• Eufy caught lying about local-only security cameras with footage sent to cloud

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Eufy caught lying about local-only security cameras with footage sent to cloud

    Author
    Topic
    #2502264

    Eufy caught lying about local-only security cameras with footage sent to cloud, accessible in unencrypted streams

    …Anker’s Eufy brand claims to keep data local, but a security researcher has exposed that the claim is far from true, with footage not only going to the cloud, but remaining visible even after it was supposed to be deleted.

    Eufy sells several of its security cameras with the promise that video footage and other data are local only, explicitly saying “no one has access to your data but you” on its website.

    Paul Moore, a security researcher, posted on Twitter last week a frightening security situation with Eufy home security products including camera-equipped doorbells. In the thread and accompanying videos, Moore shows proof that Eufy cameras are sending data that is said to be “stored locally” to the cloud, even when cloud storage is disabled.

    The security hole was first discovered on Eufy’s Doorbell Dual camera which utilizes two cameras to view both people walking up to your door as well as your doorstep where packages may be left…

    https://twitter.com/Paul_Reviews/status/1595421705996042240

    Paul Moore
    @Paul_Reviews

    You have some serious questions to answer
    @EufyOfficial

    Here is irrefutable proof that my supposedly “private”, “stored locally”, “transmitted only to you” doorbell is streaming to the cloud – without cloud storage enabled.

    2 users thanked author for this post.
    Viewing 2 reply threads
    Author
    Replies
    • #2502351

      You find some of the most interesting stuff that anyone does. Thank you.

      3 users thanked author for this post.
    • #2510483

      Anker’s Eufy breaks its silence on security cam security

      After ignoring questions for weeks, Anker’s PR department forwarded us a statement from Eufy that admits but neither explains nor apologizes.

      Now, Anker is finally taking a stab at a public explanation, in a new blog post titled “To our eufy Security Customers and Partners.” Unfortunately, it contains no apology, and doesn’t begin to address why anyone would be able to view an unencrypted stream in VLC Media Player on the other side of the country, from a supposedly always-local, always-end-to-end-encrypted camera…

      What it does contain is a clear admission: “eufy Security ’s Live View Feature on its Web-Portal Feature Has a Security Flaw,” the company admits in bold letters…

      1 user thanked author for this post.
    • #2519957

      It just goes to show you that the only equipment you can trust is the equipment you build yourself, for yourself, and code yourself.  Which is a tall order for today’s individuals who aren’t educated in both hardware and software.

    Viewing 2 reply threads
    Reply To: Eufy caught lying about local-only security cameras with footage sent to cloud

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: