I received an email stating:
Your Wyze account has been signed into by a new device at 11/06/2020 03:04:36 UTC.
This was 3AM my time so it wasn’t me. Is there a way to see who is connected to the base station and/or camera? Are these things easily hacked?
Interesting. Yesterday (Thurs) at 3:58 am MST I received a similar email from Wyze with the subject “New Device Login” and first line that read “A New Device Has Signed into Your Wyze Account”. Wasn’t me or anyone I know so I immediately changed my account password. Anyone else?
Do you have 2-factor authentication turned on? It may be a warning email from Wyze.
Weather you have it turned on or not, can you look at the email address that sent this email? There’s a small possibility It may not be Wyze. I don’t believe that you can use an email with 2FA.
I’d also suggest changing your password to your Wyze account.
D you have 2FA turned on? What was the email address that the email came from?
2FA not currently turned on for this account but have a pretty strong p/w. Email looks legit, came from email@example.com
I have 7 cameras in my house with the only suspected issue being with the Wyze.
How hard is it to give us access to the base station?
I will check, but I think this is real email. Wyze cameras are not easily hacked and we are not aware of any outstanding hacks at this time. But your account can be compromised by a weak password. It can also be compromised even if you have a strong password that you have used in multiple places and one of those other places gets hacked. There are troves of hacked password/email combos available for sale on the dark net.
It his highly recommended that you use a strong and unique password for you account. It is also highly recommended that you enable 2 Factor Authentication.
Definitely worth changing your password like @Loki mentioned!
Unless I’m missing something, the only way to connect/hack would be via the app, correct? I tried to connect to the base station and I couldn’t connect and I know the password.
I got the same email yesterday, I have 2FA turned on, the email was sent just a min or so after I opened the wyze app for the 1st time for the day. I suspect Wyze reset something on their end.
there was a post about this on the FB beta group, several others got the email too
Correct. This would not be related to the local wifi on the base station.
I have confirmed that the email is legit. In addition to new device signins, these are sent out sometimes when you install a new version of the app.
Also note that the timestamp is UTC. That’s 3am in Greenwich England. So 3am UTC is 10pm EST or 7pm PST. So perhaps it was you?
In any case, I recommend you change your Wyze password to one that is strong and unique and enable 2FA.
Did you get accepted into the new ai test? I got the email when I used the app the next time, after getting the welcome to the new ai test email.
yep…I assumed it had something to do with that, since I had not used the app between the time the ai email came in till the next morning
Afirm thanks! @Loki looks like the new ai test program is involved, but I had also moved to the beta program a few days prior and pretty sure I used the app several times since then.
I feel that not having access to the base station to look at connected users or devices is a security flaw. 2 factor authentication does not solve this problem.
Curious about this. I’ve logged into the Wyze app from several different devices this year, have never had two-factor auth, and yet have also never received e-mail from Wyze about a new device login. Hmm. How is it supposed to work?
there might be an option to turn on, I dont recall…everytime I log out then back in using 2FA, I get the email
The WCO base station is protected by a strong random password. Someone would have to be within wifi range and be able to guess that password. Not likely. Also, even if someone hacked into the base station, that would not give them access to your non-WCO Wyze devices or information on the Wyze servers.
If it’s still WPA2 there are or were several attacks that shorten the time required. And brute forcing is still a thing. Not exactly a high value target for most people but still a potential risk. Maybe Wyze has already published security info, don’t know.
Thanks. That is my understanding. So any hack would be through the app, correct?