
The Red and The Black - Andrex
https://blog.12security.com/the-red-and-the-black/
======
a2tech
There is no information in this announcement--not even a teaser.

~~~
mikece
True... but I've wondered how Wyze was making money on their $20 cameras with
free cloud storage of events for 30 days. It's not exactly a _free_ product
but doesn't cost enough for what it does. I'm going to go unplug all of mine
right now.

~~~
davrosthedalek
...or, flash them with an alternative firmware.
[https://github.com/EliasKotlyar/Xiaomi-Dafang-
Hacks](https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks)

------
Andrex
Edit- I'm looking more into 12Security, and they seem sketchy too. But IPVM
seems to lend enough credit to take this seriously.

\---

Full information is available at the following two blog posts, with more to
come:

[https://blog.12security.com/wyze/](https://blog.12security.com/wyze/)

[https://blog.12security.com/wyze-
essay-2-aresflare/](https://blog.12security.com/wyze-essay-2-aresflare/) (many
technical details here)

It also seems like a WSJ journalist has been helping on this (since they were
compromised), so if this is real I'd expect an article soon.

------
jdashg
"I'm not blaming business leaders per se, as they are at the mercy of large
historical and economic forces that limit what can influence them and the
options open to them to choose"

I'm frustrated by the continued conflation of understandability and
excusability. A band robber's motives are understandable, but we don't excuse
them. However, while the systemic forces acting on business leaders make it
understandable when they make mistakes, but we must draw a sharp line between
understanding and excusing.

We can't credit leaders in good times, while also excusing them when systemic
failures corrupt them.

------
tehlike
There is a good reason many of us have been flashing it with dafang hacks from
[https://github.com/EliasKotlyar/Xiaomi-Dafang-
Hacks](https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks)

------
mrbonner
I wanted to purchase a few of the Wyze cameras for my house because of the
price ~$20 each. At first, I thought this price could be a loss-leader
strategy for more lucrative services (premium or longer cloud storage), kind
of like Ring but with much cheaper hardware. Alas, when I found out that the
cloud storage is free for 30 days I was skeptical. How would you make money
from this sale?

I'm not a paranoid person. I do have Ring doorbell, a P.O.S Samsung camera and
Alexa in my house. My rationale is that since those cameras are for outside of
my home, I wouldn't care about being spied upon. But if the Wyzes are used by
the CCP for surveillance foreign territories, this could spell a lot of
trouble. For example, a week prior to the Pearl Harbor event, the imperial
Japan phoned Japanese-American in Hawaii to ask about the weather, troop
movement, military vehicles movement. I can't imagine if those outside cameras
are used for the purpose, the intelligence gathered is paramount.

You could argue that since everybody is carrying a smartphone with camera
nowadays, it wouldn't take much effort to "spy" foreign territories simply by
checking social media uploaded. While it is true, would it be more devastating
if they can see every thing anytime/anywhere they want?

------
mkopinsky
The forum post at [https://forums.wyzecam.com/t/updated-12-29-19-data-
leak-12-2...](https://forums.wyzecam.com/t/updated-12-29-19-data-
leak-12-26-2019/79046) has all the details from the company's perspective. The
rest seems like scare-mongering to me.

------
yalogin
The intent of the post is not about security vulnerabilities but actual
espionage, it will be beneficial if the author simply presented the whole case
instead of providing a teaser like this. They could have purchased a catchy
URL, as is the standard practice nowadays, but it’s good to always come out
with the proper case. Ow with this teaser I cannot help but think that it’s
more of a PR move, unless proven otherwise.

~~~
Andrex
A lot of technical details are available here, and they seem staggering:
[https://blog.12security.com/wyze-
essay-2-aresflare/](https://blog.12security.com/wyze-essay-2-aresflare/)

------
headbansown
That's a shame because I always liked their terminals and keyboards. Oh, wait.

~~~
DonHopkins
Wyse was trying to get the Ann Arbor Ambassador fired.

~~~
headbansown
That is a beauty; can't believe I'd never seen/heard of it back in the day!

~~~
DonHopkins
The AAA was by far the best most luxurious terminal a programmer could have.
The Guru XL could display 66 lines of 170 characters, and came in either
portrait or landscape orientation!

[https://boingboing.net/2016/10/20/reviving-an-ann-arbor-
amba...](https://boingboing.net/2016/10/20/reviving-an-ann-arbor-
ambassad.html)

[https://books.google.nl/books?id=-tNb_j8ivU0C&pg=RA1-PA36&lp...](https://books.google.nl/books?id=-tNb_j8ivU0C&pg=RA1-PA36&lpg=RA1-PA36&dq=AAA+ann+arbor+ambassador&source=bl&ots=kwbSfO9Jx6&sig=ACfU3U2CT0-EUthZA0ol5kCM0Pls-f3eqg&hl=en&sa=X&ved=2ahUKEwiztZGz1d7mAhXCUlAKHbsiDaoQ6AEwBHoECAkQAQ#v=onepage&q=AAA%20ann%20arbor%20ambassador&f=false)

[http://www.bitsavers.org/pdf/datapro/alphanumeric_terminals/...](http://www.bitsavers.org/pdf/datapro/alphanumeric_terminals/Datapro_C25_Ann_Arbor.pdf)

------
BubRoss
This title was changed from something informative to something that says
nothing about the story at hand.

~~~
dang
The submitted title, "Wyze was committing espionage against American citizens
in the United States", wasn't informative. The actual information here is
merely that someone believes something and says they will release evidence
"over the next week".

See
[https://news.ycombinator.com/item?id=21919237](https://news.ycombinator.com/item?id=21919237).

------
tehlike
@dang although the title of the post is from the article itself, it is not
descriptive of what it is. I liked previous title more.

~~~
Andrex
Yup, this seems pretty likely to drop off the front page now. ¯\\_(ツ)_/¯

Which means HN users with Wyze devices will likely be in the dark about just
how bad this is (only taking the company's official word) until the WSJ
exposé.

~~~
blondin
well, with all the criticism we give them, journalists know how to come up
with great story titles, don't they? :)

