What counts as “remote access”? Another device authenticated to Wi-Fi? Another device anywhere on the internet, with knowledge of the device ID? Another device anywhere on the internet with knowledge of email address?
These are vastly different criticality levels.
All the talk of IOCtl and assembly/bytes in the in the ButDefender report implies “another device on the Wi-Fi”, but I know wyze cams can be viewed over-the-Internet, ostensibly proxied via Wyze’s own servers, so maybe not?
I really wish the open source community would work on an open firmware that supports these webcams. Security is one thing, Wyze recently start pushing the WyzeBeta iOS app, which seems to pivot users towards subscription for basic functions like viewing motion alerts. That’s kind of alerting too.
So in practice, to exploit this someone would have needed to have been connected to the same local network at some point in time.
Yes, it’s still a vulnerability and Wyze should have actually responded in a reasonable period of time, but this really doesn’t seem like something to lose sleep over.
Readit News
These are vastly different criticality levels.
All the talk of IOCtl and assembly/bytes in the in the ButDefender report implies “another device on the Wi-Fi”, but I know wyze cams can be viewed over-the-Internet, ostensibly proxied via Wyze’s own servers, so maybe not?
Yes, it’s still a vulnerability and Wyze should have actually responded in a reasonable period of time, but this really doesn’t seem like something to lose sleep over.
V3 has amazing night vision though so this whole thing sucks.