One of the many reasons I despise The Verge. They have been anything but journalism for many years. Truly irresponsible. Thanks for putting out the truth, Lon!
I purchased wyze cams several years ago and it was pretty much a disappointment from the start. Interaction with their so-called help desk was frustrating as their "support" was always arrogant, never admitting the problems could be with their product. I don't recall the issue of a vulnerability ever being mentioned probably due to their arrogance thinking their product was infallible. There was a couple of months transitioning from the sale of our home onto our retirement property where we have no internet that I realized how much I didn't miss the chaos of having to deal with Wyze. Now we're looking at better options and having a sledgehammer party with the old Wyze cams. I even plan to do a little target practice...
I find it pretty annoying that they're always either at the top of Google search results, is the only relevant article to the search query in the first page of search results, or are cited in the Answer Box that's at the top of the page. Very hard to avoid, I can imagine non-tech savvy people just clicking on them constantly just because of their placement.
Lon, I've followed you for years and this video of yours is exactly why. Even though it won't make the news like the Verge story did, it is good ammunition for those of us who often find ourselves trying to explain things like this to other. Thank you!!!
Thank you for being the voice of reason. That's why we love you. It's easy for people, especially us older folks to believe this because the old webcams and security cameras did have a lot of security vulnerabilities. They were never updated. It's nice to have remote connections to these types of devices. I'm extremely reluctant to ever allow that.
Excellent and reasoned take, Lon. Thank you. I'm a little pissed at Wyze for not being more proactive, but won't be throwing any of my 36 Wyze devices in eWaste. Luckily no v1 cams
I've been running custom firmware on my v1's for years, thanks for the heads up Lon! I'll be upgrading to some of their newer products, because I genuinely do like the product and services.
I think it is a really good time to have a video on the isolation of IoT devices at the network level, you did before for the Ubiquiti dream machine, but it is a big device and failed you multiple times,, An option like “Protectli” using pfsense seems like a good option or any other device that fits you, I use my Reolink cameras with Synology surveillance, I wasn’t able to isolate them using my current setup and I am in the market for a solution, and I think many people are after the recent vulnerabilities with this and qnap
Wish I had known this a year ago, I wasted money on 4 wyze cams only to have someone unlock my garage and steal all my bicycles without the camera warning me.
If you don't have these devices connected to the internet, they won't need any security updates because there is no attack vector available to get into them.
Thank you very much for the facts and the truth about the Wyze cameras. That is why your channel is one of the best, wait a minute, it is the best channel :-)
I wish I could go back to the 1980's... It really was simpler. Why does _everything_ it seems need to be an open digital portal? My biggest gripe about this trend is how it affects gaming. I want to own a physical copy of something but the day of the cartridge/disc is waning and it's all going to just be connecting to a digital library.
I have a roommate who i believe hack my camera outside my door.. He had a problem with my camera but he's a weird and level person. I do not trust him. He been shining laser on my camera too. I went away and my camera stop working. Its in slow motions. It also not showing the present recordings. I have wait forever for the motions and then its in slow motions. Its annoying. How can I fix this issues
Many of these click bate tech sites have been doing negative articles on anything to get hits. The authors seem to troll around on TH-cam and Reddit looking for stuff to blow out of proportion.
It is enraging that Verge only cared about clicks and didn't care at all about the damage they could cause to Wyze and its employees. I think Wyze should sue them. That's not to say that Wyze did nothing wrong here.
Oh my goodness...hackers can gain access of the live feed of my bunny, Guinee pigs and sleeping cats! What am I to do about their privacy being invaded?! Please, go ahead and watch. I don't care. I didn't buy these cheap devices expecting a secure robust security system! We love being able to check on our critters when away and they have worked remarkably well for that purpose.
I purchased 25 bulbs from wyze in 2019. One day they all just stopped working. NO support. This company has ongoing security issues, what it has going for it is Wyze products ARE cheap. His argment is essentially the security breach was not as agrious as reported however even this apologst cannot account for the lack of transparancy.
As a Vulnerability IT Engineer, I would caution that claiming attackers must be on the network physically is not entirely true. Yes they must be on your network, but falling for a phishing email once can do that. As a result, it is always recommended to keep IoT devices on a secondary network (I’d suggest the guest network feature of most routers.) just as you recommended. (Kudos to you for that!) Now if Wyze was selling these knowing they couldn’t be updated, they should provide refunds and/or class action lawsuit against them. If you car alarm was known to be faulty by the auto company and they refused to fix but still sold you a car that got stolen because of that flaw, I doubt they can hide behind their EULA because it was hiding information to start from the consumer before they entered the agreement. So the article was blown out but still has some truth and it sounds like Wyze needs to provide a fix regardless or to provide a refund. And agreed on EOL products especially if they are on your MAIN network. And that goes from Wyze to old iPhone and iPads, Alexa devices, wifi light bulbs, etc. Thank you for updating us. I would be curious if the open source firmware for Wyze cameras has the same flaws. (That is one way to get around “outdated” devices but then you accept that risk too…)
I like the idea of the guest network. However, does this mean that I would have to switch the WiFi on my phone to the guest network every time I want to use the Wyze app?
