When talking about home security systems, Anker has always stood out as one of the most sought-after companies over the past decade. Its sound reputation and commitment to quality have made the China-based electronic manufacturing company a popular name for almost any and all households.
However, all this changed with its Eufy home security cameras and privacy infringement and security flaws. The cameras that were once launched with the promise of having end-to-end military-grade encryption with claims of storing all your data locally so that it never leaves your home left users in shock after learning that you can stream video from a Eufy camera from across the country and that too with no encryption at all.
Security researcher Paul Moore first exposed the vulnerability and flaw in Eufy, offering irrefutable proof in his videos and tweets. When questioned point-blank, the Anker company categorically denied all claims stating it is impossible to stream and watch live footage using a third-party player.
However, in a follow-up press conference, a Eufy spokesperson clarified that it is revising its push notification option language in the security app. This further helped clarify Moore’s claims regarding thumbnail images and explained why users’ data would be sent to the cloud.
As shocking as this news has been, there’s no proof yet if Eufy’s vulnerability has been exploited. Also, obtaining the address required users (or potential hackers) to log in with a username and password before accessing an encryption-free stream from Eufy’s website. Also, for the VLC stream to work, the cameras must be awake.
Now that Anker has been caught in its web of big fat Eufy lies, it will be hard for consumers to trust almost anything the company says or does next, but it will be interesting to see what Anker’s next move is going to be. Will it sweep the brand under the rug like Wyze or come up with something better to gain its lost market share and the confidence of users?
As far as the existing Eufy users are concerned, luckily, the breach impacted only 0.001% of users but left a big lesson for both new and existing users. Users should only allow access to their paired devices via the app’s sharing feature instead of sharing their login information. Also, opting for a micro-SD card instead of cloud storage might help mitigate any additional risks.