One of the most deterring concerns of a potential Wyze cam user (or any monitoring system user) is the security credibility of these systems. Are these hackproof?
Wyze Labs have made a substantial impact on the security cam world with their cost-effective monitoring systems that work wonders with a relatively user-friendly interface. Available from $35, Wyze products have redefined the very meaning of cost-effectiveness.
Much of the credit for its universal acclaim stems from the in-house AI detection protocols Wyze has made, which is indeed one of the best in the biz.
But when it comes to security flaws, like any other device that utilizes internet connectivity, there are noticeable causes for concern.
Wyze cameras can be hacked partly due to their exposure to the internet and partly due to unauthorized access to the cameras through the Wyze app. Remote hacks, data breaches, brute force attacks, credential stuffing, etc., are some of the hacks that could potentially harm a Wyze camera.
If your Wyze camera gets hacked, create a stronger password, enable two-factor authentication on the Wyze app, update the Wyze cam, change the SSID of the network and adopt advanced WiFi encryptions.
Here is a comprehensive account of most hacks and how to secure your Wyze cameras from them.
How Does a Wyze Cam Get Hacked?
Wyze Labs have the reputation of making reliable monitoring systems that house a unique feature - AI-detection trigger protocols - that automatically trigger an event once it recognizes any unusual activity in the cam's detection zone.
But the question of safety has become a cause for concern, especially when considering a relatively recent Wyze data breach in 2019. We will talk about this breach in the coming section of the article.
Coming to the privacy and security aspect of devices that rely on the internet for their day-to-day operations, there's always an acknowledged risk of potential breaches to the system.
Such breaches can either take root from a local, singular source or as a proponent of a much larger breach.
Higher encryption levels and broader cloud-based operations can limit the risk of an attack but still isn't hackproof by any means.
Attacks on monitoring systems are relatively common, and the types/modes of attack one may adopt are plenty. Some of the most commonly seen and used attacks are as follows.
Note: The following information is solely meant for educational purposes only, and we condemn any and all practical implementations of such devices.
If you have heard of any data leaks or privacy information breaches from big companies, chances are, they are all part of a data breach.
Hackers employ advanced DDOS attacks or other hacking contraptions to disrupt the operation of a server farm and acquire the confidential information stored in these servers.
Then they would demand a ransom for the data. Failure to comply will result in a mass dump of the data on a hacker forum or selling them on the dark web.
Some hackers do dump the acquired data without any prior signs of compromise.
Wyze has been part of one such data breach in 2019.
Even though the hackers did acquire a formidable amount of user data (emails, login credentials, other critical info), Wyze did confirm that the issue was under control.
As a precautionary measure, Wyze had reset the authentication tokens of the assumed affected users' accounts.
Since then, Wyze has moved its cloud operation to Amazon's AWS cloud services, which is indeed one of the better cloud services available right now.
Any such attacks have nothing to do with your particular Wyze camera but are aimed at the Company's credibility in general.
If there has been a breach of security with the servers, the Company will let you know of the said breach.
Recommended safety measures include resetting your account password and updating the Camera firmware.
Brute Force Attacks
Coming to a more down-to-earth, personal-level hacking method, the easiest way by which a hacker can gain access to your Wyze cam remotely is through a brute force attack.
For most remote hacking methods, the hacker has to gain access to the network to hack into your Wyze cam. They can gain access to your network either by knowing the network password or physically connecting to it.
That's where brute force attacks come into play. With a brute force attack, the hacker will have their hands on your network password. And sure enough, gain access to the Wyze cam.
But to make them work, the password has to be somewhat guessable. Hence, a simple password is more likely to get hit within an attack than a strong one.
Brute Force attack applications acquire the password by running a lot of password combinations on the network until it finds the right one.
The best way to avoid such attacks is to have a stronger password. Include uppercase letters, special characters, and numbers in your password to make it more hackproof.
Most of these software applications rely on dictionaries and other general pieces of literature to find the password.
Try including names or similar personal information in your passwords to make them stronger.
Similar to a brute force attack, credential stuffing attacks also rely on arbitrary trial and error methods to guess the password of your Wyze camera app.