Complicated answer. In short, if it relays info through “the cloud” (like Alexa or Google’s assistant services) then you probably won’t need to. If you phone app has to directly connect (not through Cloud), then sadly yes. :( So, depends on how you use it. And usually for initial setup, you will have to directly connect. Personally I have HomeKit devices hosted locally with cloud as a backup so most of those devices are on my main network but anything cloud based (thermostat, lights) I have on the guest network. So depends on your devices and usage. With the Wyze I am not entirely sure since it is not Homekit compatible but I do believe based on some of Lon’s other videos that it is cloud based (as I believe they started charging for cloud storage a year or two back). In that case, aside from setup it should work. But again try it. :) You can always flip it back.
It was interesting to see just how short a time the V1 camera was being sold - looks like just about a year before they switched to V2 (which looks the same physically). They were using an off-the-shelf Xioami manufactured camera with their custom firmware. But it sounds like the mitigation for this issue required additional code that wouldn't fit on the V1 device.
Interesting times. The more convenient our lives get with IOT devices, the more we are exposed to financial and social ruin being that you are extorted by ransomware for money and your private financial information ends up on the web, or your most private memories and moments (I am not just talking about nude pics... STOP taking nude pictures of yourselves!) gets dump on the trash heap that is the web of today. Also, these companies. Where do I begin. My parents still use electronics like music amps and speakers and even video cameras etc. from the 70's and 80's Given that it is not 4k but the stuff just works. And none of those old devices is going to open their home to some unscrupulous people looking to make a quick buck, These days, you pay top dollar and are lucky if you get 5 years out of a device before it is trash. Where do I start, Sonos... yes I jumped in, payed thousands for my wireless speakers and amp and this and that... no longer supported. Ubiquiti access points, again paid top dollar and 18 months later my access points are no longer supported. Wyze... lucky for me I purchased a few mostly to see what all the hype was about but here we are. No longer supported. Lastly the hypocrisy not only of these companies and their leaders, but to consumers that scream about clean energy and to ban all fossil fuels (I guess mostly just in North America), and then buying these devices that are filling our garbage dumps and cannot really be reused for anything else. What about companies that sell you a device with an associated service and without that service, well you have an expensive brick. Same thing. I think we as consumers need to sit back and have deep long think about what we buy, how it is made, how long it will be usable and where it is going to end up if it is EOL. The price of convenience is not just what we pay now out of pocket, but the problems it is going to cause now and going into the future. Do we really need these things?
my concern is that my tinfoil hat is increasingly COMFORTABLE. Thinking about the future, a future may include a bad acting foreign government that directs/requires an enterprise in their sphere of "influence" to "update" thus providing said bad actor with data not previously/normally collected. It probably is not happening now (it is outside my brain capacity to know) but it might happen in the future.
Wyze is a manufacture who sells security equipment who had a pretty sizable vulnerability who then proceeded to very intentionally not let their customer-base know. Sticking up for this kind of behavior only lessens the weight of your words and weakens your ethics.
![TEEDEE TADA - DIAMOND NARAKORN X LEGO LYKN [Special Dance Performance]](http://i.ytimg.com/vi/QgtZedFeumA/mqdefault.jpg)
![ALLY - OH MY! [ REACTION ] 'Amarin Nitibhon' #ALLY_OHMY #ALLY #allynitibhon #แอลลี่](http://i.ytimg.com/vi/nX9qpHjVfbQ/mqdefault.jpg)
One of the many reasons I despise The Verge. They have been anything but journalism for many years. Truly irresponsible.
Thanks for putting out the truth, Lon!
Sloppy journalism.. If the guy had bothered to read the white paper and made a call or two he'd have a much better analysis.
I purchased wyze cams several years ago and it was pretty much a disappointment from the start. Interaction with their so-called help desk was frustrating as their "support" was always arrogant, never admitting the problems could be with their product. I don't recall the issue of a vulnerability ever being mentioned probably due to their arrogance thinking their product was infallible. There was a couple of months transitioning from the sale of our home onto our retirement property where we have no internet that I realized how much I didn't miss the chaos of having to deal with Wyze. Now we're looking at better options and having a sledgehammer party with the old Wyze cams. I even plan to do a little target practice...
