Eufy, the company behind a series of affordable security cameras, is currently under fire for its security practices. One of the few security devices that allow for locally-stored media and don't need a cloud account is what the company claims to be. A security researcher discovered a security hole in Eufy's mobile app that threatens the whole premise.
The issue was relayed in a screen grab. Moore had purchased the Eufy Doorbell dual camera for its promise of a local storage option, only to discover that the doorbell's cameras had been storing thumbnail of faces on the cloud, along with identifiable user information.
Another user discovered that the data uploaded to Eufy wasn't even secure. Moore showed that any uploaded clips could be played back on any desktop media player. The thumbnail and clips were linked to their partner cameras and offered additional information to snoopers.
It was possible for the issue to be recreated on its own with a Eufy cam 3. It reached out to Eufy to find out why the issue was happening. If you choose to have a motion notification pushed out with an attached thumbnail, Eufy temporarily uploads that file to its Amazon Web Services server. The option was enabled manually by Moore. The Eufy app does not have the same issue since there is no uploading.
Eufy says its practices comply with Apple's Push Notification Service terms of use, but it patched some of the issues found by Moore. The company said it would communicate with its users about how it stores data.
1. We are revising the push notifications option language in the eufy Security app to clearly detail that push notifications with thumbnails require preview images that will be temporarily stored in the cloud.
2. We will be more clear about the use of cloud for push notifications in our consumer-facing marketing materials.
This isn't the first time Eufy has had issues with its cameras. The company faced similar reports of unwarranted access to random camera feeds last year, though they quickly fixed the problem. Eufy knows how to patch things up.
All Rights Reserved © 2024
