1 min read

Wyze Cam Vulnerabilities Could Let Attackers Access the Live Feed, Research Finds

Silviu STAHIE

March 29, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Wyze Cam Vulnerabilities Could Let Attackers Access the Live Feed, Research Finds

Bitdefender’s security researchers investigated all iterations of the Wyze Cam device and found three vulnerabilities that would have given attackers direct access to the cameras, including recordings stored on the SD card.

Smart cameras are always a sensitive subject because of their importance in a household. They are often used to monitor children, backyards and other areas, meaning they collect data that should never end up in the hands of attackers.

The Wyze Cam investigation revealed a series of vulnerabilities that could have been easily weaponized in the wrong hands. Typically, the window for responsible disclosure is 90 days, but Bitdefender contacted the vendor all the way back in March 2019. Publishing details on the vulnerability in the absence of a patch is problematic when it comes to smart cameras, so Bitdefender waited until the vendor fixed the issues.

First of all, security researchers managed to bypass the authentication process for remote connection and obtained almost total control.

“After authentication, we can fully control the device, including motion control (pan/tilt), disabling recording to SD, turning camera on/of, among others,” explained the researchers in the whitepaper. “We can’t view the live audio and video feed, though, because it is encrypted.”

The second vulnerability is a more standard stack buffer overflow, which would have given attackers access to the live feed combined with the remote authentication bypass.

Finally, the third vulnerability was more of an oversight because it allowed users to view the contents of the SD card via the webserver listening on port 80 without authentication.

“This is due to the fact that, after an SD card is inserted, a symlink to the card mount directory is automatically created in the www directory, which is served by the web server,” the researchers also explained.

The company issued patches to fix these issues, but three generations of cameras are affected. While versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and no longer receives security fixes. If you have one of these unsupported cameras, switching to a supported model is recommended.

Download the research paper here


tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read