Wyze v3 massive DNS traffic

Seeing this on my end as well. I have two v3’s and sporadically throughout the day they both start spamming thousands of DNS requests to google.com.

I use NextDNS which makes this easy to monitor. The top domains in the past 6 hours is really telling:

1 Like

5 is fine.

Try hundreds per second… That’s what I’m seeing:

I thought the firmware update resolved it, however I was wrong; the issue resumed the next day.

This causes the pihole to take a couple minutes to boot up to resize the FTL Queries.

Wyze really needs to fix this, there is NO reason the camera needs to look up Google hundreds of times a second.

1 Like

Maybe this is part of Chairman Xi’s efforts to DDOS DNS servers and Wyze is their agent. ;<)

He prefers “Pooh Bear”.

1 Like

Same experience here with my pihole. Currently 2.5 million requests over 9 hours. My log over 24 hours is usually around 10-15mb, currently after 9 hours its 234mb. Trying to grep out and wc to verify down to the exact number but I think its (pihole) locked it up again since there’s so many entries. I’ve invested about $2k in Eufy cameras\bulbs\switches\etc. and was testing this camera (Wyze v3 Inside\Outside, firmware 4.36.9.139, SD card installed) since I’m not impressed with Eufy’s AI. But at least with Eufy I don’t have to deal with this. Kicking all Wyze off my network and on ebay it goes. As do the Wyze bulbs and switches I bought thinking of replacing my Eufy’s with those as well. Arrggh just remembered I bought the lock also which luckily I haven’t installed yet so I can get my money back there.

FYI: I had to physically unplug the thing to get the requests to stop. Merely disabling it in the app didn’t stop the dns queries.

2 Likes

Should also mention for those who have theories, I did notice that several of my SD card video’s didn’t upload fully to the cloud. Only about the first frame. My pihole puts you on the no no list after making too many queries so I’m guessing that is what’s happening. But I’m going to go enjoy the free market and stop complaining now. :smile:

2 Likes

Yup. this continues. Here’s a screen grab of my PiHole’s activity this morning…
2022-06-17_14-05-27
That grey bar represents 1000 DNS inquiries in a period of ten minutes from a single WyzeCam. That’s 16.7 per secondbefore the PiHole said “enough” and halted the activity! (For comparison, the other colors shown on the same bar represent the DNS inquiries of the other 37 devices on the network.)

It’s interesting that Wyze is totally silent on this issue. Help tickets have not brought resolution and Wyze cannot say “we did not know.” One can only conclude the activity is intended and for nefarious purposes. Has Wyze built DDoS bots here?

I can’t help but wonder if one day we’ll be reading about Wyze alongside HikVision, Dahua, Huawei and other agents of Poo Bear and his PLA.

2 Likes

It’s ridiculous. It’s still unplugged and if I get some time I’m going to solder on some header pins and try to download the firmware. Then just grep for Google.com and see what classes and functions are doing with it. Needless to say I’m no longer a Wyze customer.

Taking a look a one of the routers’ outbound connection s this morning we see the massive number of DNS inquiries continues, Below follows an image of one of the WyzeCams making repeated contacts with Google DNS at 8.8.8.8. How can Wyze fins this to be acceptable? This is just one of many similar pages. Hundreds of queries from this rogue device!

4 Likes

image

In the past six hours, I have logged 164k requests from my cameras.

Totally unnecessary.

3 Likes

Yes! We have had to set limits on DNS inquiries to minimize the bad-guy (DDoS) activities of Wyze cams. Your experience is typical. I have communicated with the Wyze tech folks about this and have been completely blown off. One can only conclude this behavior is intentional.

I’m wondering if we will see Wyze on the same list of miscreants as Hikvision, China Mobile, Huawei, etc.

1 Like

I am sorry this is happening. I would like to ask a few questions to help them narrow down this issue. Is it happening from all cams or a specific model? Are both the cam firmware and app versions up to date?

2 Likes

Thank you for the feedback. This issue will be resolved in the next official firmware for Cam V2, V3, Pan, and Pan V2

7 Likes

For those that landed here from a search engine - the temporary fix that worked for me was to hard power cycle the unit by removing power completely. The software power cycle was insufficient.

I’ve only had this happen a few times, and my dns server usually rate-limits it but it’s still obnoxious because my APs are only 2x2 MIMO, so while the bandwidth might be insignificant, the channel utilization is not. I logged over 2 million (!) requests in 9 hours.

Strangely, this only happened on one of 4 Wyze devices in close proximity - 2 v3 cameras and the Wyze plugs that exist to remotely power cycle them.

3 Likes

What’s the status of this issue? This issue was reported 1 year ago. Fix this already.

“In 2022, security firm Bitdefender announced that Wyze had discontinued WyzeCam v1 because of a security vulnerability that Bitdefender had reported to Wyze three years before, which is an unusually long time for a vulnerability to go unreported to the public. Wyze did not make any public announcement about the vulnerability.”

Wyze products are carried at The Home Depot, the 17th largest company in the United States by revenue as of 2022. I’m guessing Wyze Labs is doing okay with revenue. Do you need to hire more software developers?

Get your act together. This is beyond pathetic.

1 Like

It was fixed months ago. And it was never possible for a remote attack using that quite minor vulnerability. Users were safe. Wyze just sat on it way too long.

Sorry if I wasn’t clear. I realize that particular vulnerability was fixed.

I was illustrating a pattern of Wyze’s inability to act in a reasonable amount of time.

1 Like

Ah, okay then. You can add the stranded V1s and broken WPA3 to that list I suppose. Not to mention landscape. :slight_smile:

1 Like

Everything is always kept updated. The behavior continues but appears not to be as bad as previously noted. We have set DNS rate inquiries to a max of 100 in 10 minutes – this is insufficient for Wyze cams.

One thing interesting: When we grab outgoing DNS inquiries and redirect them to our PiHole the cameras show off-line – but they are not.

Is this why my ping has almost doubled in gaming? Since I installed the Cam OG my ping in all my game lobbies have went from 60-100ms depending server locations to now near 200ms for some. Over Wi-Fi or Ethernet. Still the same. Speeds are 30down/10up.