Strange Voice - Security Concerns

To start, I will clarify that I work in internet security; my network is secured, and my devices all have customized logins with substantial passwords. I have not used yahoo services in over a decade and this would not be related to the breech I’ve seen mentioned as a dismissal of similar issues, like this concerned parent: Stranger’s Voice Calling Child By Name

Not long ago I was sitting in my living room conversing with a friend and we both heard a very clear voice, identical to the clarity and volume heard when using the two-way communication features. The voice chimed in with a very rude inquiry/supposition that I won’t even repeat here, but it was an accented male voice that addressed us specifically.

This experience leads me to believe that Wyze staff are monitoring these devices uninvited - this has already been confirmed misbehavior for Amazon and Google, so it doesn’t seem like much of a stretch that other people running similar services, somehow, don’t know better.

Combined with the knowledge that Wyze is offering ‘real person’ security monitoring features, it seems undeniable that they have backdoor access to all devices, and have already set things up to monitor user devices remotely, and seemingly already doing so uninvited.

If anyone from Wyze sees this, please clarify for us:

  1. What is the extent of your remote access capability to Wyze devices?
  2. What are your internal policies for monitoring devices and captured media?
  3. What checks do you have in place to prevent abuse?
  4. What enforcement and compensation do you invoke for violations of customer privacy?
  5. What guarantee do you provide that you are not violating the privacy of your users by interacting with their devices or viewing their recordings without invitation to do so?
13 Likes

Yours is not the first report of this nature. A search of the forum will lead to a number of similar occurrences. The Wyze response (when there has been one) to these has been ambiguous and non-specific at best - I would expect nothing different this time.

2 Likes

I also expect a complete dismissal, or that they will ignore this entirely hoping it falls to a lower page and is forgotten and unnoticed by most people.

However, I’m going to give them the opportunity to…wipe, before loosing a tornado upon waste management.

1 Like

I have investigated this further and found numerous recordings on my SD cards demonstrating that someone other than myself has rotated the camera, many times. I do not have the cameras set up to track motion or anything of the sort. In many of these recordings, it appears that the controller was intentionally aiming the camera at me, with empty hands, clarifying that I am not managing the camera with the app when this occurs.

Wyze, please thoroughly answer these five questions.

7 Likes

It’s times like this I wish Wyze would have a log of IP addresses that have used one’s account. While your inside job theory could certainly be true, it’s equally possible it’s someone else who has your credentials and is logging in to your account.

2 Likes

In light of a recent history, demonstrating that most companies have already been actively violating their customers’ privacy, it seems far less likely to be a ‘hacker’ than a company with laughable concepts of privacy. Amazon and Google employees have already been confirmed to engage in the activities we both experienced; it seems unlikely that a company so disinterested in actually helping you resolve your concerns is taking any high-roads.

This seems accentuated by the fact that the Wyze staff moderating these forums have been active, since this discussion started, and apparently have no interest in providing any feedback or information.

2 Likes

Unless you are a model the inside job theory makes less sense than the “someone you know” theory. Hopefully, since you have clear records on your SD card, Wyze can provide logs that match your timestamps and you can figure out where the bad actor(s) came from. Please open a ticket with them and report back what happens.

(And of course if I were you I’d be changing passwords and considering the somewhat drastic step of two factor authentication.)

1 Like

Hello!

Thank you for your patience. I wanted to do my due diligence and check with related teams before responding to make sure that my answers are accurate. :slight_smile:

First, sorry to hear that you’re experiencing this! That does sound really concerning and we’re glad you posted. A lot of the answers you’re looking for are publicly available and I’ll put the links here, but a lot of the answer boils down to: Our system is set up to prevent employees from getting that access. Wyze employees aren’t given remote access to devices and we have built-in policies to enforce this.

We would definitely like to look into your experience because we take this very seriously. If you’re interested, please get in contact with our Security Team by emailing security@wyze.com. We’ll need the MAC of your camera (can be found in Camera Settings or on the sticker on the product) and the email for the account paired with the camera. It would also be super helpful if you give us the time of this incident to the best of your ability to help us find the right time in our logs to look at.

Here’s some information about how you are protected (including from us):

Here’s information about the active monitoring and how they don’t have access either:

"Will monitoring service (Noonlight) have access to the video feeds and/or local storage?

No, Noonlight will not have access to your videos on cloud or local storage (microSD card).

