Eufy not patching cameras, instead just warning users about cloud use

By Amber Neely

Eufy isn't patching out a potential security issue in the Eufy Security app, and is instead just telling users that their thumbnails will be uploaded to the cloud when they choose specific notification settings in the app.

In late November, a security researcher discovered that Anker's Eufy security cameras sent user images and information to the cloud without the owners' consent -- even if the user doesn't pay for a cloud subscription.

In response, Eufy has added a statement on their App Store listing and in the Eufy Security app that discloses when the cloud service will be involved when users choose a specific notification option.

The Eufy Security app has a few different options for notifications. For example, users can choose to have notifications display only text or to display text and a thumbnail image of the camera. If the user selects the thumbnail option, Eufy uploads the image to the cloud.

As noted by ZDnet, the issue isn't that Eufy was uploading images to the cloud, it was that it hadn't been informing users that it was doing so.

For those who own a Eufy security camera and don't want their data uploaded to the cloud, we encourage you to change your notification type within the Eufy Security app to Most Efficient, rather than Full Effect or Include Thumbnail.

The company still needs to address the issue that would allow Eufy camera streams to be watched live using an app like VLC. The streams are not encrypted and can be accessed without authentication.

This isn't Eufy's first security hiccup, either. In May of 2021, users of Eufy cameras discovered that cameras owned by other users were viewable in their app instead of what they were expecting to see from their own cameras, and settings could be changed by those granted bogus access.