Eufy changed some cloud behavior, admitted it can do more, ignored some issues.

amazon

/ Eufy’s security arm has publicly addressed some of the most important claims about the company’s local-focused systems, but those who bought into the “no clouds” claims may not be fully assured.Eufy

Eufy, the Anker brand that positioned its security cameras as prioritizing “local storage” and “No clouds,” has issued a statement in response to recent findings by security researchers and tech news sites. Eufy admits it could do better but also leaves some issues unaddressed.

In a thread titled “Re: Recent security claims against eufy Security,” “eufy_official” writes to its “Security Cutomers and Partners.” Eufy is “taking a new approach to home security,” the company writes, designed to operate locally and “wherever possible” to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices—”Not the cloud.”

This reiteration comes after questions have been raised a few times in the past weeks about Eufy’s cloud policies. A British security researcher found in late October that phone alerts sent from Eufy were stored on a cloud server, seemingly unencrypted, with face identification data included. Another firm at that time quickly summarized two years of findings on Eufy security, noting similar unencrypted file transfers.

At that time, Eufy acknowledged using cloud servers to store thumbnail images, and that it would improve its setup language so customers who wanted mobile alerts knew this. The company didn’t address other claims from security analysts, including that live video streams could be accessed through VLC Media Player with the right URL, one whose encryption scheme could potentially be brute-forced.

One day later, tech site The Verge, working with a researcher, confirmed that a user not logged into a Eufy account could watch a camera’s stream, given the right URL. Getting that URL required a serial number (encoded in Base64), a Unix timestamp, a seemingly non-validated token, and four-digit hex value.

Eufy said then it “adamantly disagrees with the accusations levied against the company concerning the security of our products.” Last week, The Verge reported that the company notably changed many of its statements and “promises” from its privacy policy page. Eufy’s statement on its own forums arrived last night.

Eufy states its security model has “never been attempted, and we expect challenges along the way,” but that it remains committed to customers. The company acknowledges that “Several claims have been made” against its security, and the need for a response has frustrated customers. But, the company writes, it wanted to “gather all the facts before publicly addressing these claims.”

The responses to those claims include Eufy noting that it uses Amazon Web Services to forward cloud notifications. The image is end-to-end encrypted and deleted shortly after sending, Eufy states, but the company intends to better notify users and adjust its marketing.

As to viewing live feeds, Eufy claims that “no user data has been exposed, and the potential security flaws discussed online are speculative.” But Eufy adds it has disabled the viewing of livestreams when not logged into a Eufy portal.

Eufy states that the claim it is sending facial recognition data to the cloud is “not true.” All identity processes are handled on local hardware, and users add recognized faces to their devices through either local network or peer-to-peer encrypted connections, Eufy claims. But Eufy notes that its Video Doorbell Dual previously used “our secure AWS server” to share that image to other cameras on a Eufy system; that feature has since been disabled.

The Verge, which had not received answers to further questions about Eufy’s security practices after its findings, has some follow-up questions, and they’re notable. They include why the company denied that viewing a remote stream was possible in the first place, its law enforcement request policies, and whether the company was really using “ZXSecurity17Cam@” as an encryption key.

Researcher Paul Moore, who raised some of the earliest questions about Eufy’s practices, has yet to comment directly on Eufy since he posted on Twitter on November 28 that he had “a lengthy discussion with (Eufy’s) legal department.” Moore has, in the meantime, taken to investigating other “local-only” video doorbell systems and found them notably non-local. One of them even seemed to copy Eufy’s privacy policy, word for word.

“Thus far, it’s safer to use a doorbell which tells you it’s stored in the cloud—as the ones honest enough to tell you generally use solid crypto,” Moore wrote about his efforts. Some of Eufy’s most enthusiastic, privacy-minded customers may find themselves agreeing.

Listing image by Eufy

TECH NEWS RELATED

8 Best Smart Home Automation Apps for Android and iOS

Thanks to Smart Home Automation apps you can use a smartphone or tablet to manage and monitor numerous systems and smart devices in your house. Ranging from video & electric doorbells to smart security cameras, speakers, lights, thermostats, and others. You can manage everything on the go with these applications. ...

