Agree. Wyze is in hot water. They failed to be transparent as they have made their reputation to be and not only that, they let it go for three years and with this all out in the open now, they still refuse to speak to their customers concerning it. They’ve lost my trust. I won’t be surprised if this does them in.
2 Likes
Purchased the original first camera and am so disappointed to know that this flaw was hidden for so long. What else are you not telling us?
1 Like
This was a huge blow for Wyze. They have lost my trust. They knew for 3 years there was an issue here. What if in 3 years we find out that cam plus had a flaw and our cloud recordings are in the wild? You want the risk of a company not telling you that the inside of your home could be watched?
I don’t.
1 - The issue is that they did not act or inform us it existed, period. I am an IT professional and devastated they did not disclose this with a clear explanation as to what it actually means…
2 - Local access to your camera means behind your “firewall” which 99.9% of all people have even if they don’t know it… since it’s impossible to connect your Wyze Cam directly to the Internet without a WiFi access point… everyone using a Wyze Cam, of any type*, must be using another device between the camera and the Internet.
**The only exception to this could possibly by the Wyze Base Station that does have an Ethernet port and I suppose if you plugged that directly into your Internet provider’s modem/gateway it may be the exception, but I haven’t tested this personally.
If you are really worried or need peace of mind… from your network you can use this site to do a remote port scan - GRC | ShieldsUP! — Internet Vulnerability Profiling - and use the “Common Ports” option.
Anyway… the real issue here is a total lack of transparency… a few months maybe a bad decision but THREE YEARS and they said nothing nor actually patched it? That is horrifying.
2 Likes
Polar opinions? Compatible? Unrelated?
Note: I did not read the linked ‘myth’ article because it is technically over my head. 
And this is a key quote from the article:
How Does the Exploit Work?
"As described in Bitdefender’s report, hackers could gain access to the contents of a Wyze Cam’s SD card “via a websever listening on port 80.” This is due to the fact that all SD card contents are accessible without authorization in the camera’s web directory, which makes sense, as recordings saved to your SD card need to be viewable through your local network.
If that sounds complicated, let me bring it down to layman’s terms. Hackers who manage to access your local network could dig through your Wyze Cam’s SD card. They could also access SD card contents if your Wyze Cam’s port is exposed to the internet—something that you would need to manually set up through port forwarding."
So, someone either needs to be on your local network or you need to have exposed the camera on the internet.
4 Likes
2 Likes
To all the freaked out newbies frantically reposting links to the alarmist (and now sheepishly corrected) Verge article:
Did you pay your ISP for extra public IP addresses and make sure to grant them to your Wyzecams? Do you know anyone who ever has? Do you even know what that means?
There was no threat to anyone (statistically speaking anyway) and a cheap camera company chose to ignore it. No one was compromised.
And the old anti-NAT article linked above carries no weight at all in this context. None of this applies to a home user with a $30 router.
Wyze slacked and should face informed disapproval, not a bunch of scared people who were never for a moment under any kind of threat.
4 Likes
This is the only possible point of contention, from the new press release @Seapup just linked:
As Bitdefender reported in their timeline, we issued the first patch in the month following our notification, and over time we continued to mitigate the risk of these exploits with additional patches in the months that followed.
1 Like
2 Likes
I would worry Google, Youtube more.
Wyze ingnored and wasn’t transparent. They could have stopped the newbs from freaking out by just being honest and not waiting three years to fix the problem.
1 Like
Precisely! See how I just shamelessly quoted my former self at
You were a pain in the ass back then. Still kinda prickly. 
2 Likes
Yeah, I was thinking of that too, but wonder how the definition of “breach” pertains to this. We have breach notification requirements and I guess a few stray incidents, if there were any, might qualify as a PII breach.
I’d bet they’ll be looking for a new liability insurance company though. There were some hefty compliance clauses in our policy and it is audited every year.
I’ll link to my personal take on this, rather than retype it all here:
In short, I personally wish Wyze didn’t “fix” this. It wasn’t an issue (to me), but was instead a feature that thousands of us have been BEGGING them to implement INTENTIONALLY. Accessing the camera SD card files through our network is the 8th most requested wishlist item in Wyze’s history of THOUSANDS of wishlist requests. We’ve been begging for this to be allowed intentionally for YEARS, and just didn’t realize it was already possible, and now suddenly people are complaining that it was possible to do what we’ve been asking for and just didn’t know how to do it.
No strangers could access it. No outside hacker/criminal could access it. Only people you already allowed on your secure network could access it (assuming the people in your household are advanced hackers that could figure out what it took multi-million dollar dedicated security teams to figure out). Seeing the files that are ONLY accessible on my secure network is not a security concern for me, that’s a feature we’ve been BEGGING for. But that’s just me. I totally get that publications want to fearmonger and scare people with clickbait to increase their ratings…they have to make a living…but it is dishonest and disingenuous to all the people who don’t actually understand networking and computers and believe what the media tells them to be afraid of. It’s wrong what they’re doing to scare everyone.
But hey, there is now a huge opportunity to get a bunch of awesome low-cost Wyze devices on auction sites and marketplace classifieds from anyone who does want to give it all away cheaply. I’d love some free V1’s to add to my collection, especially if they still have this high demand feature enabled to allow me to access the SD card through my secure network…I would love that.
9 Likes
That may be the most entertaining and unexpected take I’ve ever seen from the prolific Mr. @carverofchoice . And you’re not wrong. 
5 Likes
What spooks me more is the often entrenched disparity in opinion on these subjects among reputed IT professionals.
Shouldn’t you guys be consensus builders?
The peeps are nervous.
I’m sorry but you clearly were not a original Wyze customer like myself. Wyze did sell the v1 webcam in 2017, I was one of the first to pre-ordered the v1 when it was first announced and received my unit in 2017. The v1 WyzeCam was sold in 2017 and discontinued just a few months ago in January of this year. I have been a customer of these cameras, their first product since the company first shipped them out, again in 2017. They also sold refurb v1 units up until recently,
Also as to the SD card firmware patch, Wyze just recently fixed them in the v2 and more recent units this January, and as stated in Bitdefender’s report they were notified of that problem 3 years ago.
So you see there is no making things up or exaggerating reality on my end.
1 Like