Sadly, it appears that there has been a number of vulnerabilities affecting the Wyze smart cam models. The kind that allows attackers to gain access to the cameras and view the video content within by accessing the SD card and installing remote execution code.
It does require the attacker to already have access to your network, either locally or remotely. So the vulnerabilities don’t leave the cameras open to just anyone. Regardless, it does create a weak point within your network’s security and it was hidden from users the entire time.
Wyze chose to hide the information from users stating it was safer to do so until a fix could be found. Although it didn’t seem to be much of a priority if these vulnerabilities continued to exist for so long. Meanwhile, Bitdefender, a well-known cybersecurity and antivirus company, published a piece covering the fact that it was able to discover these vulnerabilities within the devices (V1-V3).
Bitdefender recommends that users update the firmware of every model on their network in order to avoid any issues. Currently, only V2 and V3 models have available updates for this vulnerability. Sadly, V1 models have been left behind to suffer due to EOL (no longer supported by Wyze due to being discontinued). The company also recommends that users connect their IoT devices to a guest network to isolate them from other devices, further enhancing security.
