I have claimed in previous posts that Wyze is simply one tentacle of a large international organization. This organization seeks to control most of the world’s camera devices and IOT platforms for surveillance. It is akin to something described recently as the "Video Surveillance Industrial Complex".
A majority of the Justice Department’s indictments for economic espionage have involved cameras or camera technology. For instance, Martin Shih in 2004, Philip Cheng in 2005, Donald Skull in 2006, Charles Yu-Hsu Lee in 2008, and Jason Jian Liang in 2010.
This company I am now disclosing also has a breach that is several times larger than Wyze. They are as heavily recommended and sell in the same volume if not more on Amazon as well.
The organization referred to above is all directed by the Chinese Ministry of State Security in Beijing via the multinational smart phone company Xiaomi, who is something like the new Huawei darling of the government. This has been covered in previous posts, but essentially the Chinese government has learned not to endlessly promote one monolithic company and thus draw the ire of foreign governments. Now the strategy is to disguise their large national champion company under hundreds of smaller companies that make attribution excruciating to do.
Xiaomi, at the direction of the MSS, has done most of the core engineering work for building out their Smart Home IOT platform, and then delegates the production and several other tasks to groups in each province around the country. These groups, the “[ProvinceName] State Security Bureaus”, are something like the equivalent to the largest FBI office in each state in the US.
These Bureaus then further delegate to several local front companies within their region. They provide guidance, protection, and often massive injections of capital. Lastly, these local front companies will in turn further delegate to several companies abroad who engage in the sales, marketing, promotion, and PR of the devices. These devices include electronics such as routers, cameras, and IOT products.
So to summarize we have 4 levels or so of command:
- National Intelligence Agency (Ministry of State Security)
- Provincial Intelligence Agency (Tianjin State Security Bureau)
- Provincial Company (Tianjian Hualai Technology Co Ltd)
- Overseas Company (Wyze)
There are many historical and cultural reasons for this structure in China, but one of them is as a form of Asian Federalism, to prevent any one center of power from growing too strong and challenging the CCP’s authority. Additionally, the competition between each province can, in theory, be used to form a pseudo-competitive market system.
The backend infrastructure of Yi Technology has been exposed openly on the internet. Their Elasticsearch cluster, along with multiple MySQL instances, held detailed distributed tracing information, verbose server logs, and most significantly the tokens to access customer video streams. This was because it was left without a firewall on and also without a password requirement once you connected.
Additionally the Apache Skywalking instance, also left open and passwordless, provided a wealth of backend infrastructure information. The screenshot of the “topology” dashboard gives a very sharp looking view of it all:
And in more detail here:
Here we can see something known as “Distributed Tracing”. These are network logs that flow between ephemeral microservices and help us get a very granular level view of performance bottlenecks.
Here we can see the various MySQL database servers that are part of this infrastructure. If you look closely above at the topology picture you will also see a Redis caching database. In-memory caching servers like Redis or Memcached are often very poorly secured and a very easy/rewarding target.
Finally here you can see a small screenshot of a part of a dashboard that shows there are a total of 10 microservices in this infrastructure, 225 endpoints (think like urls or hostnames), 4 relational database servers, 2 caching in-memory servers, and finally 1 RabbitMQ cluster to buffer the incoming requests.
Consul by Hashicorp:
Consul is part of the Hashi “Stack” that includes Terraform, Vagrant, and Packer. It primarily is used as a service discovery service. It can set many rules on who and what can access each individual service. In the screenshots below, we can see from top to bottom:
- The various services running in the cluster. Notice that nearly every service is labeled “secure=false”.
- The initial configuration information sent to each service. Pictured is a screenshot of the database configuration
- We also have write access surprisingly to this information. Lastly pictured is a screenshot that shows editing and deleting privileges.
Yi Camera is a front for the Chinese Ministry of State Security. Full stop. It is part of a distributed network of foreign camera companies and IOT makers that form the “Xiaomi Ecological Toolchain”. Yi Cameras send all customer data to Xiaomi as I have previously claimed with Wyze. Most of this data is sent back immediately and directly to mainland China. Occasionally it flows first through US Alibaba servers. I have also briefly claimed that Wyze was sending data to Alibaba. Too the extreme aggravation of his lawyers at PerkinsCoie, he said this on the record, several times, and before he forgot to change Wyze DNS records. A couple of later posts will hinge on these records.
There have been rumors online about this network for years. If you look you will find them easily.
Xiaomi Ecological Toolchain:
Again if you look on Google, you can find hints to claims we make in this blog have been queried by others for long enough that Google search algorithms have noted.
From the below screenshot we can see that:
- People question who Xiaomi is owned by
- Want to know the sub-brands of Xiaomi
- Ask if it is banned
- Ask if it can be trusted
Why might they do this? Well first some kind of "toolchain" exists as we can see below. Xiaomi itself acknowledges this fact:
The purpose of all of this has to do with the Cloud Hopper attack on Western data centers, and we will cover this in the next post.