1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Anker admits Eufy camera security issues

    From TechnologyDaily@1337:1/100 to All on Fri Dec 23 17:15:04 2022
    Anker admits Eufy camera security issues

    Date:
    Fri, 23 Dec 2022 17:01:48 +0000

    Description:
    However Anker also updates and tweaks its language and denies some of the alleged issues.

    FULL STORY ======================================================================

    Anker has confirmed that one of its security camera products had some serious security flaws that allowed unauthorized third parties to view the camera
    live feeds. It also confirmed that its been sending mobile push notifications with peoples faces via the cloud to user endpoints .

    Security researcher Paul Moore recently discovered that the (Anker-owned)
    Eufy Doorbell Dual cameras feed could be accessed via a web browser by simply knowing the right URL, with no password was required.

    Camera videos encrypted with AES-128 are using a simple key that can be
    broken with relative ease, Moore said at the time, adding that the app was uploading thumbnails to the cloud, before sending them to peoples mobile apps as notifications, and that the camera was uploading facial recognition data
    to its AWS cloud without encryption. Confirming researcher reports

    Now, in a blog post titled To our eufy Security Customers and Partners, the company has addressed these claims, confirming some of them, but denying others.

    As for accessing the camera feed - the researcher was right. eufy Security 's Live View Feature on its Web-Portal Feature Has a Security Flaw, the company said, before adding that no user data had been exposed. Potential security flaws discussed online are speculative, the blog reads.

    Still, the company has made some changes, now only allowing people to view live streams via the web if they sign in to the eufy.com 3 Web portal. Users can no longer view live streams (or share active links to those live streams with others) outside of eufys secure Web portal, it said.

    Anker also confirmed using the cloud to send users mobile push notifications. While it said the feature complies with all industry standards it did make a few tweaks - it updated the eufy Security app with a more detailed
    explanation of the different push notification options, and revised its Privacy Statement on eufy.com 3, which should be published later this week. Read more

    This top security camera brand might be uploading photos to the cloud
    without you knowing


    How to set up a security camera system for your home


    These are the best malware removal options at the moment

    Moving forward, this will be a significant area of improvement for our marketing and communication teams and will be added to our website, privacy policies, and other marketing materials, the blog explains.

    Finally, it addressed the worries that the camera is sending facial recognition data to the cloud, shortly stating This is not true.

    This is a key differentiator for eufy Security - all facial recognition and biometric processes are completed locally on the users device. This information is never processed in the cloud.

    The company has been slammed by security researchers and the media for poor communication - something it also aimed to address with this update:

    Moving forward, we will need to better balance our need to get all the facts with our obligation to keep our customers more quickly informed, it said. Check out the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/anker-admits-eufy-camera-security-issues


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)