Thanks Lon, the Verge is not a reliable source for tech info, not sure why people even read them. Anyone remember their "how to build a PC" video?
I find it pretty annoying that they're always either at the top of Google search results, is the only relevant article to the search query in the first page of search results, or are cited in the Answer Box that's at the top of the page.
Very hard to avoid, I can imagine non-tech savvy people just clicking on them constantly just because of their placement.
Thank You Lon! Always the voice of reason and sanity... Honestly don't know why you don't have at least a million followers...
Reasonable perspectives aren't profitable unfortunately.. :)
Lon, I've followed you for years and this video of yours is exactly why. Even though it won't make the news like the Verge story did, it is good ammunition for those of us who often find ourselves trying to explain things like this to other. Thank you!!!
If a hacker has access to your local network, your Wyze cameras and video of your front and back yards are the least of your problems.
Exactly
My thoughts exactly. I guess the fear is internal house camera's.
Agendas, they're a hell of a thing.
Thank you for being the voice of reason. That's why we love you. It's easy for people, especially us older folks to believe this because the old webcams and security cameras did have a lot of security vulnerabilities. They were never updated. It's nice to have remote connections to these types of devices. I'm extremely reluctant to ever allow that.
Excellent and reasoned take, Lon. Thank you. I'm a little pissed at Wyze for not being more proactive, but won't be throwing any of my 36 Wyze devices in eWaste. Luckily no v1 cams
I've been running custom firmware on my v1's for years, thanks for the heads up Lon! I'll be upgrading to some of their newer products, because I genuinely do like the product and services.
Curious: How do you know the custom firmware is not compromised?
I think it is a really good time to have a video on the isolation of IoT devices at the network level, you did before for the Ubiquiti dream machine, but it is a big device and failed you multiple times,,
An option like “Protectli” using pfsense seems like a good option or any other device that fits you, I use my Reolink cameras with Synology surveillance, I wasn’t able to isolate them using my current setup and I am in the market for a solution, and I think many people are after the recent vulnerabilities with this and qnap
The Verge getting something wildly wrong about computer tech and then trying to sweep it under the rug? Say it ain't so! /s
Wish I had known this a year ago, I wasted money on 4 wyze cams only to have someone unlock my garage and steal all my bicycles without the camera warning me.
Thanks for sharing Lon. 👍🏻
Verge not reporting accurately? Never would have expected that! /sarcasm
I use my Wyze camera V2 only a few week a year. When I’m ready to go on a trip, I plug it in and update firmware. Easy peasy
Keep up the great work
In other words, The Verge's original article was a Wyzecrack.
Always looking out for us first. Thank you for looking out for us. Best TH-cam reviewer period.
If you don't have these devices connected to the internet, they won't need any security updates because there is no attack vector available to get into them.
typical Verge quality reporting
the verge is a joke
they've gone into the shitter like snopes and vice.
My camera kept going off. My videos was erase on my sd card. When it still had time I was recording by events only ,not continuous recording.
Thank you very much for the facts and the truth about the Wyze cameras. That is why your channel is one of the best, wait a minute, it is the best channel :-)
I've been using Elias Kotlyar's alternative firmware for a good few years now.
Purge the Verge!
Really?! They've just turned into click bait sensationalism. I haven't paid attention to them in years
I wish I could go back to the 1980's... It really was simpler. Why does _everything_ it seems need to be an open digital portal? My biggest gripe about this trend is how it affects gaming. I want to own a physical copy of something but the day of the cartridge/disc is waning and it's all going to just be connecting to a digital library.
I have a roommate who i believe hack my camera outside my door.. He had a problem with my camera but he's a weird and level person. I do not trust him. He been shining laser on my camera too. I went away and my camera stop working. Its in slow motions. It also not showing the present recordings. I have wait forever for the motions and then its in slow motions. Its annoying. How can I fix this issues
Many of these click bate tech sites have been doing negative articles on anything to get hits. The authors seem to troll around on TH-cam and Reddit looking for stuff to blow out of proportion.
The author of the Verge article is done with Wyze but I’m done with The Verge!
It is enraging that Verge only cared about clicks and didn't care at all about the damage they could cause to Wyze and its employees. I think Wyze should sue them. That's not to say that Wyze did nothing wrong here.
Oh my goodness...hackers can gain access of the live feed of my bunny, Guinee pigs and sleeping cats! What am I to do about their privacy being invaded?! Please, go ahead and watch. I don't care. I didn't buy these cheap devices expecting a secure robust security system! We love being able to check on our critters when away and they have worked remarkably well for that purpose.
I purchased 25 bulbs from wyze in 2019. One day they all just stopped working. NO support. This company has ongoing security issues, what it has going for it is Wyze products ARE cheap. His argment is essentially the security breach was not as agrious as reported however even this apologst cannot account for the lack of transparancy.
