Wyze Security Camera Owners Were Briefly Able To See Feeds From Other Users

A web caching issue resulted in some Wyze security camera owners being able to see webcam feeds that weren't theirs. The Verge reports: Earlier on Friday, users on Reddit made posts about the issue. "Went to check on my cameras and they are all gone be replaced with a new one... and this isn't mine!" wrote one user. "Apologies if this is your house / dog... I don't want it showing up as much as you don't want it!" "I am able to click the events tab and see ALL the events on this random person's camera INSIDE their house," wrote another. "I don't know why, but I can see someone else's camera," wrote another.

Each thread has comments from other Reddit users reporting similar issues. Shockingly, I even saw some instances of people claiming they saw the same cameras that other people did. The user reports indicated that they were seeing the other feeds through Wyze's web viewer at view.wyze.com.

Why

[ZERO1ZERO]

Why do people trust the cloud in this way?

Re:Why

[HornyBastard]

Why do people trust the cloud in this way?

Most people are not very smart.

Re:

[test321]

What is the alternative? Let me know because I need right now to buy a camera to check remotely on my cats and I'd obviously preferred one I access through a fixed IP I have on a VPS rather than these group managed offer on their clouds. Please let me know of finished products because I currently don't have time for yet another DIY project I won't finish. No sarcasm, I am asking seriously and I am going to buy whatever is available today or tomorrow.

Re:

[ZERO1ZERO]

try unifi protect

Re:

[test321]

Thanks, that's helpful. From what I understand, I need to buy a "console" (recorder/server) to access remotely and I need an account on their website to connect remotely (they mediate the connection, even if the camera stream does not flow through their servers). I'm not yet convinced that they cannot mix the streams by mistake, or access it on request from authorities. Is the connection protected with EEE and a key only known to me and stored locally?

It also answers your original question "Why": because it

Re: Why

[ZERO1ZERO]

Hi you dont need an account you can connect directly to your console of course providing you have network access and configured a local account But yes they are more exp than the cheap things but less expensive than many alternatives they work quite well ime and the data is stored locally maybe âmix upâ(TM) could possibly happen but it would Mean they or others accessing your network

Re:

[Rosco P. Coltrane]

What is the alternative?

15 minutes of research is all it takes to find a nice ONVIF camera with specs that fit your needs, buy it, then 1h to install it, punch a hole in your firewall and install an open-source client on your cellphone or PC.

The clincher is, you have to be willing to research your options a little bit. And from what you're saying, you don't really want to put in the effort.

So yeah, for people who want turnkey stuff without figuring out the hows, the cloud is the right solution. And if you're lazy and you go with t

I think it'd be more than 15 minutes.

[Firethorn]

You just knowing what ONVIF means puts you ahead of like 90% of the world.

I'd say that from my own work on wanting a system, I've spent a lot more than 15 minutes on it.

Of course, part of my problem is wanting a mix of wired and wireless cameras, the relatively extreme ranges I want on some of them, etc...

I know enough that I don't want a cloud answer, but as you say, clouds are easy.

Re:

[ArchieBunker]

The bad part is now your camera's terrible security is open to the internet.

Re:

[Rosco P. Coltrane]

Because the cloud provider feeding you someone else's camera feed it better?

Just secure it properly, don't leave the default password in, and unless it has a firmware exploit, it has no reason to have terrible security. And if you do something wrong, at least it's your fault, you can do something about it and you're not at the mercy of a dump cloud provider who crosses streams or lets itself get hacked.

Re:

[matmos]

there are always tradeoffs. Keep your software up to date, keep stuff on a VLAN, use wireguard networking, etc. There are ways. You are WAY less interesting that a hacker trying to get into Wyze (or $BIG_NAME_CAM_COMPANY) . waaaaay less interesting.

Re:

[SpzToid]

The firmware linked to below in the thread [slashdot.org] looks pretty good, and I'm pleased to have learned of it today. I'll give it some thought, but I'm not in a rush. I'm pleased using my Wyze v3 camera outdoors with Wyze's RTSP modified firmware [wyze.com], with all "phone-home" settings off, on a VLAN. It's pointed outdoors at a public street. I use it as part of an Open Broadcast Studio background layer for my video conferences, along with DroidCam OBS [dev47apps.com].

