Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
December 30, 2022 - TuxCare expert team
Eufy, an Anker security camera brand, has been under fire for quite some time due to security concerns about uploaded footage, which it recently admitted.
Eufy has received a lot of flak for marketing its security cameras as prioritizing “local storage” and “no clouds,” which is not the case. Security consultant Paul Moore unearthed two significant security vulnerabilities in Anker’s eufy home security cameras, particularly a doorbell model.
Moore proved that when the camera was set to not publish anything, it posted thumbnails obtained from the video feed to cloud storage. He also mentioned that the camera’s stream could be infiltrated by knowing the stream’s URL.
Moore even shared a video of the camera uploading and storing images of faces on the cloud. Moore had not yet created a Eufy Cloud Storage account when the camera performed this action. This means that standard video apps like VLC can view unencrypted video streams from Eufy’s camera. In other words, the camera users are being turned into reality TV stars without their knowledge.
All of this occurs despite Eufy’s assurances of maximum privacy and the absence of cloud computing and that all data is kept in secure local storage. When asked to confirm or deny the allegations, Anker, the maker of Eufy, flatly denied the existence of any security issues, and when asked about specific problems, they issued different statements.
One of such statements claimed that it was not possible to watch live footage from a camera, but users did so anyway. While Anker admitted in another post that footage from the doorbell is sent to the company’s servers, but only to ensure that the same notifications are delivered to the smartphone, after which the images are deleted.
In its most recent statement titled “Re: Recent security claims against eufy Security,” “eufy_official” writes to its “Security Cutomers and Partners.” Eufy is “taking a new approach to home security,” the company writes, designed to operate locally and “wherever possible” to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices—”Not the cloud.”
The sources for this piece include an article in Kaspersky.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...