loader image

Do you have a Wyze Cam?  If you’re not sure what that is, it’s an internet camera that offers a low-cost solution to those who are interested in playing around with video and not willing to spend a ton of money on it.

Unfortunately, in this instance it’s a budget option with a bite and a significant drawback.  The camera has a bug in its firmware which allows for unauthenticated remote access to videos and images stored on the camera’s local memory cards.

Even worse, although this bug has never been assigned a CVE ID, it has been a known issue for more than three years.  Any remote user listening on port 80 can access the contents of the SD card in the camera.

The issue is that upon inserting an SD card into the WyzeCam, the camera automatically creates a symlink to it in the www directory which is served by the WyzeCam webserver without any access restrictions whatsoever.

So basically, if you have one of these be very careful about what images and videos you store on it because literally anyone who wants to can snoop around your camera and see what you’ve been taking videos and pictures of.

Worst of all is that most of the people who use this type of equipment tend to use a “set and forget” philosophy, so you may have purchased one of these months or even years ago and not given the matter another thought.

If that’s the case, it pays to do some housekeeping.  Review the contents of the SD card and possibly disconnect the camera. If that fails, relocate it and only turn it on when you’re sure you want to record something.

This is going to continue to be a problem with most of the equipment on the “Internet of Things” until we hold manufacturers to account.  Not only should this not be an issue at all, but it also shouldn’t have lingered for so long without being attended to.  That’s unfortunate.

FREE Report

The Portland Metro Area Guide to IT Support Services and Fees

What you should expect to pay for its support for your small business (and how to get exactly what you need without unnecessary extras, hidden fees, and bloated contracts)

Name(Required)
This field is for validation purposes and should be left unchanged.