Wyze Camera & Hacking Threats (Complete Guide).

Wyze is a company that provides many smart devices that can help protect your home from potential intruders such as connected doorbells, cameras, alarms, and more.

The Wyze outdoor and indoor cameras are among those devices provided by this manufacturer that offer many features such as motion and sound detection, color night vision, as well as the ability to receive notifications and control them remotely from your smartphone.

The main function of the Wyze Cam is to secure your property, but this gadget needs to be linked to the internet all the time in order to connect to your smartphone, which makes people wonder if a hacker can break into their network and hack this camera.

So, if you own or want to buy this camera but you are worried about your privacy, this article will be a real guide for you that will explain in detail everything you need to know about how hackers can break into your device and what you can do to protect yourself against them.

How does Wyze keep their cameras private and secure?

Like any other manufacturer, Wyze knows that hackers are a big threat to their business, and people worry more about their privacy these days, which forces the company to put extra effort into protecting their devices even if they are cheaper than other brands.

• AES 128-bit encryption & Transport Layer Security: When the Wyze camera records a video, it sends it to the server and then to your mobile phone and uses 128-bit AES encryption to ensure that the content is encrypted as it travels through the Internet the same thing happens when you want to access the live stream, so even if a hacker intercepts the data packet the data cannot be decrypted.
  
  Personal information like your passwords, usernames, and emails are sent to the AWS Cloud Server via the HTTPS protocol using Transport Layer Security (TLS) to ensure that eavesdroppers and hackers are unable to see what you transmit.
  
  They also use symmetric and asymmetric encryption, consistent hashing, and other ways to make sure users’ information cannot be stolen.
  
• Two-Factor Authentication: This is another method used by the company to protect your Wyze account from which you manage the camera and make it harder for hackers to access your account even if they have the username and the password, as this secures your account with a secondary authentication token.
  
  This secondary token is generated after you enter your email and password, and is a requirement to sign in as long as 2FA is enabled on your account.
  
  You can use text message (SMS) or the Authenticator app as a secondary authentication token.
  
• Strict password requirement: In order to access your account and manage your camera you need a username and password, and Wyze has strict password requirements to ensure that you’re protected and hackers can’t get your password easily.
  
  Your Wyze account password must be a minimum of ten (10) characters long when set up in the app and eight characters long when set up on the website.
  
• App and firmware updates: Wyze releases new updates for their app as well as for the firmware that runs the camera, these updates are released to improve the functionality of the gadget and the app, as well as to correct any security issues detected in order to cut off the road for hackers to get into your cam.
  
• Limited login attempts: Hackers use bots to test different combinations of passwords and usernames in order to find the right one. So as a precaution measure Wyze has limited the login attempts.
  
  In a forum, the company asked its users to vote if they wanted to have a login history to see all the people who failed to get into their account, so maybe they will add this feature in the future.

How hackers can get access to your Wyze cam?

Attackers can use many ways to get into your Wyze camera and see all what you are doing inside your house, so in this section, we’re going to explore all these methods.

• Wyze App: The app is essential if you want to access the live stream, watch the recorded video or simply manage the camera remotely from your smartphone or tablet.
  
  So as we mentioned before the company releases new updates frequently to fix security issues to fight against hackers and if your app is not updated attackers will take advantage of the outdated design and use it as prey to get into your cam.
  
• Wyze Account: To control your camera or change and manage the settings you need an account that you can access from the Wyze website or mobile app, and those who own the account details can have full control of the cam and see the live feed and recorded footage.
  
  Hackers know that the account can be a good target so they’ll spam your login details until they can find your account password and username and the process can be easier when you’re using a simple password such as 12345 or abcde.
  
• Home router: Your Wyze camera will be connected to your network all the time in order to send you notifications when it detects sounds or movement, also to send the recorded footage to your mobile and let you control it remotely.
  
  And those who want to hack your gadget know that the router is the center of all your connected devices and if they can get to it they will have all your appliances in their hand.
  
  So attackers will use different cracking techniques to stole your router passwords such as Mask attacks, Hit-and-run attacks, Dictionary attacks, and much more.
  
• Smart speaker & display: Wyze cams are compatible with Alexa-enabled devices like Echo Dot or Echo Show, and also Google Home speakers and display which allows you to control the camera and see the live stream using your voice. And if the security of your smart speaker and display is neglected accessing them will be something easy for hackers.
  
• Other connected devices: You need to know that each device in your house that is connected to the network can be used as an entry point to get into your camera like your smartphone, tablet, TVs, connected doorbells, and much more.
  
  Also, the app and software that are installed on your computer or mobile need to be updated to face hackers’ threats.

How to know if your Wyze camera has been hacked?

Recognizing the signs that tell you if your network or camera has been hacked is important if you want to take the essential steps to protect your personal information and data before it’s too late.

• Unknown IP Addresses on Your Network: If you see an unknown address (especially a foreign one) in your router’s interface, this will most likely mean that a hacker has accessed your router, and maybe he’s here for your Wyze camera.
  
• Strange software or malware on your devices: Along with placing it directly on your router, a hacker can also download malware onto your computer or smartphone, this malware can indicate that your network is hacked.
  
  Those people will install malware on your laptop or mobile phone to steal your data and login information such as your Wyze username and password.
  
• Strange voice coming from the device: Same as other smart security cameras Wyze offer a microphone and speaker to let you hear and speak with people through your cam, so if you hear a weird voice coming from its speaker and no one inside your house is using it that could be a strong sign that a hacker access your account and take control of the cam.
  
  Also if you’re using your Wyze cam with a smart speaker such as Amazon Echo or Google Home and you notice a human strange voice coming from that device it could be a sign of the presence of a hacker.
  
