Anker's 'Eufy' finally acknowledges 'security flaw' in smart camera privacy issue

by Eufy

Anker's home appliance brand 'Eufy' security camera was criticized for uploading data that was supposed to be stored locally to the cloud, and Eufy had a security flaw on the official forum. I gave an answer that acknowledged

To our eufy Security Customers and Partners - News - Eufy Security Collective

Anker's Eufy breaks its silence on security cam security - The Verge

Eufy's camera intercom and smartphone app 'eufy Security' have problems such as uploading thumbnails of images taken by the camera to the cloud and streaming playback of camera images with the media player VLC. In addition, it was discovered that the privacy promise was deleted from the Eufy site without explanation after this issue was discovered , which was widely covered by the overseas media.

Eufy sent a statement to the media acknowledging 'lack of communication', but it was not an answer because the text was the same as the response to the user's inquiry and did not mention the core issue. It was criticized for not

Anker's ``Eufy'' announces an apology statement due to privacy issues, but it is criticized as ``a template answer that does not have an issue''-GIGAZINE

After that, Eufy posted a post on its official forum titled 'To eufy Security Customers and Partners', in which it clarified the security camera issue. Eufy officially acknowledged the problem this time, roughly divided into two points, one of which is that 'the thumbnail of the video could be viewed in the cloud even though it was not set to use the cloud'. .

Regarding this, Eufy said, ``The eufy Security app is working to reduce the use of the cloud as much as possible, but some processes require the use of our secure AWS servers.'' Admitted that I was using the cloud. The app has also been modified to display a description about using the cloud when you choose to include thumbnails in push notifications.

The second point is that there is a security flaw in eufy Security's web portal function 'Live View'. Specifically, he denied that some reports that user data had been leaked were just speculation, and said, ``I admit that there were some important improvements to be made.'' Additionally, to address this issue, users will no longer be able to live view security camera footage outside of the portal or share active links for live playback with others. In addition, Eufy has clearly denied any suspicion that facial recognition information is being sent to the cloud.

However, the statement this time made a declaration about privacy, such as the fact that the video, which should have been protected by end-to-end encryption, could be streamed with a free media player, and whether or not the camera video could be shared with law enforcement agencies. , removed from the website without any explanation, etc.

Therefore, The Verge, an IT news site that covered this response, explained that the video was not encrypted, specifically what was encrypted and what was not, thumbnails and encryption He said that he would continue to pursue unknown points by making additional inquiries about whether there is any data that Eufy's server can remotely access the camera other than the unencrypted video.

in Security, Posted by log1l_ks