View more: 8 Best Smart Home Automation Apps for Android and iOS

ZeroAvia hydrogen-electric aircraft takes off for testing

ZeroAvia, an electric aircraft propulsion specialist, has achieved the next milestone as the company announces the maiden flight of its testbed hydrogen aircraft HyFlyer II. The plane took off from Cotswold Airport in England and remains the world’s largest hydrogen-electric aircraft. This is according to ZeroAvia, which has been ...

View more: ZeroAvia hydrogen-electric aircraft takes off for testing

Amazon Prime Music Unlimited changes streaming prices, now matches Apple Music

Prices for subscription services have been going up in the past few months, and Amazon Music Unlimited is the latest service to see a hike. Amazon increased the costs for its Music Unlimited tiers in the US and UK, matching Apple’s similar price hike for Apple Music from a ...

View more: Amazon Prime Music Unlimited changes streaming prices, now matches Apple Music

Shape Island squares the circle: It’s stop-motion perfection for kids and parents [Apple TV+ review]

★★★★★ Minor problems deliver major entertainment in excellent new stop-motion animation series Shape Island. on Apple TV+. Image: Apple TV+ Shape Island arrives on Apple TV+ today to teach kids about social interactions and to help them ward off the anxiety inherent in such things. Based on the critically acclaimed ...

View more: Shape Island squares the circle: It’s stop-motion perfection for kids and parents [Apple TV+ review]

Cheapest New GMC Is a Pickup Truck Bargain: Even Better in 2023!

There’s much to like about GMC cars, with their powerful engines, towing prowess, off-road capabilities, and premium features. However, with high inflation, GMC models, like vehicles from other automakers, are more expensive. There’s a GMC vehicle that’s still affordable, though. It’s the 2022 GMC Canyon midsize pickup truck — the ...

View more: Cheapest New GMC Is a Pickup Truck Bargain: Even Better in 2023!

M2 Pro MacBook Pro Amazon preorder deal gives you $50 off

Apple unveiled the 2023 14-inch and 16-inch MacBook Pro models earlier this week. The laptops feature the expected M2 Pro and M2 Max chip upgrades. The notebooks are available for preorder from Apple and other retailers before their January 24th release date. But there’s already a great preorder deal for ...

View more: M2 Pro MacBook Pro Amazon preorder deal gives you $50 off

Review: Aspose.pdf API – Is it worth it?

Applications are developed for user convenience, and APIs add a few most asked-for functionalities. Aspose is one such company that offers APIs that run on different platforms, and by using them, you can enhance the capabilities of your application. With this in mind and to increase a few crucial performance ...

View more: Review: Aspose.pdf API – Is it worth it?

How to Install Any Add-on in Firefox for Android

When Mozilla launched a re-designed version of Firefox for Android a few years back, it only came with support for a few add-ons – just for the sake of compatibility. Fast forward to present day and the restoration of full add-on support is not yet complete. The good news, ...

View more: How to Install Any Add-on in Firefox for Android

Daily Deal: Samsung’s most stylish flash drive gets 63% price cut

Apple’s Next iPad Could Double as a Smart Display

Study Says People Aren’t Charging PHEVs, Here’s Why You Should

Amazon Music Gets Another Price Hike Next Month

PSA: Uninstalling an App Doesn’t Cancel the Subscription

The New Wyze Cam OG Is Two Steps Forward, One Step Back

Amazon Is Shutting Down Its Charity Platform, AmazonSmile

The Best New SUVs With Room for 7 Passengers: Family-Friendly Vehicles

Garmin launches Instinct Crossover Series in India with rugged design & long battery life: Read on to know more

Nvidia GeForce NOW Ultimate Membership Review: Cloud Gaming at Its Best

CA: Forum Mobility focuses on truck charging at largest ports

Apple working on iPad-like smart home hub, new Apple TV, and iPad/HomePod hybrid

OTHER TECH NEWS

Top Car News Car News