• Change in the settings: modifying the settings in your Wyze cam is possible such as changing the clip length, adjusting the speaker volume and video quality, and much more.
  
  And only people who have access to the cam can modify these settings, so if you notice a change that means a hacker has changed them.
  
• Slow internet speed: Slow internet doesn’t always indicate a Wi-Fi hack, but if your network is slower than it used to be and you’re the only one using the internet inside your house that could be a sign that a hacker is using the bandwidth with you.
  
• Login credentials don’t work: Also when you notice that your Wi-Fi password or login to your router’s admin interface isn’t working, this could be a sign that a hacker has gotten into your router and changed it to lock you out.
  
  The same thing for your Wyze accounts the first thing that an attacker may do when getting access to your account is change the password and username in order to cut the road for you.

What a hacker can do if he accesses your Wyze cam?

People may ignore the security of the camera because they do not know the real danger they are exposed to when the camera is in the hands of a hacker who is usually a human with bad intentions.

So you need to know that when your cam is hacked the attacker can see all what you’re doing inside your house, hear all your conversations due to the built-in microphone, he can also talk to you using the two-way audio feature.

Hackers will be able to change the settings and login information and prevent you from getting into your own camera. They can also use the Wyze cam or app as an entry point to other devices such as your computer where important data are stored like your work files, family photos, credit card, and much more.

How to prevent Wyze cameras from being hacked?

So now we know that a presence of a hacker in your network or your camera can be a real threat to your privacy and your personal information, in this chapter I am going to teach you the right tips that you can implement in order to secure your Wyze Cam and your home network.

Activate Two-factor authentification.

As we mentioned before this method will boost the security of your Wyze account and prevent hackers from accessing your account even if they have the right username and password because they need a secondary authentication token.

Here’s how to activate SMS Two-Factor Authentication:

1. In the Wyze app, tap Account.
2. Tap Security > Two-Factor Authentication.
3. On the next screen, select Verification by SMS (text message).
4. Enter the phone number that you’d like to receive your verification codes.
5. Tap Verify Phone Number.
   • You’ll receive a text message with your verification code. Copy this code.
6. Paste the code on the Enter Code screen, then tap Next.
7. Optional step: Add a Backup Number. To skip, tap Skip for Now.
   • This number will only be used if your primary number is unusable.
   • A text will not be sent to the backup phone unless you tap Use Backup when logging in.

And here’s how to enable Authenticator App Two-Factor Authentication:

1. In the Wyze app, tap Account.
2. Tap Security > Two-Factor Authentication.
3. On the next screen, select Verification by Authentication App.
4. Open your authenticator app, and select Add Account.
5. Copy the code provided by the Wyze app to the Authenticator app.
   • If your preferred Authenticator app directs to QR entry, look for an option that lets you enter the code manually.
   • The Wyze app will not provide you with a QR code.
6. Once Wyze has been added to the authenticator app, copy the provided code from the Authenticator app to the Wyze app.

Source (Wyze)

Update all firmware.

Updating the firmware is mandatory to correct all security flaws that exist on your Wyze camera or any connected device that you already use in your house such as your smart doorbell, smart speaker or display, router and modem, and so on.

Also make sure to update all your apps and the software that are installed on your mobile phone, tablet, or computer.

Change default passwords.

Your Wyze cam comes with a default password from the manufacturer and this password is considered “easy-to-hack” and if you continue to use your gadget with it you’ll be under threat, so make sure to change it directly when buying the camera.

Default passwords are used in routers, modems, and any smart home device that you use, so ensure to change them all before hackers can guess them.

Use difficult and strong passwords.

Long and difficult passwords with numbers, uppercase, lowercase, characters, and symbols are mandatory if you want to avoid being hacked easily because that kind of password may take a year to be guessed compared to simple ones like “qwerty”, “12345” or “abcde”.

These are some examples of a strong and difficult password:

1. “A87bzO94+Z@§2n=$%”
2. “K6a3e7@R#h%Dy+J”
3. “Nb23@U=v19+1_H%6g”

Using difficult passwords is essential for all your home gadgets including your router, modem, cameras, smart doorbells, and so on.

Note: It’s considered good practice to change your password every three or six months and make sure to not use the same password and username for all your account that you use.

Disconnect the unused gadgets.

Hackers may use any of your smart home devices such as your connected door lock, computer, tablet as an entry point to access your Wyze camera, so make sure to disconnect all these devices connected to the internet when you are not using them.

Beware of phishing scams.

If you reach out to Wyze, there will be circumstances when an employee may request information to help with your case.

Wyze employees may ask for:

1. You to send us an email from the email address associated with your Wyze account.
2. A screenshot of the in-app Device Info screen to verify IP/MAC or a photo of the sticker on the device.
3. Recordings or screenshots of product pages, or sample video recordings to help troubleshoot visual and audio issues.
4. Your shipping address for returns, replacements, and sending out testing units.

Wyze employees will never ask for your:

1. Full credit card number (we only may ask for the last 4 digits).
2. Wyze account password.
3. Social Security Number (SSN).

Important: Wyze will only contact you using the following official channels: @wyze.com / @support.wyzecam.com / @forums.wyzecam.com

source (Wyze)

Add a firewall and VPN.

According to Fortinet, a firewall will monitor network traffic, stop virus attacks, prevents hacking, stop spyware, and promotes privacy which may be so beneficial for the security of your network and your camera as well.

The VPN will also improve security by establishing a secure, encrypted connection between your device and a private server, hiding your traffic from being seen by hackers.

Final word.

Even though Wyze is working on the security of its device, make sure you never neglect to implement good security tips like the ones we have shown in this article and try to be aware of any signs that might indicate that your Wyze camera is hacked in order to take security measures at the right time.