Anker's 'Eufy' announces an apology statement due to privacy issues, but it is criticized as 'a template answer that does not have an issue'
Anker's home appliance brand, Eufy, has discovered that security camera footage was uploaded without permission, and that the privacy guarantee was removed from the website after the problem was discovered. Ripples are spreading. In response to this, Eufy sent a statement to explain, but the media has been harshly evaluated that 'the prepared sentences do not answer important questions for consumers.'
Read what Anker's customer support is telling worried Eufy camera owners - The Verge
In November 2022, security consultant Paul Moore uploaded a thumbnail of the video taken by Eufy's camera intercom 'Video Doorbell Dual' to the cloud even though it was set not to use the cloud function. I discovered that the behavior is different from the description on the Eufy website. It has also been discovered that Eufy's camera footage can be streamed on the free media player ' VLC '.
At the time of writing the article, Eufy did not give a formal opinion on this matter, but after the problem was discovered, the website was modified, such as deleting some of the wording on privacy protection and the description on video encryption. It was found by The Verge, an IT news site.
Anker's home appliance brand ``Eufy'' secretly deleted the privacy promise from the web page, immediately after the problem was discovered that the surveillance camera video was uploaded without permission - GIGAZINE
Then, on December 20th, The Verge announced that it had received a statement from Eufy and made it public. A transcript of the statement is below:
'Eufy records and stores footage locally when motion is detected by your device. If you subscribe to a cloud storage service, your footage is safely stored in the cloud and can be deleted at any time. Also, in order to provide push notifications to users' mobile devices, some of our security solutions create small preview images (thumbnails) on our AWS-based cloud servers.Eufy's app allows text You can choose between thumbnail-based or thumbnail-based push notifications, but the instructions weren't clear about choosing thumbnail-based notifications to host the preview image in the cloud, and it's our fault for such lack of communication. ,Deeply apologize'
In addition, Eufy emphasized that only about 1% of the users who accessed the account from the web portal were able to stream the camera video, and the URL obtained by logging in to the account is now playable in third-party players has been fixed.
In fact, at the time of writing the article, a 12-bit random character string was added to the camera image, making it difficult to guess the URL of the image, so the problem that the camera image can be streamed on the media player has been fixed. It has been confirmed by The Verge.
However, the statement The Verge received this time was word for word the same as Eufy's response posted on the online bulletin board Reddit in early December.
Additionally, readers of The Verge reported receiving a simpler version of the statement, noting that ' end-to-end encryption is only for mobile phone access'. It is said that a sentence that gives an impression like this was added. In addition, there was a sentence on the web page before the privacy promise was deleted, ``All recorded images are encrypted on the terminal.''
Regarding this statement, The Verge pointed out that it was ``pre-prepared,'' and said, ``The question for many people is, 'Anker only stores footage locally and encrypts it end-to-end. Why did this happen even though I said it was?' 'Why did you remove the original promise from the website after being asked that question after lying?' It is difficult to trust a company that reacts like this to it, because this company has deleted the word 'Eufy is not just a mouthful', 'he said, expressing distrust. Did.
in Security, Posted by log1l_ks