I have 2 V1 wyzecams that monitor my young kids’ rooms. 1 child is special needs. I am concerned about recent hacking vulnerability of cameras based on the findings of BitDefender and Wyze’s neglect of addressing these issues for 3 years. It’s my understanding that the V1 cameras were NOT patched and protected from this vulnerability. I’m curious as to what my options are here, aside from buying new cameras from Wyze.
Buy new cameras from another company.
1 Like
You could read Bitdefender’s white paper in order to understand how the vulnerability works so you can take measures to avoid falling victim to it.
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/
I’m still mystified as to why Wyze hasn’t given explicit information and education to customers on how protect themselves in this matter.
If I had v1s and still had doubts about how to mitigate risk after reading the white paper, I would stop using them.
(To read the research paper with the details, click on the link to download the pdf within the article above.)
1 Like
That is an option, but may or may not be a solution. I’ll never feel 100% secure with internet cameras from any company.
2 Likes
I am too. That’s why, as the first reply mentioned, I’m kind of exploring other companies’ options as I feel disappointed that Wyze
A-did nothing about it (publicly anyway) for 3 years
and
B-didn’t address it with their end users other than ‘new firmware update released today,’ type of stuff.
I’m guessing it’s all legal reasons why but they’ve always positioned themselves as the ‘scrappy little guy.’
It’s a little disheartening and kind of forcing me to look elsewhere for the first time in 5+ years of buying, using and trusting their products . And trusting their company.
3 Likes
Ditto. But I did just order a smart door lock from Eufy. If it performs dependably, I’ll be ordering cams too, since they’re a subsidiary of Anker, a brand I own many other products from with no complaints, and they have a “no subscription required” business model, too.
Not just cameras but the entire universe of IoT. It’s just that some companies have demonstrated an indifference (distain?) regarding their customers more so than others.
IMO Wyze falls into that category, not just with the current security issue but their ongoing lack of S/W and F/W QA and erratic performance/stability of the backend support infrastructure.
2 Likes
Eufy has their iwn issue but Not as worst as Wyze.
Eufy changed their Notifcation modulento using Google. you might notbget nitificatiin after 5 to 30 min. there is no sound alert with notifications.
Eufy push firmware update s and user has no control. If Eufy software guy s fail like Wyze team , entire Eufy lineup will kick bucket.
The issue for me is not whether there are leaks, breaches or vulnerabilities but how the company responds to them? Do they notify customers in a timely manner? Do they give customers enough information to allow them to make educated decisions about their options and to determine what best serves their own interests?
In Wyze’s case, did they EOL v1 when they determined v1 lacked the capacity to implement the firmware needed to plug the vulnerability and when they released v2?
If they couldn’t afford to replace owners’ v1s, they could’ve offered a special limited time discount to those owners in order for them to upgrade to v2.
I am doing research on Anker/Eufy’s track record.
1 Like
I’ve always proceeded on the assumption that any of my internet connected cameras (I have more than must Wyze) might at some time be viewable by others. That’s while they all point outwards into spaces others can already see. If I ever put a camera inside, I have plans to keep it covered while I’m present.
The only way I would trust any camera in a private situation would be if it were local only.
2 Likes
With the practices you use, in the event of a vulnerability like that disclosed by Bitdefender, you would still be signaling to a digital intruder what your general schedule is…when you’re home and when you are not. It’s not a substitute for feeling able to trust that the company selling and supporting your equipment is reliable and responsive in executing its responsibilities to prevent such vulnerabilities or failing that to at least plug them asap and tell you when they exist.
Anyone that was in my locality could easily discover my schedule.
But not those who have accessed your sd card contents online.
Can you clarify what you meant?
Knowing my schedule would be of little benefit to anyone that wasn’t in my locality. A random person on the internet might find they would have to travel 50 miles to reach my home…or 1500. They would also need have knowledge of my address by other means, or be able to recognize where it was just from the camera view(s).
By the way, the only Wyze camera I have that shows my comings and goings doesn’t have a micro SD card installed. It is on a CamPlus sub, but I also assume that video could potentially be accessed.
Right but there is a continuum between the two extremes you cite.
I wasn’t aware of your lack of an SD card and couldn’t intuit it from the post I was replying to. But if someone lurking here had an SD card and a v1 cam, it would not be safe to assume simply covering their cam when they’re home is protection from someone down the street, across the city or elsewhere gleaning useful information from their SD card.
Some contend that the above scenario is a moot point for a variety of reasons, but we can’t trust that there’s not a different, current, or ongoing undisclosed vulnerability we aren’t aware of based on Wyze’s history.
If what you’re doing gives you a sense of safety then okay but that’s more security theater than actual security.
If I had an indoor cam with a micro SD card installed, but kept it covered while at home, how would being able to access the micro SD card give any additional information beyond if the person was able to view the camera live?
As to “more security theater”, I’m more concerned with practical security than theoretical threats. Explain a scenario where my security would actually be threatened that makes practical sense. I’m not talking about a “could” scenario just to win an argument, I mean something someone would actually do in reality.
1 Like
The scenario I was addressing had two important physical factors: An SD card in a cam v1. That vulnerability is addressed in Bitdefender’s white paper. The link to download the PDF that explains the vulnerability can be found at
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/
In any case, the idea of “security theater” is dangerous on its own because it gives people a false sense of practical security where it shouldn’t. A prime example of that are the Transportation Security Administration’s airport checkpoints. Their actual internal test results reveal that more concealed weapons and IEDs pass through their checkpoints undetected than are caught. It has improved somewhat over time, but TSA from its inception was to give travelers a sense of security in order to induce them back into air travel following 9/11 even if in practice their actual performance was much worse than most people suspected. Security Theater.
You failed to address my request: Explain how in practical terms someone having access to my video from my cameras (stored or live) as I use them is a practical threat to my security (or most anyone else’s using them in the same manner). I didn’t ask for an example of security theater somewhere else. I know what security theater is.
You appear to imply one should be able to trust an external party for that security. I don’t want to count on it. Which is the true “security theater”? The best security begins from the point of assuming possible compromise.
Yeah i figured that would be your response. I’m simply a customer like you. I don’t owe it to anyone to do their homework for them. You appear to be completely convinced you’re covering your bases. But in the realm of IoT, I’m not convinced anyone can afford that level of confidence. Good luck.
First Have you ever put MicroSD cards in your cameras? If not, then the vulnerability will not impact you. Moving on…
Respectfully, the best option is not to have cameras in your kids’ rooms. That said, you’ve make an informed judgment call that the risk vs the benefit favors the benefit.
No camera system will be perfect. Your ideal would probably be a closed-circuit system with no internet connection whatsoever. That would eliminate the vast majority of the risk.
ANY internet connected system is going to carry additional risk.
That said, with any camera system in such a sensitive area I would suggest using a dedicated wifi-router for the cameras. Only use that network for connecting the cameras, setup a very difficult and long password, and then connect it (by wire) to your router. Network segmentation, in general, will improve your overall security profile.
3 Likes