If you weren’t getting rid of Wyze devices before the Wyzecam v1 fiasco where they lied, this is a great time to do so. Unplug your Wyze stuff and hit 'em right in the metrics
Wyze security camera owners reported that they could briefly see feeds from cameras they didn’t own
Submitted 9 months ago by dantheclamman@lemmy.world to technology@lemmy.world
https://www.theverge.com/2023/9/8/23865255/wyze-security-camera-feeds-web-view-issue
Comments
mashbooq@infosec.pub 9 months ago
Stop using cloud-connected cameras!!!
SendMePhotos@lemmy.world 9 months ago
But How can I see stuff remotely?
mashbooq@infosec.pub 9 months ago
Best way would be to set up a VPN that lets you connect to your home network remotely, and set up cameras that are only connected to your LAN
xinaked@lemmy.world 9 months ago
tailscale
chicken@lemmy.dbzer0.com 9 months ago
I have a camera connected to a raspberry pi running motioneye, remote connect to it with pitunnel, works pretty well.
pineapplelover@lemm.ee 9 months ago
Using Lorex right now but I don’t really know how it works. Some type of NVR setup but allows for remote viewing on their app. I think it’s just sending video to lorex servers so we can stream on phone but don’t know if they’re saving the feed on their end or not. Haven’t heard any bad things from this brand so I hope it’s safe. Too lazy to do all the tailscale stuff.
ripcord@kbin.social 9 months ago
Again????? This is the third time and of course the last two times they promised they'd rearchitect so it could never happen.
The fact that this can happen means that they or anyone can see your camera data at any time. There is zero real security or privacy.
unphazed@lemmy.world 9 months ago
Yeah this is why I have mine outdoors, except my 3d printer one. Never record what you wish to be private.
jerrythejared@infosec.pub 9 months ago
This is why I’ll only use outside cameras. Almost no cameras are safe.
bjoern_tantau@swg-empire.de 9 months ago
That’s why I only use inside cameras, eg dumb cameras where I can ensure that they are only accessible inside my LAN.
waffle@lemmy.world 9 months ago
Can you recommend some reputable brands?
FlyingSquid@lemmy.world 9 months ago
I don’t have any security cameras, but unless you have a whole bunch of computers at home, a LAN is what, 3 maybe 4 machines? Those could easily all be stolen by the person who breaks into the house with the cameras.
I don’t know what the solution here is because I sure wouldn’t trust the Internet as the solution.
littlecolt@lemm.ee 9 months ago
These fucking cameras and all like them are the bane of my existence. I’m an ISP repair rep. People lose their fucking shit if they can’t surveil their fucking house for 5 minutes. “The Internet is down! Reboot it!” “Are you at home too troubleshoot?” “No! But I can’t see my fucking cat vomiting on my couch from work!!!” Jesus fucking Christ, your house will be there when you get home. Fuck
librechad@lemm.ee 9 months ago
This is my father. We have about 10 ring cameras surrounding the house and I fucking hate it. Meanwhile, I’m a distibutor for AXIS Security cameras and could easily replace all of them for free. He still insists no. I fucking hate it here sometimes.
JonEFive@midwest.social 9 months ago
Not to mention providers giving-in to subpoenas without even the slightest fight, and you would never know about it. Heck, some don’t even require subpoenas, a simple law enforcement request might be enough.
littlecolt@lemm.ee 9 months ago
Christ that sounds awful.
Franzia@lemmy.blahaj.zone 9 months ago
Lmfaooooooo
sysadmin420@lemmy.world 9 months ago
Fuckin awesome.
Knusper@feddit.de 9 months ago
If you’re incapable of building a secure service, maybe you shouldn’t be routing people’s camera feeds through that service.
Abnorc@lemm.ee 9 months ago
But you didn’t factor in how much money we can make at the expense of our users.
seathru@lemm.ee 9 months ago
Your Wyze webcam might have let other owners peek into your house
IF you happened to be logged into Wyze’s horrible web viewer during the 30 min things got screwy. Didn’t this happen to amazon a couple years ago? I remember briefly getting someone else’s cart/purchase history.
