Eufy home security thread

b0rn2sk8 said:
The video above explains it.

9to5google.com

Eufy caught lying about local-only security cameras with footage sent to cloud, accessible in unencrypted streams [U]

Eufy has been caught uploading video footage from its cameras promised to stay local to the cloud, with security holes to make matters worse.
9to5google.com 9to5google.com

www.androidheadlines.com

Eufy secretly sends your data to the cloud, claims it doesn't

Anker's Eufy security cameras have been found to actually upload your private pictures to the cloud.
www.androidheadlines.com www.androidheadlines.com

They upload your images to the cloud and store it in an open server un-encrypted without your permission.

That data can be accessed using VNC media player without authentication.

That data is tagged to you as an individual using facial recognition.

They do this even with cloud stage turned off.

If you delete the data from your account, it’s not deleted from the cloud.
Click to expand...
Very Worrying.

On that note. what are other alternatives besides ring who I don't like as it has a subscription
 
jonneymendoza said:
What's wrong with there anker chargers and USB cables? do they steal your data too lol. that's all I use anker for tbh
Click to expand...

You say that, but I have a USB adapter with card reader and extra USB ports that I got off Amazon from some brand I've never heard of, Tsupy I think. I swear there's something super dodgy about it because my PC doesn't even boot properly when it's plugged in. My key strokes are probably being logged as I type this, it's past the 30 day return window though...
 
jonneymendoza said:
What's wrong with there anker chargers and USB cables? do they steal your data too lol. that's all I use anker for tbh
Click to expand...
Eufy is an Anker brand, they are one and the same thing.

jonneymendoza said:
Very Worrying.

On that note. what are other alternatives besides ring who I don't like as it has a subscription
Click to expand...

Very few so true local recording. I have a Ubiquiti door bell. It’s not cheap, the door bell is £200 and the cheapest recorder they make is another £200.

It also hard wire only and works on US doorbell voltages so getting a compatible chime is also a pain in the rear.

That’s the price you pay when you are not the product I guess.

I think Nanetmo or whatever they are called do local recording and no subscription but I can’t vouch for that.
 
Last edited:
b0rn2sk8 said:
Eufy is an Anker brand, they are one and the same thing.



Very few so true local recording. I have a Ubiquiti door bell. It’s not cheap, the door bell is £200 and the cheapest recorder they make is another £200.

It also hard wore only and works on US doorbell voltages so getting a compatible chime is also a pain in the rear.

That’s the price you pay when you are not the product I guess.

I think Nanetmo or whatever they are called do local recording and no subscription but I can’t vouch for that.
Click to expand...
Yea Ubiquiti are quite pricey and my network is pwered by mikrotik.

Anker i use to swear by for usb cables and battery packs! Surely those are ok?

I knew that eufy was by Anker but this security flaw is worrying.

How is it the EU have still allowed there products to be sold?
 
jonneymendoza said:
Anker i use to swear by for usb cables and battery packs! Surely those are ok?
Click to expand...

Not sure what you are missing here.

It’s like saying ‘I’m not buying AirPods because of their anti consumer stance against right to repair’ and then going any buying a pair of Beats headphones instead. Or having a terrible experience with a VW, vowing to never buy any of their products again and then going out and buying a Seat.

Anker is Eufy, Eufy is Anker. If you have an issue with Eufy and them allegedly stealing your data and leaking it to the internet, why would you go out and buy an Anker product?

That said I don’t advocate you go out and bin your existing Anker products, that would be stupid, not giving them anymore money is entirely sensible.
 
Last edited:
b0rn2sk8 said:
Not sure what you are missing here.

It’s like saying ‘I’m not buying AirPods because of their anti consumer stance against right to repair’ and then going any buying a pair of Beats headphones instead. Or having a terrible experience with a VW, vowing to never buy any of their products again and then going out and buying a Seat.

