Wyze Cam Vulnerabilities Could Let Attackers Access the Live Feed, Research Finds

Bitdefender’s security researchers investigated all iterations of the Wyze Cam device and found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card.

Smart cameras are always a sensitive subject because of their importance in a household. They are often used to monitor children, backyards and other areas, meaning they collect data that should never end up in the hands of attackers.

The Wyze Cam investigation revealed a series of vulnerabilities that could have been easily weaponized in the wrong hands. Typically, the window for responsible disclosure is 90 days, but Bitdefender contacted the vendor all the way back in March 2019. Publishing details on the vulnerability in the absence of a patch is problematic when it comes to smart cameras, so Bitdefender waited until the vendor fixed the issues.

First of all, security researchers managed to bypass the authentication process for remote connection and obtained almost total control.

“After authentication, we can fully control the device, including motion control (pan/tilt), disabling recording to SD, turning camera on/of, among others,” explained the researchers in the whitepaper. “We can’t view the live audio and video feed, though, because it is encrypted.”

The second vulnerability is a more standard stack buffer overflow, which would have given attackers access to the live feed combined with the remote authentication bypass.

Finally, the third vulnerability was more of an oversight because it allowed users to view the contents of the SD card via the webserver listening on port 80 without authentication.

“This is due to the fact that, after an SD card is inserted, a symlink to the card mount directory is automatically created in the www directory, which is served by the web server,” the researchers also explained.

The company issued patches to fix these issues, but three generations of cameras are affected. While versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and no longer receives security fixes. If you have one of these unsupported cameras, switching to a supported model is recommended.

Download the research paper here