You can read the Bitdefender research paper linked in the following reference. It goes into some detail on how it’s done. You will need a cam v1 as those have not and will not receive the firmware update that prevents exploitation of the vulnerability.
UPDATE YOUR FIRMWARE - Wyze Cam flaw lets hackers remotely access your saved videos ( * if they can gain access to your local network/WiFi )
Aren’t you happy that you now have your wish to have a way to remotely access your cam’s sd card files (at least on v1s)? Since there are lots of people saying they will be getting rid of their v1s, seems like you could scoop up as many v1s as you can get your hands on at minimal expense as a win/win for everyone including keeping all that plastic out of landfills.
Has anyone received a direct response from Wyze about whether they have been notified of a similar hack for the v2, v3, or any other camera? I have asked Wyze multiple times, and I have not received a reply. This thread is also lacking in participation from the usual Wyze crew.
F*#&K wyze! All the woeful products I own and bought from them are already in the trash!
Just to be thorough in case anyone reading is new to this conversation: According to its timeline concerning the vulnerability, Bitdefender’s white paper states that Wyze released the firmware update fix on January 29, 2022 for v2 & v3 cams, three years after being made aware of the vulnerability by Bitdefender.
Wyze mentioned that they were unable to provide a firmware update for v1 due to its incapacity to store the needed update, Wyze, advised that v1 is no longer supported and has warned customers to continue to “use at your own risk” with no or at least woefully inadequate details provided regarding the specific reason allowing customers to dismiss those vague statements as a crass move designed to sell replacements rather that provide enough info to educate and protect their customers.
HOWEVER, outside of this forum, I’m not aware of any explicit notice sent to cam owners and would like to see that occur as an exercise of basic corporate responsibility. And even within this forum, Wyze’s statements have not been explicit enough IMO and has sought instead to focus on minimizing people’s concerns as exaggerated and excusing its lapse in a way that sounds a lot like, “if anyone got hacked, they were doing something to deserve it”, to paraphrase my perception of their statements.
Since the vulnerability has been published by Bitdefender recently, the blueprint for how to take advantage of the vulnerability is publicly available and it’s incumbent on Wyze to actively reach out to customers to explain why they should be cautious in continuing to use v1 especially considering many customers in this low end of the market may predictably have entry level technical skills and be unaware of how or why they may continue to be at risk.
Just a bump for this response too, to round out the conversation a bit.
This whole issue is Wyze’s “Keep my wife’s name out of your ***** mouth” moment.
MOD NOTE: Post edited to conform to the Community Guidelines.
. Wait. Which side is Smith in this scenario?
Call me Daniel Radcliffe on the subject.
Omgeeeee that meme of Smith slapping Rock… SO ACCURATE
I’m pretty ‘meh’ about this ‘exploit’.
I would definitely like to be able to access my SD cards without having to unplug the cam, remove the SD card, and later readjust my Detection Zones because I can never get it back into the same exact position. I’m just now learning about this feature and now it’s gone.
This misconfiguration for the most part does not affect me as I keep them on my internal network and do not port-forward to my Wyze cams. If someone gains access to my SD card over the internal LAN I probably have much more important things to worry about.
How it could affect me is that I do have a V2 that I kept around for travel with the intent of monitoring my hotel room for potential intrusions while I am out. If I were to somehow get the camera on the hotel WiFi this flaw would DEFINITELY be something to know about. But because getting it on hotel WiFi would probably require some creative methods of bypassing the captive portals, it would likely remain offline or attached to a mobile hotspot.
A better solution than removing the feature to access the SD card would be to modify the webserver to require credentials to authenticate. The credentials could either be randomly assigned and provided in the Wyze App, or allow the user to configure the credentials via the Wyze App.
unrelated to the issue at hand, I have a small travel router that I use for this purpose. I setup the router with the same SSID that I have at home, and connected my WCO Base to the travel router, after the travel router connects to the hotel wireless. Four WCO’s in the hotel room to watch for my blind cat and/or unauthorized entry into the room.
I have very similar thoughts.
Regarding your Hotel comment, I also take a camera with me when I travel and use hotels, etc. I almost always connect another device to the hotel WiFi (phone or laptop), then have that device running a VPN so nobody can intercept my laptop or phone use on the network (everyone should always do this for any device on any internet you don’t own), and then I have that device broadcast a mobile hotspot for all my other devices (including the cam I took with me). Like you said, creative methods to bypass the captive portals, especially when a browser is required to authenticate, and cams can’t use a browser anyway. I am sure that it’s PROBABLY fairly safe to use most hotel WiFi anyway, since I am sure almost all of them have device isolation active, but people should know that you should always run a VPN when on public networks or you take some big risks with your devices.
I am totally supportive of your final paragraph suggesting allowing something similar using credentials to authenticate. Might be worth posting that same comment in the wishlist for that feature, because there a lot of us that would still love to have this as an option in the future.
Great thoughts. Thanks for sharing.
Perhaps we should move this over to a Watercooler discussion?
I purchased this travel router:
I then flashed it with OpenWRT (works only with V3 of router, not V1)
I would recommend becoming familiar with this router with it’s factory firmware before flashing it with OpenWRT.
It was a challenge to get it all running but staying at the Extended Stay America for 7 months while trying to find a house to buy at the beginning of the “Pandemic” and working from ‘home’ at the hotel… I had plenty of time to tinker with it to get it to work.
Can you tell me more about your cool hotel setup? You have one router that connects to the hotel wireless, and also broadcasts wireless to your WCOs? Or do you carry two routers? I’d love some specifics on hardware.
I would start here: https://www.lifewire.com/top-travel-wireless-routers-2377742