Thursday, December 1, 2022

Eufy Cameras Uploading to Cloud Without Consent

Juli Clover:

Anker’s popular Eufy-branded security cameras appear to be sending some data to the cloud, even when cloud storage is disabled and local only storage settings are turned on.


According to Moore, he purchased a Eufy Doorbell Dual, which was meant to be a device that stored video recording on device. He found that Eufy is uploading thumbnail images of faces and user information to its cloud service when cloud functionality is not enabled.


There is also another issue that Moore has highlighted, suggesting Eufy camera streams can be watched live using an app like VLC, but little information on the exploit is available at this time. Moore said that unencrypted Eufy camera content can be accessed without authentication, which is alarming for Eufy users.


Several claims have been made against eufy Security over the last couple of weeks. We know the need for more straightforward and timely communications on these issues has frustrated many customers. However, we have been using the last few weeks to research these possible threats and gather all the facts before publicly addressing these claims.


Below we will attempt to better separate fact from fiction and provide more details on any changes we’ve made to our policies, processes, and security solutions.

Update (2023-02-01): Sean Hollister (via Aaron Pearce, MacRumors):

First, Anker told us it was impossible. Then, it covered its tracks. It repeatedly deflected while utterly ignoring our emails. So shortly before Christmas, we gave the company an ultimatum: if Anker wouldn’t answer why its supposedly always-encrypted Eufy cameras were producing unencrypted streams — among other questions — we would publish a story about the company’s lack of answers.

It worked.

In a series of emails to The Verge, Anker has finally admitted its Eufy security camerasare not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal, like the ones we accessed from across the United States using an ordinary media player.

Comments RSS · Twitter · Mastodon

Leave a Comment