But unlike a brute force attack, the hacker may already have laid his hands on your password.
How they got their hands on the password and how this particular password constitutes the login credentials for your Wyze camera makes up the founding principle of credential stuffing.
Most people rely on a secure unitary password as the default security solution for most app signups and whatnots.
And that's precisely the demographic such attacks are focused upon.
Once the hacker gets access to this password(probably from a data breach dump or from the dark web), they can sign in to your Wyze account and gain access to your Wyze cam.
The best way to avoid such a breach is to secure your logins with unique passwords. While a single, one-for-all password may seem much more convenient to remember, it may also open doors to such breach attacks.
Physically Accessing the Device
While installing your Wyze cam, you must have noticed how simple it is to do so, right? Well, so is the removal process, easy.
If you have your device installed on a tabletop or an office counter (for accessing the SD cards in case of continuous recording on your Wyze cam), the chances of accessing the hardware are much higher.
And once an intruder gets access to the hardware, it is relatively simple to gain access to the camera.
A hard reset will remove all known login credentials and let the intruder log in to your camera. Then, the intruder can access the live feed to your camera and poke a nose into your private life.
To avoid such intrusions, reinforce the camera with durable clamps and holders. Also, install the camera in a not-so-easily reachable location.
How to Secure Your Wyze Camera Against Hackers
Now that you know the many ways a hacker deploys to gain access to your Wyze Cam, let's look at some tips to stave off such attacks.
Password resets, Two-factor authentication, firmware updates, etc., can help steer the Wyze Cam from most attacks.
SSID resets, encryption standard resets, enabling network masks, etc., will help you secure your network from any malicious intruder.
Let's take a closer look at these methods and their implementation.
Reset Your Wyze and Network Password
Passwords are one of the most sought-after vantage points for breaking into your Wyze cam.
As I mentioned above, brute force attacks and credential stuffing attacks rely on the simplicity and the frequency of occurrence of your password for them to work.
If you suspect an intrusion, immediately reset your network and Wyze account password to a new, stronger one.
To change the password of your Wyze account, follow these exact steps.
1. In the Home tab, click and open the Account tab.
2. Navigate to the Security tab and tap open the Change Password option.
3. Enter your old and new passwords and confirm the changes.
Exit the menu and restart the app.
To change the password of your home network, follow these steps on your PC.
1. Connect your Router/Modem to your PC using an Ethernet or a USB cable.
2. Then, open a browser on the PC. Enter the IP address of the router/modem onto the search bar. (Refer to the bottom of the router/modem for the IP address)
3. Enter the login credentials and enter the router portal. (Login credentials also can be found on the nether half of the router/modem)
4. Search and find the Password Reset/Change option. Probably found under the Security/Profile/Setup sections of the portal.
5. Enter the passwords and save the changes.
Exit the portal and restart the Router/Modem. You will now have to re-login to the network by entering the new password.
A strong password can determine your device's proneness to an attack.
Upper case letters, numbers, special characters, and longer character lengths (>8 characters) constitute a strong password.
Albeit, the contrary should be said in the case of internet issues like error code 42 on Wyze cams. In such cases, opt for a simpler, convenient password with lesser characters.
Enable Two-Factor Authentication on Wyze App
A strong password can secure your account and network from most organized attacks. But a password alone may not be able to fend off a more focused, concentrated attack like a brute force attack.
And so, Wyze has enabled an additional layer of authentication protocol for securing your personal info.
With two-factor authentication enabled, one has to clear an additional security authentication layer other than the password to access the account.
Here's how Two-Factor Authentication works:
Once you enter the password for the account, the app will send a secret code to the registered phone number. Enter the code to access the Wyze account.
Follow these steps to enable two-factor authentication on your Wyze cams.
1. In the app, tap and open the Account tab.
2. Under the Security option, select Two-Factor Authentication.
3. Select Verification by SMS.
4. Enter the phone number you wish to receive the authentication code.
5. Click on the Verify Phone number option.
6. When you receive the code, enter the said code onto the Enter Code screen on the Wyze app.
7. Click on Next.
8. Now, you can either enter a backup number or tap on the Skip for later option to complete the process.
You have now successfully enabled two-factor authentication on your Wyze app.
