Eufy finally addresses security camera issues, promises to ‘uphold community’s trust’
If you’ve been following smart home news at all closely in recent weeks, you’ll no doubt be aware of the situation Eufy’s found itself in. In late November, security researcher Paul Moore discovered (and publicized)a number of potentially serious vulnerabilitiesin Eufy’s security cameras. Weeks later, the companyquietly changed verbiage on its websitein ways that made it look like Eufy was trying to downplay some of the more ostensibly privacy-focused features of its products and services. Now, Eufy has released an official statement about the whole kerfuffle, including a commitment to “continue to work hard to uphold our community’s trust in our products, services, and processes.”
Eufy’s statement, which came in the form of acommunity forum postearlier this week, addresses three main points. First, Moore’s allegation that notification thumbnails are stored in the cloud, even if users haven’t opted into cloud services. Eufy admits this is true, but points out that it recentlyadded language to the Eufy Securityapp to make that fact more obvious. Eufy also expresses that it understands the need to be clearer about things like this, saying that “As a company focused on reducing the use of the cloud, we must be more clear about which of our processes are done locally and which require using our secure AWS server.”
Second, Eufy acknowledges what was likely Moore’s most serious finding: that live streams from cameras were viewable over the internet without authentication. Eufy doesn’t deny that that was the case, but says that “no user data has been exposed, and the potential security flaws discussed online are speculative.” Moore and others say they found ways to access their own video streams without logging in. Eufy says that going forward, “users can no longer view live streams (or share active links to these live streams with others) outside of eufy’s secure Web portal.”
Finally, Eufy outright denies Moore’s assertion that the company sends facial recognition data to the cloud. The confusion here, Eufy says, is that the Video Doorbell Dual formerly sent images of users to the cloud in order to “share that initial image to other cameras on the user’s local eufy Security system.” That camera has apparently been updated to only share these images over local networks or, if over the internet, using direct peer-to-peer connections.
While it’s a positive step that we’re getting this communication from Eufy, it doesn’t look good for the company that it didn’t come sooner. Eufy acknolwedges as much, saying that “we will need to better balance our need to get ‘all the facts’ with our obligation to keep our customers more quickly informed.” As of publishing, the forum post has been viewed just under 6,000 times. The handful of replies the post has garnered are unanimously negative.
This article is sponsored by Total Wireless.
Breaking language barriers, one feed at a time
Check your order status!
It’s never been cheaper
It’s $30 off for a limited time
Keep privacy a priority with the best VPNs
