If you’re using Wyze Cam v3 cameras to protect your home or business, you’ll want to update these right away. As reported by Bleeping Computer, a vulnerability was discovered that will allow a hacker to take complete remote control of the camera, viewing live and recorded video. If exploited, this would also provide a hacker the ability to scan the entire network for vulnerable computers and access them as well.
Wyze is well known for its inexpensive surveillance cameras and more recently, its security system and services. At this point it is not known whether any of their other devices are vulnerable to this same remote code execution (RCE) vulnerability. I would suspect their Wyze Cam Pan v3, a similar camera with panning capability, could share at least some of the stationary camera’s code. But that’s just my speculation. Regardless, Wyze has a reputation for ignoring known security flaws.
Are other manufacturers’ cameras vulnerable?
At this time this particular vulnerability is isolated to the Wyze Cam v3 camera. As I said earlier, it’s possible their other cameras could have similar vulnerabilities. It has not been reported and is not know whether other manufacturers share any of the vulnerable firmware code. However, it is prudent to assume that all smart home automation IoT devices have some form of security vulnerabilities, whether they’ve been discovered yet or not. I discussed this in my previous two-part post, Internet of Thieves.
What You Can Do
The Wyze app gives you the ability to check for firmware updates. I suggest you do this now and frequently. But again, they may not respond quickly to known security vulnerabilities so patches may not be available right away. If you do need to use these cameras, at a minimum protect the rest of your network. Part 2 of Internet of Thieves describes how to protect your network from compromised IoT devices. That’s a good start. If you’re using these cameras in your business, make sure your IT people put these on their own segmented network.