Eufy: Difference between revisions - Consumer_Action

Line 9:

}}

~~eufy~~ is a ~~subsidiary~~ of [https://en.m.wikipedia.org/wiki/Anker_Innovations Anker Innovations]

'''Eufy''' is a sub-brand of [https://en.m.wikipedia.org/wiki/Anker_Innovations Anker Innovations], and is a manufacturer of smart home technologies.<ref>https://www.eufy.com/about</ref> They are known for their security cameras, with their local storage security cameras marketed as keeping "your data is yours alone and eliminating monthly fees."<ref>https://www.eufy.com/eu-en/collections/local-storage-security-camera</ref> Eufy additionally provides a cloud backup system, which uses [[Amazon]] Web Services (AWS).<ref>https://support.eufy.com/s/article/Privacy-Commitment-1617358267456</ref>

~~eufy falsely advertised their camera as having e2ee video feeds.~~

== Incidents ==

~~eufy has a~~ cloud ~~backup system~~, ~~which uses~~ [~~[Amazon~~]~~] Web Services (~~AWS).<ref>https://~~support~~.~~eufy~~.com/s/article/~~Privacy~~-~~Commitment~~-~~1617358267456~~</ref>

=== Leaking data to the cloud without user consent ===

In 2022, security researcher Paul Moore found out that images and videos were uploaded to Eufy's servers for their notification service without informing the user.<ref>[https://www.youtube.com/watch?v=qOjiCbxP5Lc Eufy leaking your "private" images/faces & names... to the cloud]</ref> This was the case when the HomeBase was offline, which is the local device where the video footage is usually stored. According to Eufy, the HomeBase 3 is does not have to use the AWS cloud server as the "high-performance database" on the device should be sufficient.<ref>https://www.zdnet.com/article/eufys-security-cameras-send-data-to-the-cloud-without-consent-and-thats-not-the-worst-part/</ref> But the notification feature wants to store a video thumbnails and pictures of faces if those are in the recordings, for which it used the cloud without giving the user the option to disable this behavior. Moore found that the images remained on Eufy's AWS servers, which Eufy claimed to be deleted automatically. This led to several sponsored entities, such as YouTube channel ''Linus Tech Tips'', dropping Anker as a sponsor.<ref>https://www.youtube.com/watch?v=2ssMQtKAMyA</ref>

[https://www.~~youtube~~.com/~~watch?v=qOjiCbxP5Lc Eufy leaking your "private" images~~/~~faces & names...~~ to ~~the cloud.]~~

In response to the incident, Eufy pushed an update to the Eufy Security app disclose this behavior of this feature, under an opt-in toggle to use this feature. Eufy patched the notifications service to only include text by default, and inform with disclaimers that cloud services are temporarily for the thumbnail feature. <ref>https://www.zdnet.com/home-and-office/smart-home/eufy-responds-to-security-concerns/</ref>

[https://arstechnica.com/gadgets/2023/02/ankers-eufy-admits-problems-with-unencrypted-video-access-pledges-overhaul/ ~~Anker’s~~ Eufy ~~admits unencrypted videos could be accessed, plans overhaul]~~

Shortly after this incident, it was discovered that the security of the video URLs used for streaming the video footage were lacking, were unencrypted video feeds if you were able to brute force the URLs.<ref>https://arstechnica.com/gadgets/2023/02/ankers-eufy-admits-problems-with-unencrypted-video-access-pledges-overhaul/</ref> The encryption scheme on the URLs also seemed to lack sophistication. Moore discovered that it only 65,536 combinations to brute-force (a four-digit hexadecimal value), "which a computer can run through pretty quick."

In response, Eufy increased the amount of combinations needed and increased the security such that guessing the URL was not enough for playback.<ref>https://www.theverge.com/2022/12/19/23517250/anker-eufy-security-camera-answer</ref>

==References==

[[Category:~~Home security~~ companies]]

[[Category:Video surveillance companies]]

@@ Line 9: / Line 9: @@
 }}
-eufy is a subsidiary of [https://en.m.wikipedia.org/wiki/Anker_Innovations Anker Innovations]
+'''Eufy''' is a sub-brand of [https://en.m.wikipedia.org/wiki/Anker_Innovations Anker Innovations], and is a manufacturer of smart home technologies.<ref>https://www.eufy.com/about</ref> They are known for their security cameras, with their local storage security cameras marketed as keeping "your data is yours alone and eliminating monthly fees."<ref>https://www.eufy.com/eu-en/collections/local-storage-security-camera</ref> Eufy additionally provides a cloud backup system, which uses [[Amazon]] Web Services (AWS).<ref>https://support.eufy.com/s/article/Privacy-Commitment-1617358267456</ref>
-eufy falsely advertised their camera as having e2ee video feeds.
+== Incidents ==
-eufy has a cloud backup system, which uses [[Amazon]] Web Services (AWS).<ref>https://support.eufy.com/s/article/Privacy-Commitment-1617358267456</ref>
+=== Leaking data to the cloud without user consent ===
+In 2022, security researcher Paul Moore found out that images and videos were uploaded to Eufy's servers for their notification service without informing the user.<ref>[https://www.youtube.com/watch?v=qOjiCbxP5Lc Eufy leaking your "private" images/faces & names... to the cloud]</ref> This was the case when the HomeBase was offline, which is the local device where the video footage is usually stored. According to Eufy, the HomeBase 3 is does not have to use the AWS cloud server as the "high-performance database" on the device should be sufficient.<ref>https://www.zdnet.com/article/eufys-security-cameras-send-data-to-the-cloud-without-consent-and-thats-not-the-worst-part/</ref> But the notification feature wants to store a video thumbnails and pictures of faces if those are in the recordings, for which it used the cloud without giving the user the option to disable this behavior. Moore found that the images remained on Eufy's AWS servers, which Eufy claimed to be deleted automatically. This led to several sponsored entities, such as YouTube channel ''Linus Tech Tips'', dropping Anker as a sponsor.<ref>https://www.youtube.com/watch?v=2ssMQtKAMyA</ref>
-[https://www.youtube.com/watch?v=qOjiCbxP5Lc Eufy leaking your "private" images/faces & names... to the cloud.]
+In response to the incident, Eufy pushed an update to the Eufy Security app disclose this behavior of this feature, under an opt-in toggle to use this feature. Eufy patched the notifications service to only include text by default, and inform with disclaimers that cloud services are temporarily for the thumbnail feature. <ref>https://www.zdnet.com/home-and-office/smart-home/eufy-responds-to-security-concerns/</ref>
-[https://arstechnica.com/gadgets/2023/02/ankers-eufy-admits-problems-with-unencrypted-video-access-pledges-overhaul/ Anker’s Eufy admits unencrypted videos could be accessed, plans overhaul]
+Shortly after this incident, it was discovered that the security of the video URLs used for streaming the video footage were lacking, were unencrypted video feeds if you were able to brute force the URLs.<ref>https://arstechnica.com/gadgets/2023/02/ankers-eufy-admits-problems-with-unencrypted-video-access-pledges-overhaul/</ref> The encryption scheme on the URLs also seemed to lack sophistication. Moore discovered that it only 65,536 combinations to brute-force (a four-digit hexadecimal value), "which a computer can run through pretty quick."
+In response, Eufy increased the amount of combinations needed and increased the security such that guessing the URL was not enough for playback.<ref>https://www.theverge.com/2022/12/19/23517250/anker-eufy-security-camera-answer</ref>
 ==References==
 <references />
-[[Category:Home security companies]]
+[[Category:Video surveillance companies]]