Archer@lemmy.world 9 months ago
That was Steam
ABCDE@lemmy.world 9 months ago
There are still thousands of unsecured cameras from that leak a while back.
pewgar_seemsimandroid@lemmy.blahaj.zone 9 months ago
you never know this could be helpful for 4chan
irotsoma@lemmy.world 9 months ago
This is why I’d never use a hosted service for interior cameras, only exterior ones.
bogdugg@sh.itjust.works 9 months ago
As a child, I remember it was trivial to use Google to see through surveillance webcams that people from around the world had purchased and left unsecured and public on the internet. I hadn’t thought much of it then, including how obviously invasive of their privacy it was, but I think it has left me with an awareness of just how little these systems should be trusted to protect that privacy. I have no trust in the system to protect my data from anyone.
Bitrot@lemmy.sdf.org 9 months ago
Those are still around. They are the local services that people suggest instead of Nest or something, where “you control your own data”. Turns out nothing is foolproof.
Semi-Hemi-Demigod@kbin.social 9 months ago
I mean, if you install a door with no locks on it it's not Home Depot's fault if someone walks in.
lazyvar@programming.dev 9 months ago
You can still do this if you use www.shodan.io
It’ll let you find IoT devices and cameras connected to the internet if you know what to search for and an alarming amount of them are locked behind an admin/admin login.
I advise against nosying around because there’s a near 100% chance that it’s illegal to do so in your jurisdiction.
Puzzle_Sluts_4Ever@lemmy.world 9 months ago
So I have a few wyze cameras but it isn’t the end of the world as I specifically placed them where they would benefit me but i wouldn’t care if cops got access to the footage (so specifically pointing at my front door, not the street).
But apparently amazon has both the coral USB dongles and yet another pi 4 that I really don’t need on sale so… yolo, let’s frigate.
Anyone aware of any good wireless outdoor cameras that play well with that ecosystem? Will eventually run ethernet for POE and the like but “eventually” is not any time soon.
radau@lemmy.dbzer0.com 9 months ago
These cameras work very well with the wz_mini_hacks firmware completely cut off from the internet. I’m using frigate and home assistant for notifying and it’s honestly way better than the wyze app ever was.
I’m running frigate on a Lenovo m900 with the coral USB accelerator and my CPU usage is super low so you could probably get away with the Pi4!
PFShady@lemmy.world 9 months ago
I’ve been using Amcrest cameras with Frigate and a Coral USB. It’s been working perfectly. My cameras are on a VLAN with no Internet access and it hasn’t caused any issues.
radau@lemmy.dbzer0.com 9 months ago
Do you have any of their doorbells? I went back to a physical doorbell button with home assistants sky connect dongle linked up to a motion sensor at the door just so I know when someone’s there but would love to get a camera up there that isn’t some ring bs
mob@lemmy.world 9 months ago
Is the Pi4 on sale still around the 100$ mark?
I’d love another Pi at the original.prices
AArun@programming.dev 9 months ago
rpilocator.com is what I use recently got my hands on an 8gb model for $75 USD
stealth_cookies@lemmy.ca 9 months ago
Less than that. I can get a pi4 2GB for about $65 CAD in stock right now and about $10 more for a 4GB. Looks like the 1GB and 8GB are out of stock.
AArun@programming.dev 9 months ago
I’ve been partial to amcrest they’re affordable and “us” based even though they’re rebranded dahua cameras. Everything I’ve read says they’re compatible with frigate and even home assistant if you plan to use that as well. I’ve been trying to do a similar setup for myself.
tabular@lemmy.world 9 months ago
They don’t own the ones they paid for either, someone else is in control…
Max_P@lemmy.max-p.me 9 months ago
Jokes on them, ours died a few months after their ~expiration date~ one year warranty.
Next ones are going to be plain dumb RTMP cameras over PoE cat6 feeding a local server.
user224@lemmy.sdf.org 9 months ago
I see you tried to make strike through text. You’re missing one more pair of the… damn, can’t remember what it’s called. The home symbol.
strikethrough~~strikethrough~~
AssPennies@lemmy.world 9 months ago
Edit: Tilde
I prefer the call it a floppy hyphen. Though I’m not allowed to use the term in code reviews anymore.
jetsetdorito@lemm.ee 9 months ago
Frigate has been great. Shinobi was cool too.
leaf@lemmy.ca 9 months ago
Why are people still using these?
seathru@lemm.ee 9 months ago
They are cheap and work decent most of the time. I have a few and don’t have many complaints. But I also treat them as if they were publicly accessible. I hope someone got to watch my cats out in their catio and it made their day better.
