Eufy

Eufy
Basic information
Founded	2011
Type	Subsidiary
Industry	Home security
Official website	https://www.eufy.com/

❗Article Status Notice: This Article is a stub

Notice: This Article Requires Additional Expansion

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Issues may include:

This article needs to be expanded to provide meaningful information
This article requires additional verifiable evidence to demonstrate systemic impact
More documentation is needed to establish how this reflects broader consumer protection concerns
The connection between individual incidents and company-wide practices needs to be better established
The article is simply too short, and lacks sufficient content

How You Can Help:

Add documented examples with verifiable sources
Provide evidence of similar incidents affecting other consumers
Include relevant company policies or communications that demonstrate systemic practices
Link to credible reporting that covers these issues
Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, visit the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Eufy is a sub-brand of Anker Innovations, and is a manufacturer of smart home technologies.^[1] They are known for their security cameras, with their local storage security cameras marketed as keeping "your data is yours alone and eliminating monthly fees."^[2] Eufy additionally provides a cloud backup system, which uses Amazon Web Services (AWS).^[3]

Consumer impact summary[edit | edit source]

Overview of concerns that arise from the company's conduct regarding (if applicable):

User Freedom
User Privacy
Business Model
Market Control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Incidents[edit | edit source]

Leaking data to the cloud without user consent[edit | edit source]

In 2022, security researcher Paul Moore found out that images and videos were uploaded to Eufy's servers for their notification service without informing the user.^[4] This was the case when the HomeBase was offline, which is the local device where the video footage is usually stored. According to Eufy, the HomeBase 3 is does not have to use the AWS cloud server as the "high-performance database" on the device should be sufficient.^[5] But the notification feature wants to store a video thumbnails and pictures of faces if those are in the recordings, for which it used the cloud without giving the user the option to disable this behavior. Moore found that the images remained on Eufy's AWS servers, which Eufy claimed to be deleted automatically. This led to several sponsored entities, such as YouTube channel Linus Tech Tips, dropping Anker as a sponsor.^[6]

In response to the incident, Eufy pushed an update to the Eufy Security app disclose this behavior of this feature, under an opt-in toggle to use this feature. Eufy patched the notifications service to only include text by default, and inform with disclaimers that cloud services are temporarily for the thumbnail feature. ^[7]

Shortly after this incident, it was discovered that the security of the video URLs used for streaming the video footage were lacking, were unencrypted video feeds if you were able to brute force the URLs.^[8] The encryption scheme on the URLs also seemed to lack sophistication. Moore discovered that it only had 65,536 possible combinations to brute-force (a four-digit hexadecimal value), "which a computer can run through pretty quick."

In response, Eufy increased the amount of combinations needed and increased the security such that guessing the URL was not enough for playback.^[9]

References[edit | edit source]

↑ "About Us". eufy US.
↑ "Local Storage Security Cameras". eufy US.
↑ "Privacy Commitment". eufy US. Retrieved 8 Feb 2025.
↑ Moore, Paul (23 Nov 2022). "Eufy leaking your "private" images/faces & names... to the cloud" – via YouTube.
↑ Diaz, Maria (1 Dec 2022). "Eufy's security cameras send data to the cloud without consent, and that's not the worst part". ZDNET.
↑ Linus Tech Tips (29 Nov 2022). "Why we're dropping this sponsor" – via YouTube.
↑ Diaz, Maria (5 Dec 2022). "Eufy responds to camera security concerns". ZDNET.
↑ Purdy, Kevin (2 Feb 2023). "Anker's Eufy admits unencrypted videos could be accessed, plans overhaul". Ars Technica.
↑ Hollister, Sean (19 Dec 2022). "Read what Anker's customer support is telling worried Eufy camera owners". The Verge.

[1] "About Us". eufy US.

[2] "Local Storage Security Cameras". eufy US.

[3] "Privacy Commitment". eufy US. Retrieved 8 Feb 2025.

[4] Moore, Paul (23 Nov 2022). "Eufy leaking your "private" images/faces & names... to the cloud" – via YouTube.

[5] Diaz, Maria (1 Dec 2022). "Eufy's security cameras send data to the cloud without consent, and that's not the worst part". ZDNET.

[6] Linus Tech Tips (29 Nov 2022). "Why we're dropping this sponsor" – via YouTube.

[7] Diaz, Maria (5 Dec 2022). "Eufy responds to camera security concerns". ZDNET.

[8] Purdy, Kevin (2 Feb 2023). "Anker's Eufy admits unencrypted videos could be accessed, plans overhaul". Ars Technica.

[9] Hollister, Sean (19 Dec 2022). "Read what Anker's customer support is telling worried Eufy camera owners". The Verge.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]