Eufy under fire for camera upload scandal

December 30, 2022 - TuxCare PR Team

Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted.

Eufy has received a lot of flak for marketing its security cameras as prioritizing “local storage” and “no clouds,” which is not the case. Security consultant Paul Moore unearthed two significant security vulnerabilities in Anker’s eufy home security cameras, particularly a doorbell model.

Moore proved that when the camera was set to not publish anything, it posted thumbnails obtained from the video feed to cloud storage. He also mentioned that the camera’s stream could be infiltrated by knowing the stream’s URL.

Moore even shared a video of the camera uploading and storing images of faces on the cloud. Moore had not yet created a Eufy Cloud Storage account when the camera performed this action. This means that standard video apps like VLC can view unencrypted video streams from Eufy’s camera. In other words, the camera users are being turned into reality TV stars without their knowledge.

All of this occurs despite Eufy’s assurances of maximum privacy and the absence of cloud computing and that all data is kept in secure local storage. When asked to confirm or deny the allegations, Anker, the maker of Eufy, flatly denied the existence of any security issues, and when asked about specific problems, they issued different statements.

One of such statements claimed that it was not possible to watch live footage from a camera, but users did so anyway. While Anker admitted in another post that footage from the doorbell is sent to the company’s servers, but only to ensure that the same notifications are delivered to the smartphone, after which the images are deleted.

In its most recent statement titled “Re: Recent security claims against eufy Security,” “eufy_official” writes to its “Security Cutomers and Partners.” Eufy is “taking a new approach to home security,” the company writes, designed to operate locally and “wherever possible” to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices—”Not the cloud.”

The sources for this piece include an article in Kaspersky.

Watch this news on our youtube channel: https://www.youtube.com/watch?v=ezJJRTugoc8

Summary