Wyze in the news today, and it’s not good

To be clear, you are still protected by your router. I’ve never heard of a home modem/router that doesn’t use NAT by default.

So if you’ve never put a MiniSD card in your V1, as I read the threat report, you are completely safe.

If you have and activated the SD card issue then anyone who gains access to your local network and is malicious will be able to access that camera [a sophisticated attacker would probably be able to access the live feed]. They first have to get access your local network, either using (a) a flaw in the router/modem or (b) a flaw or exploit in some other device on your network or (c) actually hacking the wifi network locally (or you give them access).

Placing your V1 on it’s own subnet would be one way to increase your security but I would rate this threat pretty low because if a hacker has local access to your network you’re already in big trouble.

2 Likes

Yea and if this was any reasonable scale of time, I would agree. They could have fixed it first before disclosing, and I prefer that (obviously). But there must come a time, where a known vulnerability needs to be disclosed. One option they had would be to disable SD cards on v1 cameras until they fixed it. Maybe unpopular, but not as unpopular as potentially leaking data. Every company has different policies on grace periods for vulnerabilities, but saying that it could go three years being “a priority” seems absurd.

1 Like

3 years and WYZE was too busy adding new crud to fix known cam security flaws. Latest news is not reassuring to say the least.

[Mod Note]: Your topic was merged for consistency in grouping similar posts.

Please look at the details of the “security flaw” and see if it could have in any way impacted you. Unless you gave your personal wifi userid and password out to strangers and fiddled with your router ports, it probably could not have possibly impacted you. That doesn’t make what they did right, but knowing the details of what the real risk was puts the risk in perspective. Just sayin’.

3 Likes

After years of frustration and now outright dishonesty, The Verge sums up my feelings very well.

9to5mac has an article about Wyze security.
Wyze knew about the security problem and they did nothing about it.

It makes sense that Wyze developers can’t figure out how to rotate the app either.

Then again, the Amazon app didn’t work in portrait mode on iPads until recently and still won’t work in share screen.

Wyze is the perpetual joke of the day. Except we have egg on our face by holding onto hope they will become what we want them to be; “functional.”

…sigh…

They should either just down or get bought out by new owners.

I have the original out door camera - but never inserted an SD card.

Very disconcerting. I had high hopes for Wyze - and little idea that their software is so bad. I guess I start replacing them at this point.

Another irresponsible "news* site to add to the pile of crap articles failing to acknowledge that nearly ZERO customers are vulnerable to this otherwise significant security flaw, whose authors have never heard of a home router, and/or whose owners are knowingly scaremongering for the click revenue.

Tell the story and tell the truth too. 9 To 5 Mac now sucks along with Beeping Computer and Gizmodo and The Verge. At least a couple of those have amended their articles to somewhat convey the truth of the matter.

It’s just not sexy to say a company ignored an edge case vulnerability for 3 years but don’t worry because it’s really not much of a threat.

3 Likes

Thanks Wyze, not such a good thing for a ‘security’ system eh?

Except, as @Customer pointed out, among many others, unless someone was logged into your home internet, you weren’t vulnerable.

Lots of people making a mountain out of a molehill.

2 Likes

Yeah, ok - no need to fix something for 3 years as long as it only affects some few people. Must have been the old days in IT (I retred 2 years ago) when it was unacceptable to ignore security flaws that only affected a few. Heck, it was probably their own fault anyway - ever had Frontier for a provider? The frontier who resets your modem and router to factory default without notice?

1 Like

No one said it shouldn’t be fixed, and certainly in fewer than 3 years. The flaw is one issue. Wyze’s non-disclosure and humongous lag is another. And lying misleading news articles are a third.

1 Like

Hey @dbtoo

And in my experience, this community is all over something when a mountain is a mountain. This ain’t Wyze Facebook. :slight_smile:

1 Like

Ok, so how many of you with the concerns are ready to cut your losses and dump all your cameras off- half price of course, because they’re used (and subject to security breaches). I could use another pan cam or solar charger.

?

1 Like

Lol didn’t say it was on a deadline. But that’s funny, thanks for pointing it out

1 Like

Incidentally, users would be scrapping their Wyze ecosystem today for a wide variety of new reasons. And, since all cams were patched as a result of this issue, only the V1, which has reached EOL and is no longer being updated, would be one that I would expect to be offloaded for security concerns.

1 Like

And, to further rehash, even the V1 is completely safe behind every ordinary home router. This was essentially a local (had to be on the same WiFi network) exploit.

1 Like