You could also use an authenticator app, like Google Authenticator, to enable Two-Factor authentication on your Wyze app.
Select the 'Verification by Authentication app' option under the Two-Factor Authentication tab to do so.
Update your Wyze Cam
Wyze developers are always on the lookout for system vulnerabilities and security compromises that could eventually lead to a hack attack.
They scour the codes, run organized tests on various Wyze devices, listen to concerned customer issues, and put into works remedies for such abnormalities.
In due course, Wyze puts out updates or patches that address consumer suggestions and other known issues with the cams regularly.
Wyze also comes out with security updates frequently to keep your device secure against all the more threatening issues popping up on a daily basis in the digital world, a.k.a viruses.
To update your Wyze cam, follow these steps on the Wyze app.
1. On the Home tab, tap on the Account icon.
2. In the device list tab, locate your Wyze cam and look for an 'Update' option next to the name of your Wyze cam.
If you can't find any such options, you may have your Wyze cam running on the latest firmware version.
Exit the app after installing the updates.
While in the process of updating your Wyze Cam, you could also check and flash your Wyze cam with the RTSP protocols. RTSP enables much smoother and more efficient management of captured footage and events.
Change the SSID of the Network
Once you receive alerts about an unauthorized login attempt or when you notice unusual amounts of data flow in your network, better rename your network to avoid any further attempts to hijack the network.
Once you change the SSID, hackers will have a hard time finding the network to which the Wyze cam is connected.
To change the SSID of your network, follow these steps after connecting the router to your PC.
1. Once you log into your portal account, look for the wireless/ WiFi SSID option. Sometimes can be found under Wireless Setup or within the Settings option.
2. Locate and click on the WiFi name or SSID option.
3. Change the name to a new one and save your changes.
Exit the portal and refresh the router/portal. Check on your mobile if the WiFi name has changed or not.
If you have enabled dual-band support on your Router/Modem, make sure to use different SSID names for the two bands.
Switch to a Higher Encryption Level for the Network
Even if you've got a pretty strong password chiseled by including all the necessary inclusions, weak network encryption can render your efforts worthless.
Even though you won't have to change the encryption level for a home network, under extraordinary circumstances, even the safest of measures can seem underwhelming.
Generally, WPA or the prevenient WEP encryption standard dominates the household market. WPA 2 is a much more advanced encryption standard that can offer a hardy challenge to a potential intruder.
Switching to a higher encryption standard can make the hacking part of the hijacking a bit more tedious, hopefully unnerving, too.
To change the encryption standard on your network, follow these instructions on the PC after connecting the Router/Modem to it.
1. In the portal, locate and find the WiFi/wireless setting option.
2. Then, look for the security/WiFi setup option. You can find the encryption setting option next to the password tile.
3. Change the encryption level from WPA/WEP to WPA 2.
4. You could also change the password while you're at it. Save the changes and exit the portal.
Refresh the router/modem and reconnect your devices to the network.
Other great ways to avoid hack attacks include:
- Use a VPN.
- Enable Network masks like IP masking softwares.
- Set up a Mac address filter.
- Turn OFF network sharing and Guest mode on your network.
And there you have it, a comprehensive account of the most common hack attacks and methods to avoid any such attacks.
Even if a data breach has nothing to do with your personal Wyze cam, the Company will notify you of any such incident and advise you to follow their recommended post-attack protocols.
When in doubt of a plausible intrusion, contact Wyze support for further assistance.
Frequently Asked Questions(FAQs)
Can someone else connect to my WYZE camera?
Yes, you can allow others like your family members or other authorized personnel to connect to your Wyze app. Once you register yourself as the admin, you can invite others through the Wyze app. Authorized users can access the live streams, access event recordings, control notifications, and alter the camera configuration.
Are Wyze cameras Safe?
Wyze employs advanced 120-bit AES encryption for accessing the camera and storing recordings. In other words, Wyze cameras are pretty tough and safe.
Is Wyze Cam always recording?
On its default settings, Wyze cams do not record continuously. However, if you enable continuous recording from the Wyze app after installing a microSD card on your camera, you can continuously record on your Wyze cam.