Wyzecam V3: bad security posture

So, after spending a few hours trying to connect my V3 for the first time, after updating firmware to the latest version, I was able to get the thing to connect. Very frustrating that it does join the Wi-Fi but yet the app doesn’t continue to set it up and load it but after the firmware update, it finally got past the connection timeout problem.

Now the livestream won’t start. I can turn the camera on and off from the app, but the live stream will not show up. It’s only after I allow a certain list of IP addresses and ports through my firewall that the live stream starts. Immediately after it starts, I can effectively block Internet access entirely for the camera, and it will continue to work, until the camera is plugged out and plug back. The only way to get the live stream to work is to allow the same firewall rules again. So my question is why in the world is a camera that is 2 feet away from me on my layer 2 network have to reach the Internet for me to start a live stream? There is absolutely no good reason for that, and even worse is that it does not do a DNS request to start that connection, rather it is trying to connect directly to an IP address, which is very bad network design. The developers need to fix this ASAP.

I would suggest anybody that cares about their security posture should demand that this is fixed.

This is probably not the camera line for you. They are NOT intended to work when isolated from the Internet.

Many other modern consumer cameras work similarly, always requiring an Internet connection to the manufacturer’s "cloud* servers, for both P2P remote access and overall functionality.

I suggest you try something else.


The Wyze cameras are essentially a doorstop after they power up UNTIL they are able to check in with the Wyze servers. Once they check in, they will function and record locally (if they have a uSD card, and are set to record to it). In order for your phone to connect to the camera, the initial connection requires communication to the Wyze servers (both the camera and your phone), however IF you are on the same WiFi as the camera, once the communication is established, it is local to your LAN. Of course cloud recording requires an internet connection.


Yea, adding on to what the others have said, this is how Wyze, and most other smart cameras like this function. Internet connection is needed for authentication and for remote accesses. When starting the stream, even locally, the camera needs to know if your phone is authorized to access its stream, so it asks Wyze servers. The camera also needs the internet to know the time, and receive its configuration from the servers.


Well, I wish you guys could recommend some other cameras that would work on a local network without Internet access.

This wouldn’t even be so bad if the camera was using a DNS request to initiate said connection to their cloud servers, but since they are using a direct to IP connection, and they are almost always hosted on AWS, my network needs to allow the entire AWS IP address space (because the target IP changes periodically), something that I am not very keen about doing long-term. Wyze needs to fix this so that they’re using a DNS request and they need to respect DNS time to live protocols.

Try Amcrest. They will work standalone or with the cloud or with a dvr. They also have SD card slots for local recording.

1 Like

Are you sure it is local to my LAN, or is all the footage from my house being streamed out to some server and I get to watch it out there? That would be easiest for mom and pops who don’t know how to run a firewall.

Absolutely. Don’t believe it? try this. While your camera and phone are on THE SAME WiFi LAN, start watching the camera on your phone. Then kill your internet connection and the stream will continue. That’s been demonstrated many times. If you are not on the same LAN, obviously the stream has to go to the internet, but once the connection is established, the streaming is direct from your camera to your phone. As far as live streaming, the only think the Wyze servers do is get the camera and phone talking to each other. Obviously cloud recordings (as seen on the “Events” tab) are via the Wyze servers. That is also where notifications of events come from.


Thanks for the recommendation