Anker reports that the video was not properly encrypted in the security camera of 'Eufy' and fixed the flaw


by Focal Foto

Anker, based in China, has admitted that the video it shot was not end-to-end encrypted in the security camera of the consumer electronics brand 'Eufy'. The encryption issue has already been fixed, and the company reports that it will partner with an external security firm to monitor Eufy's practices going forward, as well as launching an official bug bounty program.

Anker finally comes clean about its Eufy security cameras - The Verge
https://www.theverge.com/23573362/anker-eufy-security-camera-answers-encryption

Anker Admits Eufy Cameras Did Not Offer End-to-End Encryption as Promised, Pledges to Do Better - MacRumors
https://www.macrumors.com/2023/01/31/anker-eufy-camera-security/

Anker admits that Eufy cameras were never encrypted |
https://appleinsider.com/articles/23/01/31/anker-admits-that-eufy-cameras-were-never-encrypted

Eufy's security camera claims to emphasize user privacy, and explained that the captured video is end-to-end encrypted. However, in November 2022, Eufy's security cameras were uploading video thumbnails to the cloud without user consent, and streaming video that users can access from Eufy's web portal is not encrypted, and the video was sent to media. It was discovered that it could be played with the player's VLC.

It turned out that Anker Eufy brand security device was uploading content to the cloud without user consent - GIGAZINE



Since then, it has been reported that Eufy's website has removed the privacy language , and the apology statement has been criticized as 'prepared text that does not answer important questions for consumers.' increase.

Anker's ``Eufy'' announces an apology statement due to privacy issues, but it is criticized as ``a template answer that does not have an issue''-GIGAZINE



Overseas media The Verge, which has reported on a series of problems, accused Anker of continuing to deflect the issue on this matter, and before Christmas 2022, ``If you can't get a reasonable answer, Anker I will publish an article about the lack of communication between the two,' he sent an ultimatum. As a result, Eric Villines, Anker's head of global communications, said he received a statement admitting that Eufy's security cameras did not natively provide end-to-end encryption.

Villines explained that there are two ways to play the live stream video of Eufy's security camera: 'Eufy security app' and 'Eufy's web portal'. Of these, the video was encrypted in the app, but in the web portal, the logged-in user uses the browser's developer tools to find the video link and share it with external users to encrypt the video outside the security system. seems to have been able to play

Anker reported that it prohibited users from entering debug mode on the web portal, obfuscated the code, and implemented end-to-end encryption of the video not only in the app but also in the web portal. In a statement, Villines said, 'The content of the video stream has been encrypted and is no longer playable in third-party media players such as VLC. However, utilizing eufy.com's secure web portal capabilities is We have to bear in mind that it is only 0.1% of the current daily users, most of them use Eufy security app to watch the live stream, in any case our web portal has several We had a problem, but it was resolved after that.'

Speaking to The Verge, Villines said that while the series of issues did not constitute a data breach or violate national data protection laws, Anker assessed the product's comprehensive security risks and addressed potential issues. They said they plan to partner with several security companies to do so. In addition, we are working with prominent security experts to develop independent reports on security and privacy, and plan to launch the Eufy Security Bounty Program with external vendors to help find vulnerabilities. I am reporting that.

In addition, in response to The Verge's question, ``Anker / Eufy has not apologized for sending unencrypted streaming video?'', Mr. Villines said, ``What happened when you apologized We need to explain in more detail what happened and what corrective actions will be taken to ensure that this does not happen again.' Anker plans to provide some updates to users in early February 2023 and explain the series of processes, saying, ``At that time, by showing this detail in a highly transparent manner, we will be more heartfelt. We should be able to apologize for that,” said Villines.

in Hardware,   Security, Posted by log1h_ik