Wyze Sense Is a Cheap Sensor Package for Your Home

Originally published at: https://tidbits.com/2019/07/05/wyze-sense-is-a-cheap-sensor-package-for-your-home/

The maker of Wyze Cam has introduced an add-on sensor package with contact and motion sensors for the low, low price of $20. Like the Wyze Cam, the Wyze Sense product cuts a few corners but still delivers for the price.

If you read more deeply, you’ll see that there are some scary aspects to this product that offset its price—e.g., that if you cut off its internet access it changes MAC address to get around a blacklist, it uses non-AWS servers outside the U.S., it asks for access to your browsing history and bookmarks, etc.

Security looks like a major issue.

  1. Wyze Cam’s security has received a thumbs up from the New York Times, Steve Gibson, and others.
  2. I don’t know why you’d try to block the Wyze Cam’s Internet access because you’d be cutting off most of its features.
  3. US servers don’t mean better privacy, and many companies advertise using servers in other countries as a selling point. Google will happily sell you a security camera that uses US servers, but does anyone think Google will protect your privacy?
  4. I’ve never had the Wyze Cam app ask for browsing history or bookmarks.

My advice for anyone worried about it (and I wouldn’t blame them) would be to use offline security cameras. Or you could wait for HomeKit Secure Video in iOS/iPadOS 13, but as I said in the article, you’ll pay for the privilege.

Josh, I’m basing this on reading some of the more knowledgeable Amazon reviews, which gave me pause.

  • It seems like a device that will spoof its own MAC address in order to get another IP address isn’t trustworthy, whatever the motivation for assigning a restricted IP address.
  • Similarly, Wyze Cam says the content is sent securely to AWS, but network traffic shows it going to other places as well.
  • The request for browser info may have changed—the comment was from 18 months ago.
    For what it’s worth…

I’ve researched this a bit myself and exchanged e-mails with Wyze, but haven’t received a final answer as to whether or not this is normal.

Here are the communication end points that have been observed so far:
iotcplatform.com?
(54.39.105.235) Canada

web-hosting.com?
(162.255.116.92) United States

agedbuddha.com?
(192.99.4.118 Canada

dns.google?
(8.8.4.4) United States

amazonaws.com?
Amazon Web Services (general, hosting) United States
wyzecam.com United States

amazonaws.com?
Amazon Web Services (general, hosting)
(34.208.133.153 and 1 other IP address) United States