Anker has admitted that its line of Eufy security cameras was not fully end-to-end encrypted but has begun implementing changes to solve the issue.
In November, A security researcher discovered that Anker's Eufy security cameras sent user images and information to the cloud without the owners' consent — even if the user didn't pay for a cloud subscription.
As it turns out, not only did Eufy upload content to the cloud, its camera streams could be watched live using an app like VLC if you knew the URL to the videos.
And, instead of patching the issue, the company merely warned users that their content was uploaded to the cloud under specific circumstances.
In a series of emails to The Verge, Anker admitted that Eufy security cameras are not natively end-to-end encrypted. In addition, the cameras also produced unencrypted video streams for Eufy's web portal, which can be accessed using media players.
However, the company has gone on to say that it has begun implementing fixes to solve these issues. It plans to update Eufy cameras to use WebRTC, which is encrypted by default.
Anker has also apologized for its lack of communication and agreed to bring in outside security companies to audit its practices.
Eufy has had prior security issues, too. In May of 2021, Eufy owners discovered cameras owned by other users were viewable in the app instead of what they were expecting to see from their own cameras, and settings could be changed by those granted bogus access.
9 Comments
This sort of egregious behavior is why I will no longer be buying Anker products.