell me how this exploit is supposed to work? I tried opening a browser connection to one of my cameras and it failed. Just trying to understand how it works.
100%
A company knowing about security issues and not prioritizing makes you wonder what other issues they were racing to fix? And what other dev priority roadmap items were put in front of these.