Anker is Eufy, Eufy is Anker. If you have an issue with Eufy and them allegedly stealing your data and leaking it to the internet, why would you go out and buy an Anker product?

That said I don’t advocate you go out and bin your existing Anker products, that would be stupid, not giving them anymore money is entirely sensible.
Click to expand...
Yea thats what i mean.

i did not know about this and basically nearly all my cables and battery packs are from Anker

Also. have you seen this?

 
Yes, I saw it, it’s the premise of the last page of posts in this thread.

The whole debacle doesn’t just look bad, it’s actually seriously bad and was only discovered because their security was also non-existent.

To top it off, their response was even worse.
 
b0rn2sk8 said:
Yes, I saw it, it’s the premise of the last page of posts in this thread.

The whole debacle doesn’t just look bad, it’s actually seriously bad and was only discovered because their security was also non-existent.

To top it off, their response was even worse.
Click to expand...
I mean its comical.

@Jimbeam3678 @rodders @dazzlaa @scrivz69

Did you guys know about this? And if not, Are yous till comfortable in using there products?
 
b0rn2sk8 said:
The whole debacle doesn’t just look bad, it’s actually seriously bad
Click to expand...

Eh, honestly I think it's probably a bit blown out of proportion.

I don't think there's anything nefarious about it, just a poor implementation they rolled out to get certain services such as push working.

The main problem is they lied about their claims of zero cloud, when clearly they needed some amount of cloud processing to get the images and push notifications processed properly.

If they'd been more transparent about their claims or offered a 'true' zero cloud option where certain features were unavailable then people would have been more understanding.

It doesn't feel like they're doing it specifically to capture your personal data, it was just that the whole setup was kind of half baked and now it's totally blown up in their face due to the way they marketed it.
 
Last edited:
UberTiger said:
Eh, honestly I think it's probably a bit blown out of proportion.

I don't think there's anything nefarious about it, just a poor implementation they rolled out to get certain services such as push working.

The main problem is they lied about their claims of zero cloud, when clearly they needed some amount of cloud processing to get the images and push notifications processed properly.

If they'd been more transparent about their claims or offered a 'true' zero cloud option where certain features were unavailable then people would have been more understanding.

It doesn't feel like they're doing it specifically to capture your personal data, it was just that the whole setup was kind of half baked and now it's totally blown up in their face.
Click to expand...

The data is accessible by ANYBODY though, and to top it off facial recognition and tags let them know its you.

This opens you upto theft, weirdo's the lot.
 
UberTiger said:
Eh, honestly I think it's probably a bit blown out of proportion.

I don't think there's anything nefarious about it, just a poor implementation they rolled out to get certain services such as push working.

The main problem is they lied about their claims of zero cloud, when clearly they needed some amount of cloud processing to get the images and push notifications processed properly.

If they'd been more transparent about their claims or offered a 'true' zero cloud option where certain features were unavailable then people would have been more understanding.

It doesn't feel like they're doing it specifically to capture your personal data, it was just that the whole setup was kind of half baked and now it's totally blown up in their face.
Click to expand...
Come on mate. Please re-read what you just posted..

There is not blown out of proportion. infact, it needs to blow all over the news in a big way and punish eufy for such a awful implementation of there systems
 
Yeah, true. I just re-watched part of it. It is pretty bad.

Were the unencrypted streams discoverable though? ie. Could anyone have found them via scans or enumeration or other processes?

Was the guy able to access other people streams, or just his own because he was monitoring the traffic on his own network?
 
Last edited:
UberTiger said:
Yeah, true. I just re-watched part of it. It is pretty bad.

Were the unencrypted streams discoverable though? ie. Could anyone have found them via scans or enumeration or other processes?

Was the guy able to access other people streams, or just his own because he was monitoring the traffic on his own network?
Click to expand...

From what I'm reading anyone can access anybody else's via VLC player.
 
You must log in or register to reply here.
Back
Top Bottom