Wyze Cams Laden with Bugs That Allow Hacker Takeovers
Table of Contents
- By Steven
- Published: Apr 01, 2022
- Last Updated: Apr 01, 2022
Attention all Wyze camera owners: your camera has bugs that have the potential to allow criminals to take over the device. If a criminal obtains control over your Wyze camera, they will have access to the entirety of your video feeds.
Why are the Bugs in Wyze Cams a Major Problem?
The last thing a homeowner or business owner needs is for a hacker to watch their video feeds. If a malicious actor takes advantage of Wyze camera bugs, they can access the video feed by executing an arbitrary code. The execution of the arbitrary code also sets the stage for the hacker to illegally read the camera's SD card.
Recent hacks into Wyze cameras were characterized by access to the SD cards that remained unsolved for several years. The bugs center on a bypass for authentication and a remote code execution flaw related to a stack buffer overflow. There is also the potential for hackers to obtain unauthenticated access to all SD cards in the camera through bug exploitation.
It is even possible that a skilled hacker will successfully exploit the bypass weakness vulnerability to the point that they gain total control over the device. Such a hacker has the potential to disable the SD card recording, turn the camera on and off, and even alter it with chaining through the stacked-based buffer overflow. Such chaining sets the stage for the hacker to observe the video feed as well as the audio feed in real-time. In short, the entirety of Wyze's camera footage that is recorded and live can be accessed by hackers.
How Were the Bugs Discovered?
Bitdefender, a cybersecurity business based in Romania, initially identified the bugs in Wyze cameras. Bitdefender contacted Wyze vendors in the spring of 2019 to notify them of the digital attack.
How is Wyze Responding to the Digital Security Flaw?
Wyze's tech team has released several patches to correct the bug. The initial patch was released in the fall of 2019. The second patch was released 14 months later, in 2020. However, the issue still loomed up until the winter of 2022. It was not until the final days of January 2022 when Wyze issued firmware updates to address the bug pertaining to unauthenticated access to Wyze cameras' SD cards. This update was provided at the time when the wireless camera company abruptly halted sales of its version 1 cameras.
Wyze cameras categorized as categories 2 and 3 received patches to shore up the weaknesses described above. The end result of the company's attempts to correct the bugs is that those who own Wyze version 1 cameras are still subjected to considerable risk. Some also question whether the camera specialist has fully protected its more recent models.
What Should Wyze Camera Owners Do?
Those who own Wyze cameras are encouraged to remain watchful of their IoT devices, trying to keep them isolated in the context of wireless networks. Such devices should be isolated from local networks and guest networks. This feat can be accomplished with the use of a fully dedicated SSID that is strictly tied to IoT devices. Alternatively, those devices can be shifted to the guest network if the router is incapable of supporting the generation of multiple SSIDs.