As a Vulnerability IT Engineer, I would caution that claiming attackers must be on the network physically is not entirely true. Yes they must be on your network, but falling for a phishing email once can do that.
As a result, it is always recommended to keep IoT devices on a secondary network (I’d suggest the guest network feature of most routers.) just as you recommended. (Kudos to you for that!)
Now if Wyze was selling these knowing they couldn’t be updated, they should provide refunds and/or class action lawsuit against them.
If you car alarm was known to be faulty by the auto company and they refused to fix but still sold you a car that got stolen because of that flaw, I doubt they can hide behind their EULA because it was hiding information to start from the consumer before they entered the agreement.
So the article was blown out but still has some truth and it sounds like Wyze needs to provide a fix regardless or to provide a refund.
And agreed on EOL products especially if they are on your MAIN network. And that goes from Wyze to old iPhone and iPads, Alexa devices, wifi light bulbs, etc.
Thank you for updating us.
I would be curious if the open source firmware for Wyze cameras has the same flaws. (That is one way to get around “outdated” devices but then you accept that risk too…)
I like the idea of the guest network. However, does this mean that I would have to switch the WiFi on my phone to the guest network every time I want to use the Wyze app?
Complicated answer. In short, if it relays info through “the cloud” (like Alexa or Google’s assistant services) then you probably won’t need to. If you phone app has to directly connect (not through Cloud), then sadly yes. :( So, depends on how you use it. And usually for initial setup, you will have to directly connect.
Personally I have HomeKit devices hosted locally with cloud as a backup so most of those devices are on my main network but anything cloud based (thermostat, lights) I have on the guest network.
So depends on your devices and usage. With the Wyze I am not entirely sure since it is not Homekit compatible but I do believe based on some of Lon’s other videos that it is cloud based (as I believe they started charging for cloud storage a year or two back). In that case, aside from setup it should work.
But again try it. :) You can always flip it back.
It was interesting to see just how short a time the V1 camera was being sold - looks like just about a year before they switched to V2 (which looks the same physically). They were using an off-the-shelf Xioami manufactured camera with their custom firmware. But it sounds like the mitigation for this issue required additional code that wouldn't fit on the V1 device.
As bad as the reporting is on the facts, it's clear their company can't afford to secure its products in a timely manner.
Interesting times. The more convenient our lives get with IOT devices, the more we are exposed to financial and social ruin being that you are extorted by ransomware for money and your private financial information ends up on the web, or your most private memories and moments (I am not just talking about nude pics... STOP taking nude pictures of yourselves!) gets dump on the trash heap that is the web of today. Also, these companies. Where do I begin. My parents still use electronics like music amps and speakers and even video cameras etc. from the 70's and 80's Given that it is not 4k but the stuff just works. And none of those old devices is going to open their home to some unscrupulous people looking to make a quick buck,
These days, you pay top dollar and are lucky if you get 5 years out of a device before it is trash. Where do I start, Sonos... yes I jumped in, payed thousands for my wireless speakers and amp and this and that... no longer supported. Ubiquiti access points, again paid top dollar and 18 months later my access points are no longer supported. Wyze... lucky for me I purchased a few mostly to see what all the hype was about but here we are. No longer supported. Lastly the hypocrisy not only of these companies and their leaders, but to consumers that scream about clean energy and to ban all fossil fuels (I guess mostly just in North America), and then buying these devices that are filling our garbage dumps and cannot really be reused for anything else. What about companies that sell you a device with an associated service and without that service, well you have an expensive brick. Same thing.
I think we as consumers need to sit back and have deep long think about what we buy, how it is made, how long it will be usable and where it is going to end up if it is EOL. The price of convenience is not just what we pay now out of pocket, but the problems it is going to cause now and going into the future. Do we really need these things?
my concern is that my tinfoil hat is increasingly COMFORTABLE. Thinking about the future, a future may include a bad acting foreign government that directs/requires an enterprise in their sphere of "influence" to "update" thus providing said bad actor with data not previously/normally collected. It probably is not happening now (it is outside my brain capacity to know) but it might happen in the future.
Hopefully, Wyze offers those v1 cam owners a discounted upgrade path for newer cameras.
Yea im sick of these stupid hack stories i have asked in the past how anyone could access the cam with port forwarding off but they refuse to answer
Anyone can make claims. They need to give a how to, otherwise they are lying
Wyze is a manufacture who sells security equipment who had a pretty sizable vulnerability who then proceeded to very intentionally not let their customer-base know. Sticking up for this kind of behavior only lessens the weight of your words and weakens your ethics.
Did you watch the video?