Eufy, a company with a dubious security history, seems to be causing alarm yet again. Amidst Black Friday sales and discounted products, customers are left without clear guidance or response from the company. Information Security Consultant Paul Moore ignited the conversation with a series of tweets and a video demonstrating Eufy's concerning behaviour.
Eufy's unsettling actions
According to the video shared by Paul Moore, Eufy's doorbell appears to upload images of faces, each with a unique ID, to an AWS server, along with the video's thumbnail. The data is stored unencrypted and potentially accessible to anyone. This cannot be dismissed as a mere accident or bug.
Eufy's troubled security past
Eufy's security track record isn't exactly stellar. A software bug reportedly exposed the camera feeds of 712 customers to strangers. It took Eufy two days to acknowledge the problem and issue a statement, leaving many users in the dark about their privacy being violated.
Additionally, some users found that resetting a camera using its button would erase all footage recorded by the device, even if stored on a HomeBase. Eufy confirmed that this is expected behaviour, which raises concerns about potential criminal exploitation.
Earlier this year, Bitdefender researchers uncovered multiple vulnerabilities in Eufy's 2K Indoor Camera. The company claims to have addressed the issues before the report was made public.
A brief look at Eufy
Eufy, operating under the motto “Smart Home Simplified”, is a subbrand of Chinese company Anker Innovations, known for their batteries and docking stations. With such questionable data practices and security issues, potential customers should proceed with caution when considering Eufy's products.