Re:

[Gravis Zero]

You could get a IP camera that is supported by OpenICP. https://github.com/OpenIPC/fir... [github.com]

But the other posters are right, you clearly haven't done any research on this matter and don't want to.

Re:

[test321]

you clearly haven't done any research on this matter and don't want to.

That's not correct, I just was aware of which directions to look into. What I thought of, researched, and discarded, was to build one from a Pi and a camera module. That's all that came through my mind. Words like ONVIF and openICP do not show up in search suggestions when looking into cameras that I do not need a cloud to use. That search only gave me local storage camera, which is not what I want.

Re:

[test321]

correction: I just was NOT aware

Re:

[Known Nutter]

- ONVIF cameras (I'm partial to Amcrest these days)
- PoE Switch
- BlueIris software (or similar FOSS solution like ZoneMinder)
- Firewall rules to cut off camera's access to internet (or VLANs, whatever)
- OpenVPN server
- OpenVPN client on your mobile device
- Profit.

Re:

[NFN_NLN]

Replace OpenVPN with Wireguard and you've got a deal.
Wireguard integrates well with OPNSense and Android.

Re:

[Known Nutter]

Yeah, I tend to agree. OpenVPN integrates well with pfSense. That's why I chose it at the time. When it's time to tweak things, I'll go the Wireguard route. Super stable with my current config, so not keen on changing things for the sake of change.

Re:

[test321]

I took good note of your suggestion and will consider purchasing a compatible camera.

Re:

[cusco]

If you have a VPN connection to your home and your own router (and the knowledge to configure it) then it's not difficult. Create an unrouteable subnet that can be accessed by your VPS and drop the camera on it. Viola! You're done.

That's for viewing-only, of course. If you want to record there are a number of free options, ZoneMinder is probably the oldest and most stable out there. I haven't used it in years but it was adequate then, speaking as a physical security professional of 17 years. The other

Re:

[quantaman]

I think Eufy is the main one, though again, not everything is perfect.

1) You need a separate homebase device, not hard to set up, but it's an extra bit.
2) Obviously if you lose power, the house burns down, or someone steals the homebase you lose all your footage, so there's still advantages to the could.
3) They've had a couple issues of their own [slashdot.org].

I think the security issues were actually a bit of a good sign since it shows that 3rd parties were actually investigating (and checking their work).

I have the doo

Re:

[Pf0tzenpfritz]

Your cats will do perfectly fine without a fucking camera. It's you who thinks you need one because "security" crap vendors keep telling you so. Why would cats after millenia of domestification suddenly need cameras to survive? They don't. Camera vendors need "security" cameras, noone else does.

Re:

[matmos]

best place to check is r/homeautomation on reddit. tons of people in there have their own setups and servers. I think the sidebar may have some resources too. I'm just a lurker tho.

Re:

[methano]

People buy them and use them because they're semi reliable and cheap. Wyze dramatically dropped the price of getting a camera that you could monitor from anywhere on your phone and catch short videos of what's going on. No one thought they were robust or secure. You don't expect that for $20. If somebody wants to sit and watch my front porch all day, well, I'll take that chance for $20. Having said that, Wyze is the master of bait and switch. They keep trying to upsell me on subscriptions to features that w

Re:

[NFN_NLN]

> Why do people trust the cloud in this way?

Are you some kind of cloud conspiracy theorist!? Trust the science... of the cloud. - Bill Gates

Re:

[buck-yar]

If NSA spied on their love interests, I'd bet money Wyze employees snoop through camera feeds whenever they want.
A better way is a hard drive based DVR system. No company has control over your feeds.

Re:

[XXongo]

A better way is a hard drive based DVR system. No company has control over your feeds.

You want a copy of security footage stored off-site.

