Eufy home security thread

[jonneymendoza]

Hiya.

I am looking at using eufy products for security home network and the first port of call is to get a video doorbell.

I am confused as there seems to be 4 different variants of these and was wondering what the differences were?

Below are the ones i saw:

1. VIdeo doorbell 2k with chime
2. VIdeo doorbell 2k with Homebase(how does the chime work if any? and does it come with homebase 1 or 2?)
3. Video doorbell 2k dual camera with chime(dual camera? better?)
4. Video doorbell 2k dual camera with Homebase(1 or 2?)

I will later add some outdoor camera's on the side and rear of my property . Are there any POE camera's?

 

[jonneymendoza]

2k with chime will record to an SD card in the chime unit.
2k dual has extra parcel camera features and radar motion detection as well.
Homebase 2 brings extra AI features.

Jim, any reason you didn't get the homebase 3, if you splashed out ok the 4k solars?

There's a homebase 3?

 

[jonneymendoza]

I have the eufycam 2 pack and doorbell with homebase.

Picked it up around 2 years ago(?) and to be fair its been a rock solid system. The alerts can be a little too sensitive at times but it is difficult to get that just right.
The thing for me that really sealed the deal was the homebase, and therefore no monthly subscription. All data is available to stream etc.

Things to note:

Sometimes the doorbell does not connect immediately, can be a pain when you're rushing to catch a delivery driver. However, I have not missed a delivery yet despite the panic.

The geo-fencing cannot quite set up the profile I want. For eg, the system will come on automatically if I am not home, but you cannot also make a timed schedule to override this. At bedtime for example. I tend to just leave the system running all the time which has worked great.

Cameras need charging about every 2-3 months I'd say

As for the chime, I have mine set to come through our phones and I also have a dual Amazon Echo system set up in stereo for the kitchen TV, Alexa plays a nice chime really loud.

Do you have any outdoor cameras from eufy as well?

 

[jonneymendoza]

Just a heads up that Eufy cameras are exposing data unencrypted and with no authentication

Ffs really? Just ordered the doorbell lol

Edit. I've just cancelled. Any alternative?

 

[jonneymendoza]

Are any of them legit though....

Most of them are

 

[jonneymendoza]

I just saw the news about Eufy, that’s not just a flaw, that it outright deception and almost certainly illegal in more than one way in the EU.

Yup.i cancel my order.

Dodged a bullet

 

[jonneymendoza]

not just Eufy, the whole group which includes Anker.

What's wrong with there anker chargers and USB cables? do they steal your data too lol. that's all I use anker for tbh

 

[jonneymendoza]

The video above explains it.

Eufy caught lying about local-only security cameras with footage sent to cloud, accessible in unencrypted streams [U]

Eufy has been caught uploading video footage from its cameras promised to stay local to the cloud, with security holes to make matters worse.

9to5google.com

Eufy secretly sends your data to the cloud, claims it doesn't

Anker's Eufy security cameras have been found to actually upload your private pictures to the cloud.

www.androidheadlines.com

They upload your images to the cloud and store it in an open server un-encrypted without your permission.

That data can be accessed using VNC media player without authentication.

That data is tagged to you as an individual using facial recognition.

They do this even with cloud stage turned off.

If you delete the data from your account, it’s not deleted from the cloud.

Very Worrying.

On that note. what are other alternatives besides ring who I don't like as it has a subscription

 

[jonneymendoza]

Eufy is an Anker brand, they are one and the same thing.



Very few so true local recording. I have a Ubiquiti door bell. It’s not cheap, the door bell is £200 and the cheapest recorder they make is another £200.

It also hard wore only and works on US doorbell voltages so getting a compatible chime is also a pain in the rear.

That’s the price you pay when you are not the product I guess.

I think Nanetmo or whatever they are called do local recording and no subscription but I can’t vouch for that.

Yea Ubiquiti are quite pricey and my network is pwered by mikrotik.

Anker i use to swear by for usb cables and battery packs! Surely those are ok?

I knew that eufy was by Anker but this security flaw is worrying.

How is it the EU have still allowed there products to be sold?

 

[jonneymendoza]

Not sure what you are missing here.

It’s like saying ‘I’m not buying AirPods because of their anti consumer stance against right to repair’ and then going any buying a pair of Beats headphones instead. Or having a terrible experience with a VW, vowing to never buy any of their products again and then going out and buying a Seat.