Ataraxia@sh.itjust.works 9 months ago
Lol exactly. We don’t have ours pointing at anything that matters. Both on the patio, one to watch the local cats and the other to see who is at the door.
leaf@lemmy.ca 9 months ago
For something like that sure, but there are people who do have them in places that should be private.
autotldr@lemmings.world [bot] 9 months ago
This is the best summary I could come up with:
Some Wyze security camera owners reported Friday that they were unexpectedly able to see webcam feeds that weren’t theirs, meaning that they were unintentionally able to see inside of other people’s houses.
A Wyze customer support agent confirmed to The Verge that this was indeed happening.
“Went to check on my cameras and they are all gone be replaced with a new one… and this isn’t mine!” wrote one user.
Each thread has comments from other Reddit users reporting similar issues.
“While we work to get this resolved, Wyze Web View functionality may be limited or unavailable,” they told me.
Wyze’s PR team didn’t immediately reply to an emailed request for comment.
The original article contains 398 words, the summary contains 112 words. Saved 72%. I’m a bot and I’m open source!
iHUNTcriminals@lemm.ee 9 months ago
So… How do I compare…? 🍆
GlitzyArmrest@lemmy.world 9 months ago
Cameras connected to the public internet are such a bad idea.
coffeebiscuit@lemmy.world 9 months ago
No it isn’t! - CIA
Semi-Hemi-Demigod@kbin.social 9 months ago
Wait, isn't every camera public? - NSA
Album@lemmy.ca 9 months ago
Agreed! -CCP
Wyze cameras phone home to China unfortunately.
Blackmist@feddit.uk 9 months ago
There used to be a website with a map and you could see all these open unsecured cameras they’d found around the world. Mostly by searching Google for the page name they all had.
Some of them seemed intentional, like traffic cams, cameras on the roof looking out over the city, etc, but there were so many fat men sat around watching TV in their underpants, random families in the kitchen, and so on.
neumast@lemmy.world 9 months ago
http://www.insecam.org/ is still alive!
realharo@lemm.ee 9 months ago
It would be fine if the footage was end-to-end encrypted, meaning you need to transfer the encryption/decryption keys from device to camera, and then manually between all devices that should have access to the decrypted footage.
Camera would only ever send out encrypted footage, and thus it would be insufficient to have access to the cloud account if you want to view the footage - you would need both access to the account (to obtain the encrypted data) and the decryption key (to actually decrypt it). The decryption key must never reach any 3rd party servers and can only be manually transferred between devices that should have access.
PeterPoopshit@lemmy.world 9 months ago
How would I encrypt an rtsp stream so I can port forward it and then how to I unencrypt that stream for use on a local server?
cley_faye@lemmy.world 9 months ago
It is a bad idea. On one hand, we have the mean to make them quite secure. There is no such thing as an unbreakable encryption, but with proper key management and using decent enough algorithms we can totally do something that puts your camera out of reach of most thing that are not nation-scale organisations. On the other hand, it’s mildly more inconvenient than “installing an app and entering your email”, as it might require stuff like doing a tiny little bit of setting up.
So, the unsecure/“trust the service” way it is.
frododouchebaggins@lemmy.world 9 months ago
What’s the alternative to putting them on the pUbLic InTeRnEt? I pay my ISP $2000 per month for my own private MPLS? It’s not a bad idea because there is no reasonable alternative. Risk mitigation is the key, as you seem to be aware.
Sharkwellington@lemmy.one 9 months ago
What are the alternatives?
GlitzyArmrest@lemmy.world 9 months ago
A local NVR, like Frigate or Blue Iris.
gamer@lemm.ee 9 months ago
A camera not connected to the public internet.
TORFdot0@lemmy.world 9 months ago
I’d argue that it’s more convenient to have clouds connect for recording and storage purposes but so many cameras come with SD cards built in now that the cloud storage isn’t even really an advantage anymore either.
ramjambamalam@lemmy.ca 9 months ago
A security camera with only local storage has a pretty obvious flaw that the incriminating footage can be more easily stolen and/or destroyed by the perpetrator.