{"id":143295,"date":"2022-11-29T22:01:14","date_gmt":"2022-11-29T22:01:14","guid":{"rendered":"https:\/\/harchi90.com\/eufy-cameras-caught-sending-local-footage-to-cloud\/"},"modified":"2022-11-29T22:01:14","modified_gmt":"2022-11-29T22:01:14","slug":"eufy-cameras-caught-sending-local-footage-to-cloud","status":"publish","type":"post","link":"https:\/\/harchi90.com\/eufy-cameras-caught-sending-local-footage-to-cloud\/","title":{"rendered":"Eufy cameras caught sending local footage to cloud"},"content":{"rendered":"
\n

Home security cameras have gotten a lot better in recent years, but the security of your footage has always been a concern. Anker’s Eufy brand claims to keep data local, but a security researcher has exposed that the claim is far from true, with footage not only going to the cloud, but remaining visible even after it was supposed to be deleted.<\/p>\n

Eufy sells several of its security cameras with the promise that video footage and other data are local only, explicitly saying \u201cno one has access to your data but you\u201d on its website.<\/p>\n

Paul Moore, a security researcher, posted on Twitter last week<\/a> a frightening security situation with Eufy home security products including camera-equipped doorbells. In the thread and accompanying videos, Moore shows proof that Eufy cameras are sending data that is said to be \u201cstored locally\u201d to the cloud, even when cloud storage is disabled.<\/p>\n

The security hole was first discovered on Eufy’s Doorbell Dual camera which utilizes two cameras to view both people walking up to your door as well as your doorstep where packages may be left. <\/p>\n

The doorbell’s camera was uploading facial recognition data from the camera to Eufy’s cloud servers with identifiable information attached, and that this data wasn’t actually removed from Eufy’s servers when the related footage had been deleted from the Eufy app. In the video below, Moore also notes that Eufy used the facial recognition data from two different cameras on two completely different accounts to link data from each, and points out that Eufy never notifies the user that this is happening \u2013 the company’s market rather implies just the opposite.<\/p>\n

It’s not clear how many of Eufy’s home security cameras and products are affected by this. Android Central<\/em> was able to replicate the same security issues on a EufyCam 3 paired to a Eufy HomeBase 3.<\/p>\n

\n
\n
\n

You have some serious questions to answer @EufyOfficial<\/a> <\/p>\n

Here is irrefutable proof that my supposedly “private”, “stored locally”, “transmitted only to you” doorbell is streaming to the cloud \u2013 without cloud storage enabled.#privacy<\/a>https:\/\/t.co\/u4iGgkWkJB<\/p>\n

\u2014 Paul Moore (@Paul_Reviews) November 23, 2022<\/a><\/p>\n<\/blockquote>\n<\/div>\n<\/figure>\n

Perhaps more frightening was another user’s findings that these streams of Eufy footage are accessible through unencrypted streams. Simply using the popular VLC media player, a user was able to access a camera’s feed, and Paul Moore confirmed (though without showing how it works) that the streams can be accessed with no encryption or authentication required.<\/p>\n

\n<\/figure>\n

Eufy has yet to respond to these claims publicly, but the evidence is quite clear at this point, and it’s a massive security failure on top of direct lies to customers. Moore did receive an email<\/a> from Eufy in which the company tried to explain the behavior shown, though Moore did reason<\/a> that most of the company’s response was downplaying the seriousness of the issue.<\/p>\n

Moore offered an update<\/a> to the situation yesterday, saying that Eufy has removed the \u201cbackground call\u201d which shows stored images, but not the underlying footage, and that the company has also encrypted other calls to cover its tracks. <\/p>\n

More on Home Security:<\/h2>\n
\n

FTC: We use income earning auto affiliate links.<\/em> more.<\/p>\n

<\/div>\n\n

Check out 9to5Google on YouTube for more news:<\/i><\/p>\n

<\/p>\n