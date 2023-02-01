



In November, Anker’s Eufy brand made headlines after security consultant Paul Moore discovered that Eufy security cameras were sending data to the cloud even when cloud storage upload settings were disabled. became. Additionally, Eufy’s camera his stream was allegedly viewable live via apps such as VLC, which created obvious security issues.

The problem was that the Eufy camera was uploading content to the cloud. Because Anker has been touting the security of his Eufy devices for a long time and a more private camera he has local only storage and end he to he end encryption for those who need a solution because he claimed to have Following this debacle, The Verge began trying to get answers from Anker about the security of the Eufy cameras, and Anker said he was intentionally unclear about how the Eufy cameras would work, often I was providing a misleading answer.

The Verge was able to get an answer from Anker by threatening to publish an article about the company’s lack of communication. This provided a clear explanation of Eufy’s security. The Eufy camera did not offer native end-to-end encryption and in fact offered an unencrypted video stream via the Eufy web portal, but according to Anker this has now been fixed. It’s a problem.

Previously, after logging into the secure web portal at eufy.com, registered users would enter debug mode and use the web browser’s DevTool to find the live stream and play the link or share it with others. I was able to play outside of a secure system. However, it was the user’s choice to share that link or not, and to get this link they had to first log into the eufy web portal.

Now, based on industry feedback and due diligence, the eufy security web portal does not allow users to enter debug mode, and the code has been hardened and obfuscated. Additionally, the video stream content is encrypted, making these video streams unplayable on third-party media players such as VLC.

However, please note that only 0.1% of current daily users are using the secure web portal functionality on eufy.com. Most users use his eufy Security app to view live streams. In any case, the previous design of the web portal had some issues that have since been resolved.

Video stream requests from the Eufy web portal are end-to-end encrypted, just like the Eufy app. According to Anker, this is the primary way his Eufy users access camera streams. According to Anker, all his Eufy cameras have been updated to use WebRTC, which is encrypted by default, making it impossible to play his Eufy video streams via third-party apps.

Anker regretted the lack of communication and said it could do better in the future. The company employs a third-party security firm to audit its Eufy security products and is committed to an official bug bounty program. Anker will also launch a security microsite in February to provide customers with detailed information about the changes implemented.

For those interested in the details of Eufy’s remarks, The Verge has released the full email communication with an Anker spokesperson.

