Well this breach has stirred up quite a storm in the Wyze community.
As was suggested by Wyze, I changed my password and I also set up the 2 step verification (2FA) as it is referred to. After setting that up, I find out that my Tinycam account needs to be updated as well.
In doing so, I find out that my cloud account with Tinycam will not work with the 2FA security setup. On top of that, I find that only one of my two cams can be viewed on Tinycam. The other one gives me an error message of “P2P camera offline”. Alexey Vasilyev of Tinycam suggested that I set up a new account with Wyze and leave off the 2FA this time to get my cloud monitoring back.
I don’t know what to do as I have never been involved in a security breach of this magnitude. I want my system to be secure but at what cost for the cloud monitoring I have with Tinycam. Any suggestions?
Well, you have a slight complication here, since Tinycam although works with WyzeCam is a third party app, I’m not sure how the two company are affiliated with each other, so I don’t know if Wyze would interface their 2FA API with Tinycam, also Wyze have their own service for cloud storage, which is their CMC.
Mod Edit: (If you use TinyCam with 2FA) I would say that you need to change ever every password and have all of your bank account numbers changed because if you have one bank statement or something like that on your network.
The only way to do use these cheap little things is to completely put them on VLAN’d network that’s DMZ’d all upstream traffic is encrypted. Strict firewall rules Tinycam from everything on your network. The SSID’s are only for the cameras. Encryption key is completely random. Only use cameras for outside use. And then run Wireshark on all traffic going in and out of Tinycam for 1 year before connecting to anything and have an expert from Kaspersky Labs take a look at it.
Or buy Bosch or Axis and change the default settings.
Definitely don’t use Android or have a Samsung TV.