Eufy, the company behind a range of affordable security cameras I have suggested before on the expensive stuff, it’s in a bit of hot water right now for security practices. The Anker-owned company claims its products are one of the few security devices that allow for locally stored media and don’t require a cloud account to function effectively. But on a turkey-eating holiday, a noted security researcher across the pond discovered A security hole in Eufy’s mobile app that threatens the entire building.
Paul Moore issue a screenshot tweeted🇧🇷 Moore purchased the Eufy Doorbell Dual Camera for the promise of a local storage option, only to discover that the doorbell’s cameras store thumbnails of faces and identifiable user data in the cloud, despite Moore not having a Eufy Cloud Storage account. .
After Moore tweeted the findings, another user It found that the data uploaded to Eufy was not even encrypted. Any downloaded clips can be easily played back on any desktop media player Moore later demonstrated🇧🇷 In addition: thumbnails and clips are linked to their partner cameras, offering additional identifiable information for any digital snoopers sniffing around.
AndroidCentral Was able to reproduce the issue on my own with EufyCam 3. Eufy was then contacted, and she explained to the site why this problem was increasing. If you choose to extract a motion notification with an attached sketch, Eufy temporarily uploads that file to the AWS servers for sending. Moore had enabled the option manually, which is how the security flaw was discovered. By default, the Eufy app’s camera notifications are text-only and don’t have the same problem because there’s nothing to download.
Although Eufy says its practices comply with Apple’s Push Notification Service terms of use and Google’s Firebase Cloud Message standards, it has since addressed some of the issues identified by Moore. The company told Android Central that it will do the following to inform its users about how data is stored:
1. We are revising the push notifications option language in eufy Security to clearly detail that push notifications with thumbnails require preview images to be temporarily stored in the cloud.
2. We will be clearer about using the cloud for push notifications in our consumer-facing marketing materials.
Unfortunately, this is not the first time Eufy has had a security issue with its cameras. last year, the company faced similar reports of “unwarranted access” to random camera feeds, though the company quickly fixed the problem after it was discovered. Eufy is no stranger to fixing things.
