In a major security and privacy lapse, for an hour on Monday morning, users of Eufy cameras discovered that cameras owned by other users were viewable in their app instead of their own, and settings could be changed by those granted bogus access as well.
Many connected cameras bought for security offer app-based viewing and playback of video feeds for convenience. On Monday, it appears that there's a problem with the app, in that it shows feeds of cameras that aren't owned by users.
Initially spotted on Reddit, Eufy cam owners are reporting that attempts to log into the app provide complete access to another camera setup, seemingly in another country. As part of this access, the users are also able to see and change settings on the account and connected hardware, turn lights on and off, and also retrieve details like the camera owner's email address.
Users have expressed concern about the problem, declaring it as a major breach in security and privacy for users. Some posting to Reddit are worried about who may have access to their cameras, and for the safety and privacy of their children.
Some miscreants are taking advantage of this access. They are modifying settings for accounts, and there are reports of some talking to children on the other side of the camera.
It is unclear how many people are affected by the issue, as not all of tests by AppleInsider manifested an issue. One UK staffer saw no issue, and one US editor is having the problem.
HomeKit Secure Video is displaying the right camera, but the wrong camera in the app. There is some speculation it could be a regional issue, though more data is required to confirm that to be the case.
AppleInsider recommends Eufy camera owners turn their cameras off if they are concerned about their privacy, until Eufy responds to the complaints to their satisfaction.
Update: In a statement to AppleInsider and other venues, Eufy claimed that the a "server upgrade" induced the problem for 0.001 percent of its users. The company also said that identified the problem at around 5:30 AM Eastern Time, and fixed it by 6:30. AppleInsider staffers saw it as late as 6:51 AM Eastern Time before disconnecting cameras, but can confirm that the problem is now fixed.
The company confirmed that the issue was geographically limited to the US, Australia, Mexico, and New Zealand. Users in Europe were not impacted, the company said.
Update 12:58 PM Eastern Time with Eufy response.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.