Let’s catch you up on the drama
Eufy is a sub-brand of Anker, and it is responsible for making Google’s Nest-like security cameras and doorbells. What sets this company apart, supposedly, was the fact that everything was supposed to be processed locally on the device. Everything was stored on the device, and it could only be accessed locally. That was the claim, at least. However, a user found out that Eufy was surreptitiously uploading pictures and footage of its customers to the AWS cloud service. Not only did the company upload this content, but it didn’t encrypt it. Users were even able to live stream people’s cameras from anywhere. People could view those live streams through media players as simple as VLC. While these claims were levied against Eufy, the company stuck to its guns and did not acknowledge that its security system was problematic. Instead of that, the company issued an update to its security app. The app would tell users that pictures temporarily went to the cloud in order to create notification thumbnails.
Eufy finally acknowledged that there’s a security issue
After the unsatisfactory performance of the company, it finally came clean and said that its security could use some improvement. Eufy recently posted a forum post for its users where it actually acknowledged the security flaw. “…we have been using the last few weeks to research these possible threats and gather all the facts before publicly addressing these claims.” So, the company does say that there is a “potential threat.” However, in the post, the company still says that the potential security flaws are still speculative. So it’s not outright acknowledging that it’s messed up with its security. In any case, Eufy is taking action and issued a new change to its web-portal. “Today, users can still log into our eufy.com web portal to view live streams of their cameras. However, users can no longer view live streams (or share active links to these live streams with others) outside of Eufy’s secure web portal. Other than that, the company reiterated its notification thumbnail policy, reassured us that no user data was exposed, and stated facial recognition is all processed locally. This Saga is still far from over, so we will keep you updated on the next development.