Anker’s smart home company Eufy is under fire for its handling of customers’ camera data.
As reported by 9to5Google, a security research consultant by the name of Paul Moore uncovered a serious security vulnerability with the company’s security cameras. According to Moore, his “supposedly ‘private,’ ‘stored locally,’ ‘transmitted only to you’ doorbell is streaming to the cloud – without cloud storage enabled.”
You have some serious questions to answer @EufyOfficial Here is irrefutable proof that my supposedly “private”, “stored locally”, “transmitted only to you” doorbell is streaming to the cloud – without cloud storage enabled.#privacyhttps://t.co/u4iGgkWkJBNovember 23, 2022
In the video he posted to YouTube, he showed how, despite setting his camera to only store data locally for him to access, his feed was being streamed to Eufy’s cloud storage anyway — completely unencrypted. You can watch him point out the issue in the video below:
Things got even worse
As if that wasn’t bad enough, it appears that the technically minded can even access someone’s camera feed using VLC, a popular media player.
According to Moore, “you can remotely start a stream and watch cameras live using VLC. No authentication, no encryption.”
Ah well, the cats out the bag now… so may as well tell you.You can remotely start a stream and watch @EufyOfficial cameras live using VLC. No authentication, no encryption.Please don’t ask for a PoC – I can’t release this one.Heads up @TechLinkedYT @LinusTech https://t.co/sU3FyRaELXNovember 25, 2022
This is extremely concerning since, according to more testing that was done from outlets outside of Moore, the issue appears to be widespread with a number of the company’s security camera products proving to have the same problem.
While Eufy has not yet addressed the issue publicly, Moore says that he has been contacted by the company, saying that it has “removed the ‘background call’ which shows stored images, but not the underlying footage, and that the company has also encrypted other calls to cover its tracks.”
Eufy is a popular security camera brand and offers a range of security camera products, many of which are compatible with Apple’s HomeKit smart home system. I personally have a Eufy security camera in my apartment but, after today’s news, I may be looking for a new brand to protect my home and, just as importantly, my data.
.png "User-Agent Reduction on Android WebView")
Discussion about this post