Here at Wyze, we take your security and privacy to heart, and want to make sure you feel comfortable using our products. To that end, we've taken great measures to ensure your data is safe as it gets transferred from the Wyze Cam to your Wyze app.
We take our customers’ data safety very seriously. The communication requests between your mobile device, your Wyze product, and the AWS Cloud Server are made via https (Transport Layer Security (TLS)) for alert videos. We use symmetric and asymmetric encryption, consistent hashing, and other ways to make sure users’ information cannot be stolen. Each camera has its own secret key and certificate so that we can validate its identity during handshake. The contents are encrypted via AES 128-bit encryption to protect the security of the live stream and playback data. During the connection process, every device in the process has its own secret key and certification, so that we can validate their identity during handshake. Even if a hacker intercepts the data package, the data cannot be decrypted.
Because our products don’t provide any access point functionality, they can only be affected as a WPA2 client, which is a minor risk. So far we haven’t updated our firmware to mitigate the KRACK issue. Our engineers are working on updating the stacks and we will update the firmware once we complete the effort.