Senior technology professional and photography hobbyist.

Mastodon
Jonathan Eggers
Pixelfed

  • 1 Post
  • 2 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle


  • In order to view video from the camera, it had to be a Wyze cam v1 (last sold in 2018), the “hacker” would need to know the randomly generated ID of the camera, which they could get if they were connected to the same WiFi as the camera - or try to guess it. With the ID, a “hacker” could access the SD card remotely and download video files. It also allowed them to turn the camera on and off and, on pan-tilt models, move the camera.

    Wyze took too long to disclose this (they found out about it in 2019 and didn’t disclose it for 18 months). Nobody knows if this flaw was ever taken advantage of. They tried to patch the hardware but weren’t able to do so. Wyze said they issued a patch within 1 month of learning about the flaw, but I haven’t determined exactly what was patched. They also noted in Feb of 2022 they couldn’t patch the hardware fully, and retiring the v1 cameras was the only option to resolve the issue.