Data coming out of your home
Security Consultant Paul Moore valued having caught Anker red-handed: even with cloud recording disabled (to only use local backup), Eufy cameras would still send content over the network.
The man discovered the pot-aux-roses with a Eufy Doorbell Dual and the camera would send not only previews of the images taken by the sensorbut also clearly identifiable faces and user information.
To support his demonstration, he even deactivated his station and despite this, he was able to recover his head from the files of Eufy’s servers. These would even remain accessible in the cloud when he deleted them from the application. Importantly, however, it looks like Eufy doesn’t send full streams, just screen captors from the videos.
These previews are actually used for rich notifications sent when you are away from home : this allows you to preview the video from the application. Problem, these images, which use facial recognition (which would be, still according to Moore, able to connect 2 faces from 2 different apps and 2 separate cameras), are well stored in the Cloud – and would remain there for a while.
Obviously, what causes concern is the marketing message of Eufy, who boasts of offering a service without Monthly Charges (Local Storage)
everywhere in its descriptions. Many of you very often mention this brand in the comments, when mentioning other competitors demanding a paid subscription.
Worse still, Moore believes that some files and even the video stream would be accessible (without encryption) from third-party software, such as VLC with a simple URL – which poses real questions in terms of security and privacy. Eufy denies some accusations, believing that the famous images require authentication, but the manufacturer apparently did not respond on all the subjects concerned.
In the meantime, other brands (like the French Netatmo) offer cameras (exterior et interior) without Cloud storage… and we hope, without flaws in security!
The editor recommends: