Wyze Cams Laden with Bugs That Allow Hacker Takeovers

  • By Patrick Ryan
  • Apr 01, 2022

Attention all Wyze camera owners: your camera has bugs that have the potential to allow criminals to take over the device. If a criminal obtains control over your Wyze camera, they will have access to the entirety of your video feeds.

Why are the Bugs in Wyze Cams a Major Problem?

The last thing a homeowner or business owner needs is for a hacker to watch their video feeds. If a malicious actor takes advantage of Wyze camera bugs, they can access the video feed by executing an arbitrary code. The execution of the arbitrary code also sets the stage for the hacker to illegally read the camera's SD card.  

Recent hacks into Wyze cameras were characterized by access to the SD cards that remained unsolved for several years. The bugs center on a bypass for authentication and a remote code execution flaw related to a stack buffer overflow. There is also the potential for hackers to obtain unauthenticated access to all SD cards in the camera through bug exploitation.  

It is even possible that a skilled hacker will successfully exploit the bypass weakness vulnerability to the point that they gain total control over the device. Such a hacker has the potential to disable the SD card recording, turn the camera on and off, and even alter it with chaining through the stacked-based buffer overflow. Such chaining sets the stage for the hacker to observe the video feed as well as the audio feed in real-time. In short, the entirety of Wyze's camera footage that is recorded and live can be accessed by hackers.

How Were the Bugs Discovered?

Bitdefender, a cybersecurity business based in Romania, initially identified the bugs in Wyze cameras. Bitdefender contacted Wyze vendors in the spring of 2019 to notify them of the digital attack.

How is Wyze Responding to the Digital Security Flaw?

Wyze's tech team has released several patches to correct the bug. The initial patch was released in the fall of 2019. The second patch was released 14 months later, in 2020. However, the issue still loomed up until the winter of 2022. It was not until the final days of January 2022 when Wyze issued firmware updates to address the bug pertaining to unauthenticated access to Wyze cameras' SD cards. This update was provided at the time when the wireless camera company abruptly halted sales of its version 1 cameras.  

Wyze cameras categorized as categories 2 and 3 received patches to shore up the weaknesses described above. The end result of the company's attempts to correct the bugs is that those who own Wyze version 1 cameras are still subjected to considerable risk. Some also question whether the camera specialist has fully protected its more recent models.

What Should Wyze Camera Owners Do?

Those who own Wyze cameras are encouraged to remain watchful of their IoT devices, trying to keep them isolated in the context of wireless networks. Such devices should be isolated from local networks and guest networks. This feat can be accomplished with the use of a fully dedicated SSID that is strictly tied to IoT devices. Alternatively, those devices can be shifted to the guest network if the router is incapable of supporting the generation of multiple SSIDs.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Flagstar Bank Breach Impacts More Than a Million Customers

Flagstar Bank Breach Impacts More Than a Million Customers

Flagstar Bank is in the news for the wrong reason. The bank recently publicized the fact that it discovered a digital breach.

Weekly Recap June 24 2022

Weekly Recap June 24 2022

We are nearly halfway through 2022. News stories detailing hacks and other digital breaches continue to roll in on a daily basis.

Cybercrime Related to Travel Soars at the Year’s Halfway Point

Cybercrime Related to Travel Soars at the Year’s Halfway Point

There has been a significant spike in tourism following the gradual decline of the coronavirus pandemic.  The increase in travel has caught the attention of digital miscreants looking to scam tourists as well as travel services providers.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.