Eufy cameras caught sending local footage to cloud #Eufy #cameras #caught #sending #local #footage #cloud. Here is what we have for you today on TmZ Blog.
Home security cameras have gotten a lot better in recent years, but the security of your footage has always been a concern. Anker’s Eufy brand claims to keep data local, but a security researcher has exposed that the claim is far from true, with footage not only going to the cloud, but remaining visible even after it was supposed to be deleted.
Paul Moore, a security researcher, posted on Twitter last week a frightening security situation with Eufy home security products including camera-equipped doorbells. In the thread and accompanying videos, Moore shows proof that Eufy cameras are sending data that is said to be “stored locally” to the cloud, even when cloud storage is disabled.
The security hole was first discovered on Eufy’s Doorbell Dual camera which utilizes two cameras to view both people walking up to your door as well as your doorstep where packages may be left.
The doorbell’s camera was uploading facial recognition data from the camera to Eufy’s cloud servers with identifiable information attached, and that this data wasn’t actually removed from Eufy’s servers when the related footage had been deleted from the Eufy app. In the video below, Moore also notes that Eufy used the facial recognition data from two different cameras on two completely different accounts to link data from each, and points out that Eufy never notifies the user that this is happening – the company’s market rather implies just the opposite.
It’s not clear how many of Eufy’s home security cameras and products are affected by this. Android Central was able to replicate the same security issues on a EufyCam 3 paired to a Eufy HomeBase 3.
Perhaps more frightening was another user’s findings that these streams of Eufy footage are accessible through unencrypted streams. Simply using the popular VLC media player, a user was able to access a camera’s feed, and Paul Moore confirmed (though without showing how it works) that the streams can be accessed with no encryption or authentication required.
Eufy has yet to respond to these claims publicly, but the evidence is quite clear at this point, and it’s a massive security failure on top of direct lies to customers. Moore did receive an email from Eufy in which the company tried to explain the behavior shown, though Moore did reason that most of the company’s response was downplaying the seriousness of the issue.
Moore offered an update to the situation yesterday, saying that Eufy has removed the “background call” which shows stored images, but not the underlying footage, and that the company has also encrypted other calls to cover its tracks.
More on Home Security:
You May want to check our other related articles below and download our app.
Download Our APP
Download Our App For less Ads and more of Premium contents for free