ClickCease Eufy under fire for camera upload scandal

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Eufy under fire for camera upload scandal

Obanla Opeyemi

December 30, 2022 - TuxCare expert team

Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted.

Eufy has received a lot of flak for marketing its security cameras as prioritizing “local storage” and “no clouds,” which is not the case. Security consultant Paul Moore unearthed two significant security vulnerabilities in Anker’s eufy home security cameras, particularly a doorbell model.

Moore proved that when the camera was set to not publish anything, it posted thumbnails obtained from the video feed to cloud storage. He also mentioned that the camera’s stream could be infiltrated by knowing the stream’s URL.

Moore even shared a video of the camera uploading and storing images of faces on the cloud. Moore had not yet created a Eufy Cloud Storage account when the camera performed this action. This means that standard video apps like VLC can view unencrypted video streams from Eufy’s camera. In other words, the camera users are being turned into reality TV stars without their knowledge.

All of this occurs despite Eufy’s assurances of maximum privacy and the absence of cloud computing and that all data is kept in secure local storage. When asked to confirm or deny the allegations, Anker, the maker of Eufy, flatly denied the existence of any security issues, and when asked about specific problems, they issued different statements.

One of such statements claimed that it was not possible to watch live footage from a camera, but users did so anyway. While Anker admitted in another post that footage from the doorbell is sent to the company’s servers, but only to ensure that the same notifications are delivered to the smartphone, after which the images are deleted.

In its most recent statement titled “Re: Recent security claims against eufy Security,” “eufy_official” writes to its “Security Cutomers and Partners.” Eufy is “taking a new approach to home security,” the company writes, designed to operate locally and “wherever possible” to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices—”Not the cloud.”

The sources for this piece include an article in Kaspersky.

Summary
Eufy under fire for camera upload scandal
Article Name
Eufy under fire for camera upload scandal
Description
Eufy, an Anker security camera brand, has been under fire due to security concerns about uploaded footage, which it recently admitted.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023