Wyze IP Camera Reverse Engineering
Nashad Mohamed
College of Computing
Georgia Institute of Technology
Atlanta, Georgia, United States
Mahta Tavafoghi
College of Computing
Georgia Institute of Technology
Atlanta, Georgia, United States
Abstract—This paper details the the current research found by
the Wyze Camera team in the Embedded Systems Cybersecurity
VIP. The team is focused on the sensor firmware of the Wyze
camera. Our objective is to understand the program and search
for vulnerabilities by reverse engineering the main program
binary files of the Wyze camera. This team aims to study the
Over the Air (OTA) protocol of the Wyze camera which will
lay the foundation for a RF fuzzing test bed which is the
technique in which malformed,invalid, or unexpected data is
fed into computer programs. Monitoring the program’s output
while fuzzing helps find crashes, memory leaks, and other issues,
which would present a way to discover security flaws in the Wyze
Camera.
I. BACKGROUND
An embedded system is a combination of hardware and
software that has been built to solve a few very specific prob-
lems[5]. Examples include automobiles, security and surveil-
lance systems, smart home devices, home appliances, elevator
controls, etc. They frequently have wireless capabilities[6].
Embedded systems can be designed to utilize an integrated
circuit (IC) or and operating system (OS). A system that
uses an IC is designed to operate on a specific hardware
platform[7]. Some embedded systems like Wyze IP Camera
run an operating system. The Wyze Camera V2 is an Internet
of Things (IoT) Device. It allows for wireless connection to
multiple devices, such as cameras, motion sensors, and contact
sensors, that together provide the user with surveillance over
many locations. When placed on a door or a window, contact
sensors tell users if the object they are placed on is open or
closed. Motion sensors add to detection capabilities and when
triggered, can even serve as precursor events to some- thing
coming into the camera’s view The ”Wyze - Make your Home
Smarter” mobile application provides real-time status updates
for the locations under surveillance by these devices.
With an increase in the use of wireless cameras the need for
enhanced security has also increased. In addition to widespread
use, risk is another component that drives security needs. Com-
panies need to perform security risk assessments to protect the
company from any future risks. The goal of the company is to
pinpoint any possible security breaches before the product is
used by the public. The risk assessment should review and
test systems and people for any vulnerabilities. There are
4 simple steps that are often utilized when implementing a
successful security risk management model. Firstly, identify all
sensitive data that is created, stored, or transmitted. Secondly,
an assessment should be preformed to pinpoint any security
risks. Thirdly, a mitigation approach needs to be found to
reduce the security risks. Lastly, a prevention method needs
to be implemented in order to protect data from threats and
vulnerabilities [11]. Many companies that produce IoT devices
have failed to prioritize security testing of these products,
leading to problems after production has already occurred.
In 2019, Wyze had a breach of data, leaving the personal
information of 2.4 million people exposed. It was reported
that from December 4th to December 27th, customers’ camera
information, email addresses, and Wi-Fi network details were
leaked [1]. The breach was detected by Twelve Security,
a consulting firm focused on protecting information, who
reported this as the most serious breach that they had seen
so far. For over three years, the Wyze camera has had security
flaws and vulnerabilities that have not been addressed by the
company such as the user name and email of those who
purchased and connected the camera to their home, emails
of any user a customer shared camera access with, and a
list of all cameras and nicknames for each camera [8]. This
allowed hackers to access stored video data and personal
information. Although Wyze has made some efforts to secure
devices, they have failed to make it a priority by discontinuing
their original WyzeCam without a proper explanation [9], but
vulnerabilities still exist in their products. These vulnerabilities
include, authentication bypass, remote control execution flaw
caused by a stack-based buffer overflow, and unauthenticated
access to contents of the SD card [10].
The ultimate goal of the team is to reverse engineer the Over
the Air (OTA) protocol in the Wyze camera, which will allow
the construction of a fuzzing test bed. Fuzzing is a software
testing method that reveals any software vulnerabilities or
defects by feeding invalid, malformed, or unexpected values
into a system [12]. Through over-the-air (OTA) packets, the
camera and dongle can communicate with each other. After
reviewing the OTA protocol, we can see the communication
channels and logs that reveal details about the metadata of the
camera, sensors, and other associated Wyze system devices.