Omgeeeee that meme of Smith slapping Rock… SO ACCURATE
UPDATE YOUR FIRMWARE - Wyze Cam flaw lets hackers remotely access your saved videos ( * if they can gain access to your local network/WiFi )
I’m pretty ‘meh’ about this ‘exploit’.
I would definitely like to be able to access my SD cards without having to unplug the cam, remove the SD card, and later readjust my Detection Zones because I can never get it back into the same exact position. I’m just now learning about this feature and now it’s gone.
This misconfiguration for the most part does not affect me as I keep them on my internal network and do not port-forward to my Wyze cams. If someone gains access to my SD card over the internal LAN I probably have much more important things to worry about.
How it could affect me is that I do have a V2 that I kept around for travel with the intent of monitoring my hotel room for potential intrusions while I am out. If I were to somehow get the camera on the hotel WiFi this flaw would DEFINITELY be something to know about. But because getting it on hotel WiFi would probably require some creative methods of bypassing the captive portals, it would likely remain offline or attached to a mobile hotspot.
A better solution than removing the feature to access the SD card would be to modify the webserver to require credentials to authenticate. The credentials could either be randomly assigned and provided in the Wyze App, or allow the user to configure the credentials via the Wyze App.
unrelated to the issue at hand, I have a small travel router that I use for this purpose. I setup the router with the same SSID that I have at home, and connected my WCO Base to the travel router, after the travel router connects to the hotel wireless. Four WCO’s in the hotel room to watch for my blind cat and/or unauthorized entry into the room.
I have very similar thoughts.
Regarding your Hotel comment, I also take a camera with me when I travel and use hotels, etc. I almost always connect another device to the hotel WiFi (phone or laptop), then have that device running a VPN so nobody can intercept my laptop or phone use on the network (everyone should always do this for any device on any internet you don’t own), and then I have that device broadcast a mobile hotspot for all my other devices (including the cam I took with me). Like you said, creative methods to bypass the captive portals, especially when a browser is required to authenticate, and cams can’t use a browser anyway. I am sure that it’s PROBABLY fairly safe to use most hotel WiFi anyway, since I am sure almost all of them have device isolation active, but people should know that you should always run a VPN when on public networks or you take some big risks with your devices.
I am totally supportive of your final paragraph suggesting allowing something similar using credentials to authenticate. Might be worth posting that same comment in the wishlist for that feature, because there a lot of us that would still love to have this as an option in the future.
Great thoughts. Thanks for sharing.
Perhaps we should move this over to a Watercooler discussion?
I purchased this travel router:
I then flashed it with OpenWRT (works only with V3 of router, not V1)
I would recommend becoming familiar with this router with it’s factory firmware before flashing it with OpenWRT.
It was a challenge to get it all running but staying at the Extended Stay America for 7 months while trying to find a house to buy at the beginning of the “Pandemic” and working from ‘home’ at the hotel… I had plenty of time to tinker with it to get it to work.
Can you tell me more about your cool hotel setup? You have one router that connects to the hotel wireless, and also broadcasts wireless to your WCOs? Or do you carry two routers? I’d love some specifics on hardware.
I would start here: https://www.lifewire.com/top-travel-wireless-routers-2377742