Anker’s Eufy brand of security cameras has come under fire recently. It seems several of its security camera products are sending user images and information to the cloud without their consent. The company has since added a statement to its App Store listing and within the Eufy Security app. Rather than Eufy fixing the security issue and stopping the uploads, it decided instead to disclose when the cloud service will be used.
Eufy Will Continue Allowing Its ‘Local-Only’ Doorbells to Send Data to Cloud, But Now Admits the Upload
In late November, a security researcher discovered that Eufy security cameras were sending user images and information to the cloud without the owners’ consent, even if they didn’t pay for a cloud subscription. In response, Eufy has added a statement to its App Store listing and within the Eufy Security app that discloses when the cloud service will be used when users choose certain notification options.
The Eufy Security app offers a few different options for notifications. For instance, users can choose to have notifications display only text. Or, they can elect to display text and a thumbnail image of the camera. If the user selects the thumbnail option, Eufy uploads the image to the cloud.
An Understandable Concession, But One That Should Have Already Been Done
As I’ve stated previously, the issue isn’t that Eufy was uploading images to the cloud. I never truly believed the company was doing anything negative with the data, like selling it The problem was Eufy hadn’t been informing users that it was doing so.
For those who own an Eufy security camera and don’t want their data uploaded to the cloud, you can prevent the cloud uploads by changing your notification type within the Eufy Security app to “Most Efficient” instead of “Full Effect” or “Include Thumbnail.”
Eufy Fails to Fix Security Issue, Latest Patch Only Addresses Half of the Problem
The company still needs to address the issue that would allow Eufy camera streams to be watched live using an app like VLC. The streams are not encrypted and can be accessed without authentication. This isn’t Eufy’s first security transgression either. In May 2021, Eufy camera owners discovered that cameras owned by other users were viewable in their app. This, obviously, was totally unexpected. Even worse, those granted bogus access could change settings on other people’s cameras.
In a nutshell, this reinforces the importance of data usage transparency. Companies need to be forthright and inform their customers how their data will be use. Eufy’s lack of transparency and potential security issues are cause for concern for users of its security cameras.