WyzeCam… a great IoT device… but…

I bought four of these little video cameras since they were only $20 a piece. I have to admit I didn’t expect much but for $20, these are excellent cameras.

You can do continuous recording to an SD card and you can also do live streaming to your mobile app. It has the usual features like motion detection, night vision, HD image, etc.

The company continues to send out updates improving the camera and it’s features.

But…

As I do with all of my IoT devices, I like to review who these devices might be talking to. As many IoT devices are manufactured in China, it’s not unusual to see them communicating back to some server there.

It’s already been noted on Reddit that these cameras were communicating back to China as part of the streaming video service feature.

It looks like they may have paired back some of the communication with servers in China, however I’m still seeing calls out to various IP addresses in China.

It also appears that calls goes out to three different servers periodically from the cameras; port 10240 over UDP.

log_type=Firewalllog_component=Firewall Rulelog_subtype=Deniedstatus=Denypriority=Information duration=0 fw_rule_id=9 policy_type=1 user_name=“” user_gp=“” iap=2 ips_policy_id=0 appfilter_policy_id=0 application=“” application_risk=0 application_technology=“” application_category=“” in_interface=Port3out_interface=Port5src_mac=94:51:3d:13:9a:35 src_ip=192.168.xxx.31 src_country_code= dst_ip=120.24.59.150 dst_country_code= protocol=UDPsrc_port=56159 dst_port=10240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=“” srczone=“” dstzonetype=“” dstzone=“” dir_disp=“” connid=“” vconnid=“” hb_health=No Heartbeatmessage=“” appresolvedby=Signature”

 

log_type=Firewalllog_component=Firewall Rulelog_subtype=Deniedstatus=Denypriority=Information duration=0 fw_rule_id=9 policy_type=1 user_name=“” user_gp=“” iap=2 ips_policy_id=0 appfilter_policy_id=0 application=“” application_risk=0 application_technology=“” application_category=“” in_interface=Port3out_interface=Port5src_mac=94:51:3d:13:9a:35 src_ip=192.168.xxx.31 src_country_code= dst_ip=61.188.37.216 dst_country_code= protocol=UDPsrc_port=56159 dst_port=10240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=“” srczone=“” dstzonetype=“” dstzone=“” dir_disp=“” connid=“” vconnid=“” hb_health=No Heartbeatmessage=“” appresolvedby=Signature”

 

log_type=Firewalllog_component=Firewall Rulelog_subtype=Deniedstatus=Denypriority=Information duration=0 fw_rule_id=9 policy_type=1 user_name=“” user_gp=“” iap=2 ips_policy_id=0 appfilter_policy_id=0 application=“” application_risk=0 application_technology=“” application_category=“” in_interface=Port3out_interface=Port5src_mac=94:51:3d:13:9a:35 src_ip=192.168.xxx.31 src_country_code= dst_ip=114.215.137.159 dst_country_code= protocol=UDPsrc_port=56159 dst_port=10240 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype=“” srczone=“” dstzonetype=“” dstzone=“” dir_disp=“” connid=“” vconnid=“” hb_health=No Heartbeatmessage=“” appresolvedby=Signature”

The WyzeCam mobile app is also making calls out to two of the same servers listed above; 120.24.59.150 and 114.215.137.159 to port 10240 over UDP.

This isn’t to say any of this traffic is malicious, however I still don’t want my devices transmitting data to China.

Unfortunately this is one of the many issues with IoT devices; manufactured in who knows where with multiple sources of software installed and chatting with random servers all over the internet.

It justifiably makes people nervous when products aren’t specific about what the device does on the backend when it pertains to communications over the internet.  Especially when that product is monitoring your home.

2-9-2018 Update

After some additional rooting around on the device, I discovered a couple of open ports on the device; 80 and 10002.

The device makes the Boa Webserver available on port 80 for some unknown reason. The Boa Webserver (version 0.94.13) is intended for embedded Linux devices and the last update was in 2005.

Again, we have an issue we commonly see in IoT devices and that is the use of ancient and unsupported software components.

The web server is running on the device but appears to serve no purpose. So why is it there?

Another tidbit of information that can be gleaned from the wireless adapter is the card was manufactured by iSmart Alarm, Inc. Interestingly, iSmart also sells what appears to be an identical camera for $100 a piece rather than the $20 a piece WyzeCam goes for.

The cameras are stated as “Out of Stock” on the iSmart site and one can wonder if maybe Wyzecam is actually selling these cameras because they didn’t sell especially well at the $100 price point. Curious.

And I still need to capture a firmware update to see if that reveals anything interesting.

2-19-2018 Update

I was able to perform a packet capture during an update for one of my cameras however the download was performed over TLS which is actually good news.

And it pulled the update from Amazon servers in the US which is aligned with what the company stated on Twitter back on January 30.

We’ll have to see if there is another way of getting at the device firmware.

As a side note, a V2 version of the camera is out and I’ve ordered one to give it a look. By the way I love these devices and recommend them. Like anything else that’s IoT, use it with caution and put it on a segregated network if possible.

blog comments powered by Disqus