Vulnerabilities in Wyze Cam IoT camera firmware

Vulnerabilities in Wyze Cam IoT camera firmware


According to security research and experts from Bitdefender, there are problems with the firmware of Wyze Cam IP video cameras in terms of security. The authentication process can allegedly be bypassed quite easily by criminals. Thus, total control over the device can be gained from the outside.

All sensitive information is also automatically disclosed. This includes, for example, the SD card of the camera or the configuration data. All of this data can be easily read. As a result, malicious code is installed. This gap can easily be closed with an update. However, this is not possible for the first version of the camera.

Bitdefender reveals everything

Bitdefender disclosed this sensitive information as early as March 29, 2022. A surveillance camera always provides very sensitive content. If this data is analyzed, it may only be done under strict data protection regulations. This is precisely why the issue is so sensitive. Security gaps, such as the one mentioned above, allow complete access and can cause great damage. Very often, various personal rights are also violated.

Wyze as a cheap supplier for smart home devices

Wyze is a relatively inexpensive provider for the smart home sector. The brand mainly offers locks, lamps and cameras. So far, it has not been clarified to what extent the company is connected to Alibaba and China. The various connected cloud services are not secure; there had been some problems in this regard in December 2021.

The authentication logic as a fundamental problem

The main issue is a flaw in terms of authentication logic. The attacker can easily bypass the login and subsequently control all devices. Affected are Wyze Cam Pan v2 versions prior to 4.49.1.47, Wyze Cam v2 versions prior to 4.9.8.1002 and Wyze Cam v3 versions prior to 4.36.8.32.

Third parties have no problems bypassing the authentication procedure. The user login is no challenge at all for someone who wants to cause damage. The enr value, which is actually required, is not even asked for in this case. This is exactly the weak point. Criminals therefore have complete access to all the contents of a video camera's SD card. With the help of a link, the directory can also be read out without any problems. Because there are so many errors in combination, the damage can be correspondingly extensive.

No solution from the manufacturer

A patch can no longer be supplied by the manufacturer for many versions for various reasons. The Wyze Cam V1, for example, is no longer sold at all. Therefore, customers with such a model should always replace the device. Those who still want to keep their devices can use an online scanner for this purpose. This way, endangered devices are identified and marked as far as possible. However, vulnerabilities are not eliminated with this approach. The best thing to do is to look for the latest firmware. The goal is to update all devices whenever possible when a new version is released by the manufacturer. Websites provide an overview and collect all updates.

IoT devices should always be viewed critically anyway. As soon as a camera is connected to the online cloud, problems can arise.