Why is this camera reporting to China?

I’d bet this is a firmware problem of some kind- the camera can’t load the MAC from the Wyze firmware, so it’s defaulting back to the one hard-coded into the WiFi chip.

No idea - but the camera Wyze MAC is also connected to my network at the same time and the camera is working fine.

I’m guessing “camera reboots for whatever reason, WiFi chip says ‘Hey, is anyone out there? Can I get an IP address, please?’ at the default MAC address once or twice during the boot process before Wyze firmware overwrites MAC address.” So you’ll see the default address for the WiFi chip in your ARP table, because your router heard it talking very briefly at that MAC.

If it ends up being something else, please let me know!

1 Like

The wifi chip doesn’t connect to my network every time I boot the camera. However when it does join, it remains connected to my network as long as the camera remains powered.

If/when support tells me what the issue is I will post it here.

Amazon has data centers around the globe to provide duplicate data when other data centers are being upgraded or serviced. Perhaps this switching of MAC addresses happens when the AWS server your data is being stored on switches to a duplicate server to provide uninterrupted service. It’s safe to assume that over 70% of the Internet runs on Amazon in some form or capacity. Just because your devices hit nodes in China doesn’t necessarily mean malicious activity is taking place.

Let’s be clear that no one has provided any evidence of that in this thread. This thread started because someone thought a hardware address lookup of a network card manufacturer name meant the camera was reporting to China. There are threads for any actual China evidence if you have any. Let’s keep this thread about the hardware address, which is where it started.

1 Like

See you go away for a few days and miss all the fun.
Billy the camera manufacturer has has a MAC address range that’s unique to him. They make 10 widgets. Each widget has one address from within the range along with the name of the manufacturer. In this case China. Mary buys a widget from Billy and to make it her own, she covers up his MAC address with her own so it says Mary. That’s the sole relationship here. The fact that the camera has China stamped in the microcode, that’s what it says unless you overwrite it. It’s not calling China just because China is stamped on the chip. It’s practically graffiti. Sometimes, things get screwy when Billy’s widget’s boot up the firmware. Maybe there’s a comma missing in the code somewhere and it sporadically screws up the overwrite. Maybe it’s a errant voodoo spell. This went for a simple explanation to the X files pretty quickly :flying_saucer: I’m running a logging sniffer and I see every packet from every device and know exactly what it’s doing. What i’m not seeing are any Wyze cams trying to call the Billy at the mothership. mothership (which is more that I can say for my hikvision and dahau ip cameras that are relentless btw). . Every Wyze outbound traffic went to an IP address that ultimately resolved to an aws access node. Y’all need to relax, have a cold one :beer: and calm down. Besides - it’s Google you really should be worried about.


The overwrite can only happen in the camera. You’re not going to change a MAC address while it’s in transit (well, technically with a mim attack you might but why would you want to :man_shrugging:) to aws.

GregLock, I scooped up your ticket and sent the number over to the point of contact for looking into this. I’m sorry, due to how late in the day and week it is you probably won’t hear back until next week. We appreciate you sending in your ticket! :slight_smile:


E.T. reference? :slight_smile:

Here is an update from my ticket if anyone is interested.

I pulled logs from the camera and sent them to support. Support states:

Our engineers are actively working on a solution for this. At this time, I believe the fix will be rolled out in a future firmware update, but it shouldn’t impact the functionality of the cameras themselves in the meantime!

Support seems very responsive and easy to work with.


1 Like

i’m seeing the same issue on my cameras, Tried rebooting a couple of times, the device still has the c8:02:8f mac address

It’s not a functional issue. If you MAC filter, just add in the address of the network card.

In respond to the Question of why do you think it is recordong to china. Well i cant speak for the op, but for me, as im having the same thing happen. Its not because of the mac a dressed manufacture that im saying it is recordong to china but rather because it is making connections using common (8080&443) and uncommon (21047) ports to a serve that is within china.

@Infamousadmin, could you upload a screen capture of your mysterious China connections? That shouldn’t be happening.

Now to be clear im not starting that theres anything doing in it containers a serve in china, and maybee that part is common and i simply dont know of it, also it doesnt seem to be a aws server thats in china and i belive i read on here somewhere that they went using any aws server in china for this exact reason but i could be totally wrong on that part so im not starting that theres any thing nefarious going on simply that it does infact SEEM to be countacting china and not anything to do with its mac address

*edit. Oh wait im sorry i made a mistake/mixup(just woak up) its the app thats connecting to the server not the camra. Sure one secUploading: Screenshot_20190912-103446_App Snitch.jpg… q

1 Like

I think your picture upload might have glitched.

1 Like

Here the Screenshot but as you see i wasn’t thinking at all. its the app on my phone thats connecting a server in china not the cameras.


because of this i just cheacked and here are the exact servers my cameras are connecting to. (All the cameras are connecting to the exact same ones and it seems all good to me. All though im obviously No exspert


Thanks for reporting this! I’ll send this to the team so they can look into it.