Wyze in the news today, and it’s not good

Yeah, I’d like to think so. :slight_smile:

It’s never notified of anything of any kind so I guess that’s… good? If the protection is legitimate. :man_shrugging:

If you are really worried or need peace of mind… from your network you can use this site to do a remote port scan - GRC | ShieldsUP! — Internet Vulnerability Profiling   - and use the “Common Ports” option.

Anyway… the real issue here is a total lack of transparency… a few months maybe a bad decision but THREE YEARS and they said nothing nor actually patched it? That is horrifying.

1 Like

No. As it stands today all V1’s will remain vulnerable until the end of time.

Nonsense. Home NAT routers are completely secure from this kind of threat and have been for at least 20 years. Your article is inapplicable.

In fact, when a software/firmware vulnerability is discovered “internally”, companies first correct it, then deploy the security patch, and only then they make it public. Because if they first make the vulnerability public, now hackers are aware of it and can exploit it, and you can not do anything about it, because there is no fix.

This is what Microsoft does, for example, when they or a specialized company discovers a vulnerability on Windows.

To be clear, you are still protected by your router. I’ve never heard of a home modem/router that doesn’t use NAT by default.

So if you’ve never put a MiniSD card in your V1, as I read the threat report, you are completely safe.

If you have and activated the SD card issue then anyone who gains access to your local network and is malicious will be able to access that camera [a sophisticated attacker would probably be able to access the live feed]. They first have to get access your local network, either using (a) a flaw in the router/modem or (b) a flaw or exploit in some other device on your network or (c) actually hacking the wifi network locally (or you give them access).

Placing your V1 on it’s own subnet would be one way to increase your security but I would rate this threat pretty low because if a hacker has local access to your network you’re already in big trouble.

2 Likes

Yea and if this was any reasonable scale of time, I would agree. They could have fixed it first before disclosing, and I prefer that (obviously). But there must come a time, where a known vulnerability needs to be disclosed. One option they had would be to disable SD cards on v1 cameras until they fixed it. Maybe unpopular, but not as unpopular as potentially leaking data. Every company has different policies on grace periods for vulnerabilities, but saying that it could go three years being “a priority” seems absurd.

1 Like

3 years and WYZE was too busy adding new crud to fix known cam security flaws. Latest news is not reassuring to say the least.

[Mod Note]: Your topic was merged for consistency in grouping similar posts.

Please look at the details of the “security flaw” and see if it could have in any way impacted you. Unless you gave your personal wifi userid and password out to strangers and fiddled with your router ports, it probably could not have possibly impacted you. That doesn’t make what they did right, but knowing the details of what the real risk was puts the risk in perspective. Just sayin’.

3 Likes

After years of frustration and now outright dishonesty, The Verge sums up my feelings very well.

9to5mac has an article about Wyze security.
Wyze knew about the security problem and they did nothing about it.

It makes sense that Wyze developers can’t figure out how to rotate the app either.

Then again, the Amazon app didn’t work in portrait mode on iPads until recently and still won’t work in share screen.

Wyze is the perpetual joke of the day. Except we have egg on our face by holding onto hope they will become what we want them to be; “functional.”

…sigh…

They should either just down or get bought out by new owners.

I have the original out door camera - but never inserted an SD card.

Very disconcerting. I had high hopes for Wyze - and little idea that their software is so bad. I guess I start replacing them at this point.

Another irresponsible "news* site to add to the pile of crap articles failing to acknowledge that nearly ZERO customers are vulnerable to this otherwise significant security flaw, whose authors have never heard of a home router, and/or whose owners are knowingly scaremongering for the click revenue.

Tell the story and tell the truth too. 9 To 5 Mac now sucks along with Beeping Computer and Gizmodo and The Verge. At least a couple of those have amended their articles to somewhat convey the truth of the matter.

It’s just not sexy to say a company ignored an edge case vulnerability for 3 years but don’t worry because it’s really not much of a threat.

3 Likes

Thanks Wyze, not such a good thing for a ‘security’ system eh?

Except, as @Customer pointed out, among many others, unless someone was logged into your home internet, you weren’t vulnerable.

Lots of people making a mountain out of a molehill.

2 Likes

Yeah, ok - no need to fix something for 3 years as long as it only affects some few people. Must have been the old days in IT (I retred 2 years ago) when it was unacceptable to ignore security flaws that only affected a few. Heck, it was probably their own fault anyway - ever had Frontier for a provider? The frontier who resets your modem and router to factory default without notice?

1 Like

No one said it shouldn’t be fixed, and certainly in fewer than 3 years. The flaw is one issue. Wyze’s non-disclosure and humongous lag is another. And lying misleading news articles are a third.

1 Like

Hey @dbtoo

And in my experience, this community is all over something when a mountain is a mountain. This ain’t Wyze Facebook. :slight_smile:

1 Like