Below is the logic between device and TUTK servers for illustrative purpose. I intentionally use generic words to hide detail implementation.
- During device setup time, the device registers itself with TUTK server to let Server know where it is. This is needed for TUTK to connect phone and the device in the future. However TUTK doesn’t know anything about Wyze user name, MAC, etc. We intentionally protected that.
- During device boot time, it registers itself with TUTK servers. Wyze’s code used IP filtering to block traffic to known oversea TUTK servers. We can only do that because TUTK API can’t do the filter inside their module.
- After device boots up, it will keep heartbeat with TUTK servers. TUTK provides a way (semi manual method) to keep heartbeat traffic to North American servers only. If you see heartbeat traffic out of North America. we would like to know the MAC address to check with TUTK on this.
- When a phone tries to connect to a device, the phone asks a TUTK server, which locates in North America by configuration, to find the device. The TUTK server will work on establishing a connection between the phone and the device. After that, the phone and camera will just communicate between them directly, without TUTK involved.
- For each camera connection, TUTK establishes a data channel (just channel, not data) between phone and camera. This is step 1/3. After that Wyze will take over to authenticate the phone to the camera. This is step 2/3. The last step is to send encrypted video data (AES 128-bit encryption) between phone and camera. This is step 3/3. The mechanism prevent TUTK from access Wyze camera stream directly.
The Wyze authentication is based on your user token generated from Wyze cloud. Please protect your user name and password carefully to avoid being hacked.
There is manual configuration step to get Wyze devices to be on North American servers. If there is traffic outside North America, likely there is a mis-configuration somewhere for old devices (we implemented the mechanism mid 2018). New devices should be more automatic now.
Regarding camera event videos, TUTK is not involved at all. Our cameras uploads event videos to Wyze account S3 storage via HTTPS connection. Phone downloads event videos from Wyze Cloud via HTTPS as well. This is also within North America.