Same experience here with my pihole. Currently 2.5 million requests over 9 hours. My log over 24 hours is usually around 10-15mb, currently after 9 hours its 234mb. Trying to grep out and wc to verify down to the exact number but I think its (pihole) locked it up again since there’s so many entries. I’ve invested about $2k in Eufy cameras\bulbs\switches\etc. and was testing this camera (Wyze v3 Inside\Outside, firmware 188.8.131.52, SD card installed) since I’m not impressed with Eufy’s AI. But at least with Eufy I don’t have to deal with this. Kicking all Wyze off my network and on ebay it goes. As do the Wyze bulbs and switches I bought thinking of replacing my Eufy’s with those as well. Arrggh just remembered I bought the lock also which luckily I haven’t installed yet so I can get my money back there.
FYI: I had to physically unplug the thing to get the requests to stop. Merely disabling it in the app didn’t stop the dns queries.
Should also mention for those who have theories, I did notice that several of my SD card video’s didn’t upload fully to the cloud. Only about the first frame. My pihole puts you on the no no list after making too many queries so I’m guessing that is what’s happening. But I’m going to go enjoy the free market and stop complaining now.
Yup. this continues. Here’s a screen grab of my PiHole’s activity this morning…
That grey bar represents 1000 DNS inquiries in a period of ten minutes from a single WyzeCam. That’s 16.7 per second – before the PiHole said “enough” and halted the activity! (For comparison, the other colors shown on the same bar represent the DNS inquiries of the other 37 devices on the network.)
It’s interesting that Wyze is totally silent on this issue. Help tickets have not brought resolution and Wyze cannot say “we did not know.” One can only conclude the activity is intended and for nefarious purposes. Has Wyze built DDoS bots here?
I can’t help but wonder if one day we’ll be reading about Wyze alongside HikVision, Dahua, Huawei and other agents of Poo Bear and his PLA.
It’s ridiculous. It’s still unplugged and if I get some time I’m going to solder on some header pins and try to download the firmware. Then just grep for Google.com and see what classes and functions are doing with it. Needless to say I’m no longer a Wyze customer.
Taking a look a one of the routers’ outbound connection s this morning we see the massive number of DNS inquiries continues, Below follows an image of one of the WyzeCams making repeated contacts with Google DNS at 184.108.40.206. How can Wyze fins this to be acceptable? This is just one of many similar pages. Hundreds of queries from this rogue device!
Yes! We have had to set limits on DNS inquiries to minimize the bad-guy (DDoS) activities of Wyze cams. Your experience is typical. I have communicated with the Wyze tech folks about this and have been completely blown off. One can only conclude this behavior is intentional.
I’m wondering if we will see Wyze on the same list of miscreants as Hikvision, China Mobile, Huawei, etc.
I am sorry this is happening. I would like to ask a few questions to help them narrow down this issue. Is it happening from all cams or a specific model? Are both the cam firmware and app versions up to date?
For those that landed here from a search engine - the temporary fix that worked for me was to hard power cycle the unit by removing power completely. The software power cycle was insufficient.
I’ve only had this happen a few times, and my dns server usually rate-limits it but it’s still obnoxious because my APs are only 2x2 MIMO, so while the bandwidth might be insignificant, the channel utilization is not. I logged over 2 million (!) requests in 9 hours.
Strangely, this only happened on one of 4 Wyze devices in close proximity - 2 v3 cameras and the Wyze plugs that exist to remotely power cycle them.
What’s the status of this issue? This issue was reported 1 year ago. Fix this already.
“In 2022, security firm Bitdefender announced that Wyze had discontinued WyzeCam v1 because of a security vulnerability that Bitdefender had reported to Wyze three years before, which is an unusually long time for a vulnerability to go unreported to the public. Wyze did not make any public announcement about the vulnerability.”
Wyze products are carried at The Home Depot, the 17th largest company in the United States by revenue as of 2022. I’m guessing Wyze Labs is doing okay with revenue. Do you need to hire more software developers?
Everything is always kept updated. The behavior continues but appears not to be as bad as previously noted. We have set DNS rate inquiries to a max of 100 in 10 minutes – this is insufficient for Wyze cams.
One thing interesting: When we grab outgoing DNS inquiries and redirect them to our PiHole the cameras show off-line – but they are not.
Is this why my ping has almost doubled in gaming? Since I installed the Cam OG my ping in all my game lobbies have went from 60-100ms depending server locations to now near 200ms for some. Over Wi-Fi or Ethernet. Still the same. Speeds are 30down/10up.