It Took Months For Anker To Finally Admit Its Eufy Cameras Weren’t Really Secure

from the let’s-just-pretend-this-never-happened dept

Final November, The Verge found that Anker, the maker of common USB chargers and the Eufy line of “good” cameras, had a bit of a security issue. Regardless of the very fact the corporate marketed its Eufy cameras as having “end-to-end” military-grade encryption, safety researcher Paul Moore and a hacker named Wasabi discovered it was fairly simple to intercept person video streams.

The researchers discovered that an attacker merely wanted a tool serial quantity to connect with a singular handle at Eufy’s cloud servers utilizing the free VLC Media Participant, giving them entry to purportedly non-public video feeds. When approached by The Verge, Anker apparently thought the very best method was to easily lie and demand none of this was doable, regardless of repeated demonstrations that it was very doable:

Once we requested Anker point-blank to substantiate or deny that, the corporate categorically denied it. “I can verify that it isn’t doable to start out a stream and watch dwell footage utilizing a third-party participant akin to VLC,” Brett White, a senior PR supervisor at Anker, advised me by way of electronic mail.

Not solely that, Anker apparently thought it might be a good suggestion to purge its web site of all of its previous guarantees associated to privateness, pondering this could one way or the other trigger people to overlook they’d misled their clients on correct finish to finish encryption. It didn’t.

It took a number of months, however The Verge stored urgent Anker to return clear, and solely this week did the company finally decide to do so:

In a sequence of emails to The Verge, Anker has lastly admitted its Eufy safety cameras are usually not natively end-to-end encrypted — they’ll and did produce unencrypted video streams for Eufy’s net portal, like those we accessed from throughout america utilizing an unusual media participant.

However Anker says that’s now largely fastened. Each video stream request originating from Eufy’s net portal will now be end-to-end encrypted — like they’re with Eufy’s app — and the corporate says it’s updating each single Eufy digital camera to make use of WebRTC, which is encrypted by default. Studying between the strains, although, evidently these cameras might nonetheless produce unencrypted footage upon request.

I don’t know why anyone in tech PR in 2023 would assume the very best response to a privateness scandal is to lie, fake nothing occurred, after which purge your organization’s web site of previous guarantees. Maybe that works in some industries, however if you’re promoting merchandise to techies with very particular safety guarantees hooked up, it’s simply idiotic, and kudos to The Verge for relentlessly calling Anker out for it.

Filed Below: cameras, encryption, eufy, privacy, security, smart home, video, video surveillance

Firms: anker