Wyze in the news today, and it’s not good

In the case you describe, there couldn’t be a report that it would be unstable. So, work on the analogy. Perhaps if the vehicle is unstable at 100mph they could decide it is not an issue since no one is supposed to be going that fast? The bug that affected Wyze cams up until 1/29 did not require anyone to do something that is impossible.

1 Like

Might have to do with funding at the time. I recall the dumb video wyze posted about securing additional cash that would save the company. I believe prior to that they didn’t have the cash to exchange, recall or even patch their devices.

So many “smart” devices they’ve put out without any recent software updates.

But the gun safe will turn things around……

2 Likes

Why would the logs, UID and ENR be stored on SD card?

I can only offer conjecture. You would have to ask Wyze why they decided to do it for a specific answer.

Unfortunately not all of us have the same luxury.

In 2015, our family adopted 3 kids. Due to reasons I don’t want to get into, we were advised by social workers to set cameras up in their bedrooms until some milestones were crossed in therapy.

They’re all much older now and the cameras have long been removed, but it really sickens me to think that this vulnerability existed without my knowledge for a number of years while I was using a v1 camera in a child’s bedroom.

Also, NAT is a zero-security solution. Get a router with a firewall or assume you are going to be hacked.

Beyond that, any device on the network that is compromised can be used to connect to other devices on the network. The assumption that one can be careless because a device will be in a safe space is not a valid approach to security.

Understood. Just to explain…

From my intermediate-knowledge-lay-user-of-the-cams POV… the SD card is optional, not all cams have 'em. In that case, why would important security stuff be stored on 'em?

bdragule, I worked in a children’s psychiatric facility for a few years. I realize you were advised to do so, but personally, I wouldn’t violate a child’s privacy that way. I get that you were protecting them, but for me, that feels like a lack of trust. We had cameras in the facility, but only in public areas, and in outside areas. No bedrooms, bathrooms, locker rooms, etc. But again, you were following advice and that is the right way to do it.

Would this be sufficient do you think?

Intrusion Prevention System:

Protects your system and applications from external attacks and eliminates vulnerabilities. This is accomplished by detecting and preventing network attacks from known, unknown, and zero day exploits that infect other networks throughout the world.

Infected Device Quarantine:

Prevents infected devices from sending sensitive information or security threats to clients outside your network. Also, protects your internal network from being further infected while you get the infected system cleaned.

History:

Records the devices that have been successfully protected by the Antivirus software as well the source and classification of the attack.

I’m skeptical because it was initially provided for a few years free w/router purchase (thereafter pay) then they changed course, tossed it in gratis ‘forever’… :thinking:

I hear you, and I agree. Didn’t have a choice in my case.

Agreed – I don’t think it was a matter of “have to.” The problem does not describe saving vital information to SD instead of inside the cam. The description reads to me that the information was being written out to log files along with other information the camera wanted to log. This would probably have been done in error, not as a necessary feature.

1 Like

I’m no expert in the specifics of how firewalls are implemented on all brands of routers. But, intrusion detection and antivirus are features that go above and beyond a mere firewall. Certainly not a bad thing.

1 Like

Really fing disappointing. Have had wyze in my house for years watching my children. Disgusting to think they knew of a vulnerability and didn’t do anything about it.

Yeah, I’d like to think so. :slight_smile:

It’s never notified of anything of any kind so I guess that’s… good? If the protection is legitimate. :man_shrugging:

If you are really worried or need peace of mind… from your network you can use this site to do a remote port scan - GRC | ShieldsUP! — Internet Vulnerability Profiling   - and use the “Common Ports” option.

Anyway… the real issue here is a total lack of transparency… a few months maybe a bad decision but THREE YEARS and they said nothing nor actually patched it? That is horrifying.

1 Like

No. As it stands today all V1’s will remain vulnerable until the end of time.

Nonsense. Home NAT routers are completely secure from this kind of threat and have been for at least 20 years. Your article is inapplicable.

In fact, when a software/firmware vulnerability is discovered “internally”, companies first correct it, then deploy the security patch, and only then they make it public. Because if they first make the vulnerability public, now hackers are aware of it and can exploit it, and you can not do anything about it, because there is no fix.

This is what Microsoft does, for example, when they or a specialized company discovers a vulnerability on Windows.

To be clear, you are still protected by your router. I’ve never heard of a home modem/router that doesn’t use NAT by default.

So if you’ve never put a MiniSD card in your V1, as I read the threat report, you are completely safe.

If you have and activated the SD card issue then anyone who gains access to your local network and is malicious will be able to access that camera [a sophisticated attacker would probably be able to access the live feed]. They first have to get access your local network, either using (a) a flaw in the router/modem or (b) a flaw or exploit in some other device on your network or (c) actually hacking the wifi network locally (or you give them access).

Placing your V1 on it’s own subnet would be one way to increase your security but I would rate this threat pretty low because if a hacker has local access to your network you’re already in big trouble.

2 Likes

Yea and if this was any reasonable scale of time, I would agree. They could have fixed it first before disclosing, and I prefer that (obviously). But there must come a time, where a known vulnerability needs to be disclosed. One option they had would be to disable SD cards on v1 cameras until they fixed it. Maybe unpopular, but not as unpopular as potentially leaking data. Every company has different policies on grace periods for vulnerabilities, but saying that it could go three years being “a priority” seems absurd.

1 Like

3 years and WYZE was too busy adding new crud to fix known cam security flaws. Latest news is not reassuring to say the least.

[Mod Note]: Your topic was merged for consistency in grouping similar posts.