Anker is Eufy, Eufy is Anker. If you have an issue with Eufy and them allegedly stealing your data and leaking it to the internet, why would you go out and buy an Anker product?

That said I don’t advocate you go out and bin your existing Anker products, that would be stupid, not giving them anymore money is entirely sensible.

Yea thats what i mean.

i did not know about this and basically nearly all my cables and battery packs are from Anker

Also. have you seen this?

 

[jonneymendoza]

Yes, I saw it, it’s the premise of the last page of posts in this thread.

The whole debacle doesn’t just look bad, it’s actually seriously bad and was only discovered because their security was also non-existent.

To top it off, their response was even worse.

I mean its comical.

@Jimbeam3678 @rodders @dazzlaa @scrivz69

Did you guys know about this? And if not, Are yous till comfortable in using there products?

 

[jonneymendoza]

Eh, honestly I think it's probably a bit blown out of proportion.

I don't think there's anything nefarious about it, just a poor implementation they rolled out to get certain services such as push working.

The main problem is they lied about their claims of zero cloud, when clearly they needed some amount of cloud processing to get the images and push notifications processed properly.

If they'd been more transparent about their claims or offered a 'true' zero cloud option where certain features were unavailable then people would have been more understanding.

It doesn't feel like they're doing it specifically to capture your personal data, it was just that the whole setup was kind of half baked and now it's totally blown up in their face.

Come on mate. Please re-read what you just posted..

There is not blown out of proportion. infact, it needs to blow all over the news in a big way and punish eufy for such a awful implementation of there systems

 

[jonneymendoza]

The data is accessible by ANYBODY though, and to top it off facial recognition and tags let them know its you.

This opens you upto theft, weirdo's the lot.

Yup. if i dig deeper i could possibly grab peoples footages as well.

Its scary stuff

 

[jonneymendoza]

From what I'm reading anyone can access anybody else's via VLC player.

Basically By Knowing There Ip address

 

[jonneymendoza]

This really needs testing next to see whether someones data in Eufy's (AWS) S3 containers could be "randomly" stumbled upon and extracted.
AI face thumbnails need a 40 character user ID along with the thumbnails, seemingly random, filename to build the path; similarly motion/video thumbnails have a random filename too although they appear to be stored under Eufy "stations" serial numbers which might potentially be gleaned from snooping on the targets devices.

I'm not entirely convinced these URL's could easily be built through simple enumeration but, it doesn't look great for Eufy either way and hopefully other researchers and pentesters get onboard and delve into Eufy products to see what exactly needs resolving.

Has anyone got more information on live streams being viewed through VLC though?
RTSP is available on their cameras and doorbells for the local network, you can use VLC to view those streams, but that shouldn't be viewable externally; so it would be interesting to see how live streams are easily "had" externally.

Edit - the whole resetting flaw is completely screwed though, you would assume it would require some intervention elsewhere (prompt within app or portal) for a device to unpair from an account.

its quite shocking how this thread was made by me asking for advice on which eufy doorbell package to get!!

Glad i made this thread as if i diddnt. i would not have know about this

 

[jonneymendoza]

It was made a day late for me, lol!

Lol can't you cancel and return your order?

 

[jonneymendoza]

I don't know the ins and outs of all this as I don't own any of their products, but this guy makes solid videos, and he doesn't agree with much of what is being said.

The Internet is WRONG about Eufy. (Mostly)

You need the rest of the story about the Eufy cloud scandal. Paul Moore's Video: https://www.youtube.com/watch?v=qOjiCbxP5LcLTT WAN Show: https://www.youtub...

www.youtube.com

Android Central can no longer recommend Eufy cameras

A series of unfortunate events have broken our trust in the brand.

www.androidcentral.com

 

[jonneymendoza]

 

[jonneymendoza]

so is this eufy scandal really much of an issue these days?

moving into a new house next week and looking at the different options for cameras/doorbells and eufy seems to tick the box for the right price.

only need something simple to cover back garden/shed.

Yea still hasn't been fully addressed yet.

Kind of leaves a bad impression of the company really

 

[jonneymendoza]

ahh ok, so whats the next best option for no subscription etc?

I would like to know that myself!