Your Wyze webcam might have let other owners peek into your house
www.theverge.com
Wyze’s web viewer was showing unexpected feeds.
    • realharo@lemm.eeEnglish
      15·
      1 year ago

      It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device (e.g. a phone) to camera, and then manually between all devices that should have access to the decrypted footage.

      Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.

      There are still possible attack vectors, like malicious firmware updates, or the viewer client app updates, but those are very difficult to exploit, and pretty much exist in most “secure” software today (including from companies like Google, Apple, Meta, etc.). They could be mitigated by hardware design (do the encryption in hardware, camera’s software never has access to decrypted footage) and open source viewer clients that the user controls, but I would consider a camera sufficiently secure (for non-sensitive locations) without those.

      • PeterPoopshit@lemmy.worldEnglish
        3·
        1 year ago

        How would I encrypt an rtsp stream so I can port forward it and then how to I unencrypt that stream for use on a local server?

        • realharo@lemm.eeEnglish
          3·
          1 year ago

          I guess you wouldn’t. Use a different protocol, one that supports the security you need.

        • grandkaiser@lemmy.worldEnglish
          3·
          1 year ago

          Encrypted VPN between each side. IPSEC over GRE using 1024-bit AES encryption is more than enough.

          Honestly though, if someones cracking IPSEC with any encryption against a random person then that’s already leagues more than any script kiddie is capable of and professional hackers don’t have the motive.

    • cley_faye@lemmy.worldEnglish
      5·
      1 year ago

      It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it’s mildly more inconvenient than “installing an app and entering your email”, as it might require stuff like doing a tiny little bit of setting up.

      So, the unsecure/“trust the service” way it is.

        • cley_faye@lemmy.worldEnglish
          1·
          1 year ago

          It’s a bad idea because of the de-facto “requirement” that people want everything available everywhere with zero setup, causing cheap, completely insecure solution to become the norm. Just don’t use “cloud-based, app-enabled zero-config ultra easy trust me bro I know what I’m doing” camera and get proper stuff that allows you to control what goes where and use decent encryption.

    • TORFdot0@lemmy.worldEnglish
      4·
      1 year ago

      I’d argue that it’s more convenient to have clouds connect for recording and storage purposes but so many cameras come with SD cards built in now that the cloud storage isn’t even really an advantage anymore either.

  • Archer@lemmy.worldEnglish
    70·
    1 year ago

    If you weren’t getting rid of Wyze devices before the Wyzecam v1 fiasco where they lied, this is a great time to do so. Unplug your Wyze stuff and hit 'em right in the metrics

  • littlecolt@lemm.eeEnglish
    212·
    1 year ago

    These fucking cameras and all like them are the bane of my existence. I’m an ISP repair rep. People lose their fucking shit if they can’t surveil their fucking house for 5 minutes. “The Internet is down! Reboot it!” “Are you at home too troubleshoot?” “No! But I can’t see my fucking cat vomiting on my couch from work!!!” Jesus fucking Christ, your house will be there when you get home. Fuck

    • librechad@lemm.eeEnglish
      9·
      1 year ago

      This is my father. We have about 10 ring cameras surrounding the house and I fucking hate it. Meanwhile, I’m also a distributor for security cameras and could easily replace all of them for free. He still insists no. He likes that he can easily prey on me when I go outside for 1-2 seconds to grab a drink or go outside for a smoke.

      I already hate feeling watched but the need for audio is just ridiculous. Law enforcement can basically just intercept the feeds and listen/watch you anytime they want to. The FBI abused a spy tool 280,000 times this year, so I doubt they’ll respect your rights, if you even have any at this point.

      I wish I grew up during the days without cameras being on every single building.

  • bogdugg@sh.itjust.worksEnglish
    12·
    1 year ago

    As a child, I remember it was trivial to use Google to see through surveillance webcams that people from around the world had purchased and left unsecured and public on the internet. I hadn’t thought much of it then, including how obviously invasive of their privacy it was, but I think it has left me with an awareness of just how little these systems should be trusted to protect that privacy. I have no trust in the system to protect my data from anyone.

  • seathru@lemm.eeEnglish
    131·
    1 year ago

    Your Wyze webcam might have let other owners peek into your house

    IF you happened to be logged into Wyze’s horrible web viewer during the 30 min things got screwy. Didn’t this happen to amazon a couple years ago? I remember briefly getting someone else’s cart/purchase history.

  • tabular@lemmy.worldEnglish
    132·
    1 year ago

    They don’t own the ones they paid for either, someone else is in control…

    • PFShady@lemmy.worldEnglish
      5·
      1 year ago

      I’ve been using Amcrest cameras with Frigate and a Coral USB. It’s been working perfectly. My cameras are on a VLAN with no Internet access and it hasn’t caused any issues.

      • radau@lemmy.dbzer0.comEnglish
        3·
        1 year ago

        Do you have any of their doorbells? I went back to a physical doorbell button with home assistants sky connect dongle linked up to a motion sensor at the door just so I know when someone’s there but would love to get a camera up there that isn’t some ring bs

        • PFShady@lemmy.worldEnglish
          4·
          1 year ago

          I have the Amcrest AD410 actually. I’m pretty sure the Amcrest app uses cloud but I could be wrong. That said, it integrates with home assistant and frigate perfectly at the local level so I get instant notifications when there is motion. If they ring the doorbell I leverage home assistant to be notified immediately along with a picture of when the button was pressed. I’ve been very happy with it.

    • radau@lemmy.dbzer0.comEnglish
      4·
      1 year ago

      These cameras work very well with the wz_mini_hacks firmware completely cut off from the internet. I’m using frigate and home assistant for notifying and it’s honestly way better than the wyze app ever was.

      I’m running frigate on a Lenovo m900 with the coral USB accelerator and my CPU usage is super low so you could probably get away with the Pi4!

    • mob@lemmy.worldEnglish
      2·
      1 year ago

      Is the Pi4 on sale still around the 100$ mark?

      I’d love another Pi at the original.prices