Re:

[Baron_Yam]

Ideally, yes... but for the average person all you really need to do is hide the DVR somewhere that is unlikely to be found within a reasonable length of time.

I worried a lot more about having my cameras placed to cover each other so they couldn't be destroyed without at least one getting some useful video than I did about off-site storage.

Then again, most network video cameras have an 'email/ftp on motion detect' function, and newer ones will have the smarts to recognize a human rather than rely on pure mo

Re:

[cusco]

That's only a "better" way if you have the experience and equipment necessary to run RG-59 cable and install BNC cable ends. We're a pretty exclusive club. Additionally almost half of everyone lives in a rental, where they're not allowed to punch holes in the wall to run cable.

Re:Why

[thegarbz]

Cost Benefit analysis. "The Cloud" provides them endless conveniences compared to the incredibly minor chance that their information is somehow compromised.

And this is your fault, and my fault, and the fault of every tech minded person who for years decided the correct answer to IPv4 depletion is to break end-to-end connectivity of the internet thus requiring a 3rd party service now to assist in what should have been unique endpoints talking to each other.

Re:

[Berkyjay]

I went away on vacation for about a week and needed a way to monitor my pets at home. I spent about $60 for 3 cameras and was easily able to set them up to keep an eye on them. As soon as I got home the cameras were disconnected and stored. So in this case, the cloud made this a basic and cheap task rather than some complex tech setup.

Wyze

[Jedi Holocron]

Whys?

Re:

[antdude]

Whys asks whys?

Re:

[Jedi Holocron]

This is the whys.

Openmiko

[bill_mcgonigle]

Replacement firmware for some models:

https://github.com/openmiko/op... [github.com]

supports RTSP/UDP

Re:

[test321]

That's awesome, I just need to find a compatible camera. Wyze is US only, cannot get one where I am; the Xiaomi models are outdated. Fortunately Muvit iSmart Alarm Spot+ is available.

Re:

[thegarbz]

Yes but does it support a cloud to help connect the stream? RTSP/UDP is useless to me if my external IP address is 10.5.3.7 according to my internet router.

Re:

[drinkypoo]

If your ISP won't give or sell you an IP then you will have to pay for a VPN with a dedicated IP.

It's never been yours

[Rosco P. Coltrane]

Went to check on my cameras and they are all gone be replaced with a new one... and this isn't mine!

A cloud-enabled camera is a corporate spying device that's controlled by someone else, that can be disabled and stop working at someone else's whim, that will be bricked when the maker tanks, that you kindly install on behalf of the company and even pay them for the privilege of being their bitch like a dumbass.

The camera was never yours to begin with.

Re:

[thegarbz]

People don't buy security cameras to own a camera. They buy a security camera to see footage.

Re:

[Ksevio]

That's not really true. The reason people buy these cheap cameras is BECAUSE of the cloud service that allows them to view it anywhere. It's a feature and selling point for pretty much all buyers. Those that don't want that feature can install new firmware (either the one provided by the company or a third party) that makes it local only, but very few want to do that.

The camera is yours, the stream via the cloud is not

Re:

[rossz]

Building your own is quite feasible using off the shelf stuff, e.g. raspberry pi for the brains and hosting platform. But the average person does not have the skills to pull this off. I've been considering starting a project based on this idea, but haven't had the free time required.

Large fine time

[Bruce66423]

2% annual revenues, perhaps? The EU's GPDR might actually be able to get this.

Cheaper than possible security

[gweihir]

That is what we see everywhere. Crappy stuff made cheaply and security is an afterthought by people that do not understand it. I think an incident like that should put the company under special supervision and result in a massive fine. A second one should get them shut down permanently.

Most old guard Reddit mods are perverts?

[Mirnotoriety]

What's the big deal ??? I just want to read to your chickens ... [i.ibb.co]

Reddit is the only online forum that specifically bans criticism of paedophiles .. er .. Minor Attracted Persons .. er .. kiddie fiddlers. Presumably because most of the old guard mods are perverts.

Feeds

[delirious.net]

..of the future! now that would be news.