If you own a connected security camera, then you’re right to be concerned about where footage of you is being sent. Recently, Anker’s sub-brand Eufy has come under fire from the community for surreptitiously uploading footage of people to servers and keeping the footage unencrypted. Well, Eufy gave a response, but it didn’t do much to reassure us.
Let’s catch you up
During Thanksgiving, an Infosec consultant named Paul Moore posted a couple of tweets revealing some horrifying facts about what Eufy is doing with pictures of its users. Moore was able to find pictures of him and his home uploaded to Eufy’s servers. This could be easily accessed and viewed. He showed the process by which he was able to access the data, and it was pretty easy to do so (albeit using his account).
What makes the situation worse is the fact that Eufy claims to never upload your data to the cloud, and keep it encrypted with top-of-the-line military-grade encryption. So, if you use a Eufy device, then pictures and footage of you and your family are most likely uploaded to the cloud and easily accessible.
Eufy gave a response to this controversy, but it wasn’t really much
Just today, Eufy gave a short response about the current issue. We all expected the typical apology wrapped up in gobs of PR speak. However, Eufy actually stuck to its guns and spoke out against the accusers. Not only did Paul Moore uncover some bad facts about Eufy, but a hacker by the name of Wasabi also did.
“We adamantly disagree with the accusations levied against the company concerning the security of our products. However, we understand that the recent events may have caused concern for some users.” Honestly, anyone would understand the reason for concern; these accusations and the alleged proof gathered so far are pretty scary.
The statement then goes on to say that Eufy tests and reviews its devices and that it complies with all of the appropriate regulations and guidelines. However, these are just words.
There may be some good news
According to a report from The Verge, a few Verge employees were able to access footage from their cameras online and play the footage on the VLC media player. That’s an open-source and very accessible media player. However, in an update posted yesterday, the report says that they were not able to access the footage after the initial accusations.
This points to Eufy possibly making changes to how it handles the footage. At this point, it’s hard to tell. All we know is that, at this point, we’re still in the dark on a couple of details.
The fact that Eufy did not issue an apology means that the company wants to stick with its guns and say that it does not allow footage and photos to be accessible.
Because of that, we cannot confirm nor deny if these accusations are true. At this point, we will need more updates to say for sure. As always, you want to take this information with a grain of salt.
2022-12-03 15:08:02