The company was forced to apologize after being singled out a few weeks ago for breaches in the confidentiality of user data collected by its surveillance cameras.
Eufy, the subsidiary of the Anker group, has been in the eye of the storm its last weeks after the discovery of several anomalies in the practices of the manufacturer.
Clear video streams, accessible without any authentication
Last December, a user of Eufy cameras realized that it was possible for him to view the video streams recorded by his device by simply going through the VLC player. Problem, and size: the videos are supposed to be encrypted by the camera and should, in theory, be readable in the clear on any computer or smartphone without authentication.
A security researcher looked into the issue and discovered another issue that has to do with user privacy. If Eufy explains in its communication that the videos remain stored locally, it turned out that the clips could be sent to the cloud, even when the option was deactivated in the settings of the Eufy application.
Online outlet The Verge tried to find out more and contacted Eufy’s press department repeatedly, with a list of questions that went unanswered for several weeks. The information site then issued an ultimatum, and threatened the company to publish a long article summarizing the various problems detected on its products. It seems that this technique worked, forcing Eufy out of his silence.
Eufy finally enables end-to-end encryption for all of its cameras
Eufy finally acknowledged that its security cameras may not be end-to-end encrypted, for accessibility reasons. If the videos are played from an Android or iOS smartphone through the dedicated mobile application, the files are sent in clear for access to the stream from the brand’s web portal.
The company will also quickly review its security devices. She first specified that an update would be sent to all the cameras in service to activate the encryption of video streams accessible from the web portal.
Anker will also carry out audits conducted by an independent expert to determine the various security problems still present in these products, and set up a program of bug bountyallowing security researchers to submit various security holes to him in exchange for a bounty.
Source : 9to5Mac