Anker’s Eufy Finally Speaks Up About its Home Camera Security
Accessory maker Anker’s Eufy has finally issued a public statement regarding its smart home camera security in a new blog post titled “To our eufy Security Customers and Partners” (via The Verge).
“Eufy Security ’s Live View Feature on its Web-Portal Feature Has a Security Flaw,” the company admits.
The statement however contains no apology and doesn’t address why anyone would be able to remotely view an unencrypted stream in VLC Media Player from a supposedly always-end-to-end-encrypted camera.
“Moving forward, we will need to better balance our need to get ‘all the facts’ with our obligation to keep our customers more quickly informed,” Anker adds.
The post also addresses some other concerns that security researchers have raised, like how Eufy was uploading thumbnails from its cameras, including pictures of faces, to the cloud without making users aware.
“First, no user data has been exposed, and the potential security flaws discussed online are speculative. However, we do agree there were some key areas for improvement. So we have made the following changes.
Today, users can still log in to our eufy.com Web portal to view live streams of their cameras. However, users can no longer view live streams (or share active links to these live streams with others) outside of eufy’s secure Web portal. Anyone wishing to view these links must first log in to the eufy.com Web portal.
We will continue to look for ways to enhance this feature.”
Anker says it’s now making customers aware that they have a choice of local or cloud push notifications in an updated version of its app.
You can read Eufy’s blog post in its entirety at this link.