The security of the Eufy cameras was brought into question when a security consultant discovered that the cameras were sending data to the cloud even when cloud storage upload settings were disabled. Further, it was found that the Eufy camera streams could be watched live through an app like VLC, which posed a security risk.
Anker had previously touted the security of its Eufy cameras, claiming that they featured local-only storage and end-to-end encryption for those seeking a more private camera solution. However, it has now been revealed that the Eufy cameras did not offer native end-to-end encryption, and unencrypted video streams were provided through the Eufy web portal.
In response to these findings, Anker has taken measures to improve the security of its Eufy cameras. The Eufy web portal now prohibits users from entering debug mode and the code has been hardened and obfuscated. In addition, the video stream content is now encrypted, which means that these video streams cannot be played on third-party media players like VLC.
Anker is taking further steps to improve the security of its Eufy products, including bringing in third-party security companies to conduct audits, establishing a security micro-site in February, and launching an official bug bounty program. The company has expressed regret for its lack of communication and has pledged to do better in the future.
In conclusion, while Anker’s admission of the security issues with its Eufy cameras is concerning, the company is taking steps to improve the security of its products and to be more transparent with its customers. Anker’s commitment to making changes and providing better information to its customers is a positive step in the right direction.