How is my data stored? Is my privacy protected?

Wyze is serious about customer privacy.

Your private data, such as your name, phone number, home address, PIN, and Safe Word are encrypted.

We will send your name, phone number, home address and Safe Word to the monitoring center (Noonlight) for safety verification and dispatching purposes. Once the alarm is resolved, our collaborating monitoring center will remove your personal data.

Your PIN will never be seen by Wyze employees or third parties.

Videos and/or the live streams from your Security Cameras are not shared with any Wyze employees or third parties (including Noonlight and the monitoring center)."

That is from the Details section from the Wyze Home Monitoring page here:

Again, thanks for letting us know about this issue. We’re so sorry that you and your friend had this happen and we appreciate you giving us the opportunity to figure out what happened here.

12 Likes

Nice response. This is the most relevant section from that first link:

How does Wyze protect my Live Stream and Event videos?

With Wyze Cam, users can view camera videos using two methods: live streaming and recorded videos. Streaming is encrypted during transfer from device to phone. Camera videos are transferred under a secure channel from device to Wyze Cloud (ingestion) and from Wyze Cloud to phone (digestion).

Wyze employees do not have the ability to view a user’s camera’s live feed. This is because we use a P2P live streaming solution, which establishes a direct connection between the phone and the camera. While this is a technical solution to privacy, we also have a policy at Wyze prohibiting employees from viewing live streams.

Event videos, which are videos recorded when motion or sound is detected, are securely uploaded to the Wyze AWS server. From here, the video only would be accessed with permission from executive-level Wyze managers in extremely rare or severe cases, such as if Wyze were to be presented with a court subpoena. No other Wyze employees have access to these videos.

5 Likes

Hi Gwendolyn,

I appreciate your detailed and insightful response. I will gather the necessary details and contact the security team soon.

6 Likes

Thank you, questioning! I hope you have a lovely day despite the stressful situation. :slightly_smiling_face:

If it’s on a Pan cam reset your cameras position then it won’t move by itself , mines old so it gets wound up to much and it will indeed move by itself lol

With almost every user of Wyze cameras having a Smartphone obviously, Why has not one of these people claiming to hear voice through their Wyze Cams not taken a video with their phone of the camera in question with audio in the video too?

It’s not like it is hard to access their camera and switch to video and record, yet there are ZERO recorded incidents of these accusations of strange voices.

I myself ONLY have cameras outside, and the only inside cameras are in animal areas in the barn.
I would never have a camera in my personal space indoors just for security reasons.

2 Likes

Questioning, I too had a similar indent about 3 years ago. I have one pan cam I use to watch my dog. The incident happened on a weekend while I was in the living room next to where the camera is located. I heard a distinct sound of a human making a cat meow twice coming from the camera speaker. I immediately opened a case with Wyze but never got to the bottom of it. I KNOW this was a human voice, I KNOW my password is secure, I KNOW they had access to video but Wyze just brushed the incident under the rug.

Was Wyze able to provide you the IP address of the device that made the sound? Another person reported back that it supposedly came from the local IP address of their own phone.

Also, when you say “access to video” what do you mean? If there was no event recorded at the time then there would be no video to review.

Never got a straight answer from Wyze. They were pushing the “are you sure you head this from the camera…” and “our security doesn’t allow anyone access to the camera” stories

2 Likes

Since then I just assume there is a possibility that a hacker may jump on one of my cameras at any time. I just have the one camera indoors to watch my dog in an open area of the house.

Why would the hacker make a cat meow sound if not to mess around with my dog? While there were no humans in front of the camera? They must have access to video

The good news… I haven’t had another similar incident since. (That I’m aware of.) And it’s been about 3 years.

Also, the incident lasted 5 seconds total so I didn’t have time to record it on my cell.

2 Likes

You practically need another set of cameras to record what the first set is up to…

proxy-image(22)

Seriously this would bother me too and I would be changing my passwords and questioning my associates at the least.

2 Likes

Quite likely because these ‘events’ are random, infrequent and of short duration. Additionally, if it were to happen to me that last thing that would come to mind would be to try to capture it on video. Also, not everyone has their phones surgically implanted on their hand so it’s immediately accessible.

Edit: I just remembered there’s at least two incidents where the “intruder’s” voice was captured on the Wyze video and it was quite clear. Search the forum.

1 Like