An icon of a simplified CCTV camera
Advertisement

Eufy, a company that already has a bad security record, appears to be at it again. It’s not the only thing they’ve changed, as they are currently leaving their paying customers without a response or guidance on what to do. As it is currently Black Friday and Eufy has marked down several of their products, this is your warning to stay away.

Advertisement

What kicked this discussion off were a series of tweets by Information Security Consultant, Paul Moore, earlier this week. However, it was only yesterday, when they uploaded a video displaying the behaviour, that it started getting traction.

YouTube video

Table of Contents

What is Eufy doing wrong?

Eufy is a company that has long claimed that their customer’s privacy is at the heart of their operation. They state on their website that recorded footage is stored locally, with military-grade encryption, and is transmitted to only the customer.

If the video is to be believed, what Eufy is doing can’t be an accident or bug. Whenever Paul Moore’s Eufy doorbell captures footage, images of faces, with unique IDs, are uploaded to an AWS server, alongside the video’s thumbnail. What’s more is that the data is stored unencrypted and, in theory, accessible to anyone.

Advertisement

Just how bad is Eufy’s security track record?

Caused by what was described as a software bug by Eufy, a reported 712 Eufy customers had camera feeds exposed to strangers. It took Eufy two whole days to acknowledge the issue and issue a statement. During those two days, any Eufy user not active on Twitter would have no idea that their most private moments might have been streamed to a stranger’s phone.

In the same year, some users discovered that resetting a camera using the button located on it, would wipe any footage recorded by that same camera. Even if the footage was stored on a HomeBase, it would be wiped. Anyone with criminal intentions can simply reset your cameras, and you won’t have any previous footage that might help identify the person. According to Eufy, this is expected behaviour.

Advertisement

Earlier this year, Bitdefender researchers discovered many vulnerabilities in Eufy 2K Indoor Camera. Eufy claims to have addressed the issues that were presented to them before the report was made public.

Who is Eufy?

Not much is known about Eufy, apart from their brand motto being “Smart Home Simplified”. Eufy is a subbrand of Chinese company Anker Innovations, which is known for their batteries and docking stations.

Advertisement
Advertisement
Liam Alexander Colman, the author and maintainer of Home Assistant Guides.

About Liam Alexander Colman

Liam Alexander Colman has been using Home Assistant for various projects for quite some time. What started off with a Raspberry Pi quickly became three Raspberry Pis and eventually a full-blown server. I now use Unraid as my operating system, and Home Assistant happily runs in a Docker container. My personal setup includes many Zigbee devices as well as integrations with existing products such as my Android TV box. Read on to find out more on how I got started with Home Assistant.

Leave a comment

Advertisement
Share to...