For HomeFor BusinessFor Partners
IoT Research Whitepapers
1 min read

Vulnerabilities Identified in Wyze Cam IoT Device

Bitdefender

March 29, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Vulnerabilities Identified in Wyze Cam IoT Device

At Bitdefender, we care deeply about security, so we’ve been working with media partners and IoT devices manufacturers to identify vulnerabilities in the world’s best-selling connected devices. As a leading vendor of cybersecurity protection across endpoint and IoT devices, we have been assessing the security of smart-home equipment for more than half a decade. Our goal is to help vendors and customers stay on top of security and privacy blind spots and make the IoT ecosystem safer for everybody.

While looking into the Wyze Cam device, we identified several vulnerabilities that let an outside attacker access the camera feed or execute malicious code to further compromise the device.

Vulnerabilities at a glance

  • Authentication bypass (CVE-2019-9564)
  • Remote control execution flaw caused by a stack-based buffer overflow (CVE-2019-12266)
  • Unauthenticated access to contents of the SD card

Download the research paper here

Mitigation

Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices, or by moving them to the guest network if the router does not support the creation of additional SSIDs.

Additionally, IoT users can use the free Bitdefender Smart Home Scanner app to scan for connected devices, identify and highlight vulnerable ones. IoT device owners should also make sure that they check for newer firmware and update devices as soon as the vendor releases new versions.

To minimize risks of compromise, smart home users should consider the adoption of a network cybersecurity solution integrated into the router, such as the NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.

IMPORTANT: The analyzed device comes in several versions: Wyze Cam version 1, Wyze Cam Black version 2, as well as Wyze Cam version 3. We learned that, while versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and is no longer receiving security fixes. Customers who keep using Wyze Cam version 1 are no longer protected and risk having their devices exploited.

tags

IoT Research Whitepapers

Author

Bitdefender

Bitdefender

The meaning of Bitdefender’s mascot, the Dacian Draco, a symbol that depicts a mythical animal with a wolf’s head and a dragon’s body, is “to watch” and to “guard with a sharp eye.”

View all posts

Right now Top posts

EyeSpy - Iranian Spyware Delivered in VPN Installers
Anti-Malware Research Whitepapers

EyeSpy - Iranian Spyware Delivered in VPN Installers

January 11, 2023

2 min read
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Anti-Malware Research Free Tools

Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor

January 05, 2023

1 min read
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign
Anti-Malware Research Whitepapers

BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign

December 06, 2022

1 min read
Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild
Anti-Malware Research

Side-Loading OneDrive for profit – Cryptojacking campaign detected in the wild

October 05, 2022

1 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

App Anomaly Detection Technology From Bitdefender to Protect Against Yet-Unknown Threats
Miscellaneous

App Anomaly Detection Technology From Bitdefender to Protect Against Yet-Unknown Threats
Silviu STAHIE

May 11, 2023

3 min read
Bitdefender Releases Decryptor for MortalKombat Ransomware
Free Tools

Bitdefender Releases Decryptor for MortalKombat Ransomware
Bitdefender

February 28, 2023

1 min read
Weaponizing POCs – a Targeted Attack Using CVE-2022-47966
Anti-Malware Research

Weaponizing POCs – a Targeted Attack Using CVE-2022-47966
Victor VRABIE

February 23, 2023

5 min read

Bookmarks

loader