Eufy not patching cameras, instead just warning users about cloud use

Posted:
in General Discussion
Eufy isn't patching out a potential security issue in the Eufy Security app, and is instead just telling users that their thumbnails will be uploaded to the cloud when they choose specific notification settings in the app.




In late November, a security researcher discovered that Anker's Eufy security cameras sent user images and information to the cloud without the owners' consent -- even if the user doesn't pay for a cloud subscription.

In response, Eufy has added a statement on their App Store listing and in the Eufy Security app that discloses when the cloud service will be involved when users choose a specific notification option.

The Eufy Security app has a few different options for notifications. For example, users can choose to have notifications display only text or to display text and a thumbnail image of the camera. If the user selects the thumbnail option, Eufy uploads the image to the cloud.

As noted by ZDnet, the issue isn't that Eufy was uploading images to the cloud, it was that it hadn't been informing users that it was doing so.

For those who own a Eufy security camera and don't want their data uploaded to the cloud, we encourage you to change your notification type within the Eufy Security app to Most Efficient, rather than Full Effect or Include Thumbnail.

The company still needs to address the issue that would allow Eufy camera streams to be watched live using an app like VLC. The streams are not encrypted and can be accessed without authentication.

This isn't Eufy's first security hiccup, either. In May of 2021, users of Eufy cameras discovered that cameras owned by other users were viewable in their app instead of what they were expecting to see from their own cameras, and settings could be changed by those granted bogus access.

Read on AppleInsider

Comments

  • Reply 1 of 6
    amar99amar99 Posts: 159member
    Can the word "security" plastered on the side of their product be considered false advertizing or false claims, when in fact their videos don't even have a basic level of encryption?... I don't get it.
    edited December 2022
  • Reply 2 of 6
    They lied.  Plain and simple.  Now they continue to do what they lied about, but justify it by saying they're no longer lying.

    Glad I didn't actually pull the trigger on that Eufy cam.
  • Reply 3 of 6
    OMG

    People need to grow up.

     So a Thumbnail, and text regarding the thumbnail to support a notification that the user had to request to receive, but the app didn’t tell them it was being sent on the net, even though that’s the only way they could get it?  That’s the main issue?

    Connecting with vlc on a local network is a security hole, you still need to connect to the local network in order to connect to the cameras, then you too can see when the Amazon driver drops off your packages. Needs to be fixed, but Apple and others have had worse.

    Nice to know, but click bait


    chadbaglolliverappleinsideruser
  • Reply 4 of 6
    podlasek said:
    OMG

    People need to grow up.

     So a Thumbnail, and text regarding the thumbnail to support a notification that the user had to request to receive, but the app didn’t tell them it was being sent on the net, even though that’s the only way they could get it?  That’s the main issue?

    Connecting with vlc on a local network is a security hole, you still need to connect to the local network in order to connect to the cameras, then you too can see when the Amazon driver drops off your packages. Needs to be fixed, but Apple and others have had worse.

    Nice to know, but click bait


    Wow! not sure where to begin! If you are comfortable with it please go ahead buy the camera for your house. Most of the rest of us would like to keep away.  Anker (owner of Eufy brand) is a good hardware company making stuff like chargers and docks. I've bought a lot of their stuff and am very happy with them. But apparently software and security are out of its league. I would be very careful buying intrusive stuff like security camera's from anything other than big name/established brands with a long track record.

  • Reply 5 of 6
    chadbagchadbag Posts: 1,821member
    If that is all this is about — uploading a notification thumbnail — then this is much ado about nothing (assuming they don’t store notifications once sent). 

    Yo be honest, if I were the dev for this app I’d probably have forgotten to disclose this too since if is not what most people think of when they hear “upload to the cloud”.  When you hear that you think they are saving the actual data in their system for some future use (or not — but saved).  An ephemeral upload to the notification server, which does store it any longer than it takes to send, is not what most people think of and not what I would have thought of either if I were the dev.  

    I hav eine Eufy camera installed watching my porch. I intend to eventually move it to the HomeKit secure video   I have several more to install once we move.  This news makes me feel better and using the HomeKit video should get around it for those really concerned. 

    I personally have no problem with the unencrypted video on my local internal network.  If I have network intruders I have more problems than someone being able to watch my porch. 
    lolliverappleinsideruser
  • Reply 6 of 6
    amar99amar99 Posts: 159member
    Who said the video was only unencrypted on your local internal network?...Remember the rest of the Internet, and how that works?
Sign In or Register to comment.