To be clear, you are still protected by your router. I’ve never heard of a home modem/router that doesn’t use NAT by default.
So if you’ve never put a MiniSD card in your V1, as I read the threat report, you are completely safe.
If you have and activated the SD card issue then anyone who gains access to your local network and is malicious will be able to access that camera [a sophisticated attacker would probably be able to access the live feed]. They first have to get access your local network, either using (a) a flaw in the router/modem or (b) a flaw or exploit in some other device on your network or (c) actually hacking the wifi network locally (or you give them access).
Placing your V1 on it’s own subnet would be one way to increase your security but I would rate this threat pretty low because if a hacker has local access to your network you’re already in big trouble.
Yea and if this was any reasonable scale of time, I would agree. They could have fixed it first before disclosing, and I prefer that (obviously). But there must come a time, where a known vulnerability needs to be disclosed. One option they had would be to disable SD cards on v1 cameras until they fixed it. Maybe unpopular, but not as unpopular as potentially leaking data. Every company has different policies on grace periods for vulnerabilities, but saying that it could go three years being “a priority” seems absurd.
Please look at the details of the “security flaw” and see if it could have in any way impacted you. Unless you gave your personal wifi userid and password out to strangers and fiddled with your router ports, it probably could not have possibly impacted you. That doesn’t make what they did right, but knowing the details of what the real risk was puts the risk in perspective. Just sayin’.
Another irresponsible "news* site to add to the pile of crap articles failing to acknowledge that nearly ZERO customers are vulnerable to this otherwise significant security flaw, whose authors have never heard of a home router, and/or whose owners are knowingly scaremongering for the click revenue.
Tell the story and tell the truth too. 9 To 5 Mac now sucks along with Beeping Computer and Gizmodo and The Verge. At least a couple of those have amended their articles to somewhat convey the truth of the matter.
It’s just not sexy to say a company ignored an edge case vulnerability for 3 years but don’t worry because it’s really not much of a threat.
Yeah, ok - no need to fix something for 3 years as long as it only affects some few people. Must have been the old days in IT (I retred 2 years ago) when it was unacceptable to ignore security flaws that only affected a few. Heck, it was probably their own fault anyway - ever had Frontier for a provider? The frontier who resets your modem and router to factory default without notice?
No one said it shouldn’t be fixed, and certainly in fewer than 3 years. The flaw is one issue. Wyze’s non-disclosure and humongous lag is another. And lying misleading news articles are a third.
Ok, so how many of you with the concerns are ready to cut your losses and dump all your cameras off- half price of course, because they’re used (and subject to security breaches). I could use another pan cam or solar charger.
Incidentally, users would be scrapping their Wyze ecosystem today for a wide variety of new reasons. And, since all cams were patched as a result of this issue, only the V1, which has reached EOL and is no longer being updated, would be one that I would expect to be offloaded for security concerns.
And, to further rehash, even the V1 is completely safe behind every ordinary home router. This was essentially a local (had to be on the same WiFi network) exploit.
