Wyze in the news today, and it’s not good

Also, NAT is a zero-security solution. Get a router with a firewall or assume you are going to be hacked.

Beyond that, any device on the network that is compromised can be used to connect to other devices on the network. The assumption that one can be careless because a device will be in a safe space is not a valid approach to security.

Understood. Just to explain…

From my intermediate-knowledge-lay-user-of-the-cams POV… the SD card is optional, not all cams have 'em. In that case, why would important security stuff be stored on 'em?

bdragule, I worked in a children’s psychiatric facility for a few years. I realize you were advised to do so, but personally, I wouldn’t violate a child’s privacy that way. I get that you were protecting them, but for me, that feels like a lack of trust. We had cameras in the facility, but only in public areas, and in outside areas. No bedrooms, bathrooms, locker rooms, etc. But again, you were following advice and that is the right way to do it.

Would this be sufficient do you think?

Intrusion Prevention System:

Protects your system and applications from external attacks and eliminates vulnerabilities. This is accomplished by detecting and preventing network attacks from known, unknown, and zero day exploits that infect other networks throughout the world.

Infected Device Quarantine:

Prevents infected devices from sending sensitive information or security threats to clients outside your network. Also, protects your internal network from being further infected while you get the infected system cleaned.


Records the devices that have been successfully protected by the Antivirus software as well the source and classification of the attack.

I’m skeptical because it was initially provided for a few years free w/router purchase (thereafter pay) then they changed course, tossed it in gratis ‘forever’… :thinking:

I hear you, and I agree. Didn’t have a choice in my case.

Agreed – I don’t think it was a matter of “have to.” The problem does not describe saving vital information to SD instead of inside the cam. The description reads to me that the information was being written out to log files along with other information the camera wanted to log. This would probably have been done in error, not as a necessary feature.

1 Like

I’m no expert in the specifics of how firewalls are implemented on all brands of routers. But, intrusion detection and antivirus are features that go above and beyond a mere firewall. Certainly not a bad thing.

1 Like

Really fing disappointing. Have had wyze in my house for years watching my children. Disgusting to think they knew of a vulnerability and didn’t do anything about it.

Yeah, I’d like to think so. :slight_smile:

It’s never notified of anything of any kind so I guess that’s… good? If the protection is legitimate. :man_shrugging:

If you are really worried or need peace of mind… from your network you can use this site to do a remote port scan - GRC | ShieldsUP! — Internet Vulnerability Profiling   - and use the “Common Ports” option.

Anyway… the real issue here is a total lack of transparency… a few months maybe a bad decision but THREE YEARS and they said nothing nor actually patched it? That is horrifying.

1 Like

No. As it stands today all V1’s will remain vulnerable until the end of time.

Nonsense. Home NAT routers are completely secure from this kind of threat and have been for at least 20 years. Your article is inapplicable.

In fact, when a software/firmware vulnerability is discovered “internally”, companies first correct it, then deploy the security patch, and only then they make it public. Because if they first make the vulnerability public, now hackers are aware of it and can exploit it, and you can not do anything about it, because there is no fix.

This is what Microsoft does, for example, when they or a specialized company discovers a vulnerability on Windows.

To be clear, you are still protected by your router. I’ve never heard of a home modem/router that doesn’t use NAT by default.

So if you’ve never put a MiniSD card in your V1, as I read the threat report, you are completely safe.

If you have and activated the SD card issue then anyone who gains access to your local network and is malicious will be able to access that camera [a sophisticated attacker would probably be able to access the live feed]. They first have to get access your local network, either using (a) a flaw in the router/modem or (b) a flaw or exploit in some other device on your network or (c) actually hacking the wifi network locally (or you give them access).

Placing your V1 on it’s own subnet would be one way to increase your security but I would rate this threat pretty low because if a hacker has local access to your network you’re already in big trouble.


Yea and if this was any reasonable scale of time, I would agree. They could have fixed it first before disclosing, and I prefer that (obviously). But there must come a time, where a known vulnerability needs to be disclosed. One option they had would be to disable SD cards on v1 cameras until they fixed it. Maybe unpopular, but not as unpopular as potentially leaking data. Every company has different policies on grace periods for vulnerabilities, but saying that it could go three years being “a priority” seems absurd.

1 Like

3 years and WYZE was too busy adding new crud to fix known cam security flaws. Latest news is not reassuring to say the least.

[Mod Note]: Your topic was merged for consistency in grouping similar posts.

Please look at the details of the “security flaw” and see if it could have in any way impacted you. Unless you gave your personal wifi userid and password out to strangers and fiddled with your router ports, it probably could not have possibly impacted you. That doesn’t make what they did right, but knowing the details of what the real risk was puts the risk in perspective. Just sayin’.


After years of frustration and now outright dishonesty, The Verge sums up my feelings very well.

9to5mac has an article about Wyze security.
Wyze knew about the security problem and they did nothing about it.

It makes sense that Wyze developers can’t figure out how to rotate the app either.

Then again, the Amazon app didn’t work in portrait mode on iPads until recently and still won’t work in share screen.

Wyze is the perpetual joke of the day. Except we have egg on our face by holding onto hope they will become what we want them to be; “functional.”