This is not secure

metroplexchl · April 12, 2019, 3:21am

I’m sold. Payday is Monday. I’ll be buying more cameras and recommending to friends.

ManAbove · April 12, 2019, 3:47pm

peepeep · April 12, 2019, 8:20pm

Hey @alexey.vasilyev , meant to ask, how will Wyze’s impending 2FA (two-factor authentication) implementation affect tinyCam Pro’s use with the Wyze cams?

alexey.vasilyev · April 12, 2019, 9:29pm

No idea at the moment.

peepeep · April 12, 2019, 9:31pm

Fair enough, thanks!

peepeep · April 12, 2019, 10:37pm

Update:

Frederik · April 14, 2019, 5:16am

Customers might need to setup TinyCam before enabling 2FA. Once setup, enabling 2FA should not affect existing setup.

That’s not a scenario that we have planned to be honest… :-/

@CaptainMark, @WyzeTao : thoughts?

WyzeTao · April 15, 2019, 7:40am

This is definitely not a planned scenario. TinyCam it totally independent from Wyze. We don’t have compatibility requirement for TinyCam. My gut feeling is that it wouldn’t work since we have to authenticate every device + app ID. Unless TinyCam can update with the 2FA authentication logic it shouldn’t work.

So, likely TinyCam users will have to choose turning off 2FA. Sorry about that!

alexey.vasilyev · April 15, 2019, 7:51am

We can update tinyCam app with support 2FA logic from WyzeCam. Not a big deal.
The problem is that I do not see how to enable 2FA in Wyze beta app. I see 2FA only in app chengelog, but not in the app itself. How can I do that?

angus.black · April 15, 2019, 9:37am

2FA is under Account → App Settings in the Wyze Android app.

alexey.vasilyev · April 17, 2019, 6:29am

You can allow user to specify predefined passwords for devices/apps which do not support Wyze 2FA. This is how Google 2FA is done.

Check section ‘App passwords’ under your Google account https://myaccount.google.com/security
“App passwords let you sign in to your Google Account from apps on devices that don’t support 2-Step Verification. You’ll only need to enter it once so you don’t need to remember it.”(Sign in with App Passwords - Google Account Help)

peepeep · April 18, 2019, 1:51am

Update:

ember1205 · April 18, 2019, 9:35pm

Since this thread seems explicitly aimed at understanding exactly how much more I would be willing to pay for this exact camera with all of the security items addressed, that’s what I’ll focus on.

$0 more. Why? Because I don’t buy an item BECAUSE it’s inherently insecure, but I may be willing to buy it IN SPITE of it being insecure. In the case of this camera, I landed somewhere in between. I’m not aware of Wyze making any statements about the potential lack of security of the camera, so I could argue that I sort of bought it because I felt it WASN’T INSECURE. Still, it’s a pretty inexpensive device, so I don’t know that I had a lot of expectation of being secure (so I sort of bought it IN SPITE of it being insecure).

At the end of the day, this camera is extremely inexpensive and I’m ok (to a point) with the potential security risks. Wyze has specifically outlined information about various TUTK servers that are NOT outside of the US and how to get cameras to use THOSE. That’s a good step.

I’m more interested in seeing the app be enhanced with more useful features and I’d like to see my cloud recording remain in tact for a much longer minimum amount of time. Or, I’d like the ability to record all captures to SD-CARD only and to NEVER stream those in any fashion but direct from camera to app.

Personally, I HATE cloud services. I’m sick and tired of investing money into things that are completely dependent on these Internet-based hosts that go down, take my devices offline, or completely disappear when a company closed up shop leaving my products completely useless.

Want more money from me per camera? Give me an offering in exchange that requires ZERO dependence on a cloud offering of any kind (I’ll configure my home router to use Dynamic DNS and set the app up to find my router and connect in on its own, and when I’m on the local net, UPNP can determine the internal addresses of the cameras and not need the DDNS at all).

peepeep · April 18, 2019, 11:02pm

Actually, if it seems that way it’s probably my fault. I composed the poll/questions and I’m just an active customer.

Note how company principal @Frederik responds here:

I think the thread’s overriding goal is:

To address all questions about the privacy/security of the Wyze cam and its supporting systems.

OP @metroplexchl, wouild you agree with that?

ember1205 · April 19, 2019, 5:03am

Thanks for the response.

While I understand what @Frederik is getting at, to say that charging more for the camera won’t make it more secure isn’t 100% true.

There are a multitude of places that the revenue generated from selling a camera goes. It pays for the parts, the time to design the camera, the cost of assembly, and the time and effort that goes into developing the software. There’s an additional expense associated with marketing and selling as well as to pay for the cloud services that are part of the base service as well.

While simply increasing the cost of the camera doesn’t make it more secure, that additional revenue can be put to use to leverage a more secure overall architecture, pay more people to write code so things are developed more quickly, and other similar things.

No, nine women can not make a baby in one month. But you could end up with nine babies after nine months instead of just one… Or, by offsetting each by a month, you would have 9 babies after 17 months. Either way, you put in more, you get more back. And while a cost increase today doesn’t immediately make that camera more secure, building out the underlying structure for that higher security platform (which is almost entire software and has little or no direct impact on the camera itself) and then deploying a more expensive camera to the more secure architecture WOULD make the camera more secure “immediately” (but that platform has to be designed and built before the add-on cost could be charged).

Make sense?

Frederik · April 19, 2019, 6:51am

It does.

And we are working on a few initiatives to continue boosting the security, while enabling a few new capabilities.
We fully understand that the bigger our brand, the more a target we are becoming and we are acting in relation to that.
One of the thing that is also a limiting factor is the number of changes that you can make at a time. In our case, some of our improvements and changes are so fundamental that any other attempt to build would be going for the trash as soon as the improvements would hit production.

peepeep · April 19, 2019, 7:04am

PROVISIONAL SUMMARY

With respect to cloud cameras:

Privacy | Security | Trust | ~~Money~~

peepeep · April 19, 2019, 7:04am

Do you trust Wyze to work exhaustively toward world-class cloud cam privacy/security?

Yes
No

0 voters

gemniii · April 19, 2019, 12:37pm

Do you trust Wyze to work exhaustively toward world-class cloud cam privacy/security?
NO!!!
I don’t TRUST “Wyze” at all (well maybe a little bit).
Most of the people responding on here seem to have LITTLE OR NO concept of security.
ANYTHING transferred over WiFi is hackable.
Put more “work” into an eyeball.
A camera my 94 yr old MIL can stick on the outside wall that is battery/solar powered and pipes to her TV.
/edit - perhaps I was a little too harsh in my NO, but to work exhaustively toward world-class cloud cam privacy/security seems like a dedication of resources.

peepeep · April 19, 2019, 2:43pm

In your estimation, given Wyze’s company size, how much of a “person” must they dedicate to fulfill an exhaustive commitment?