The Eufy security cameras and video doorbells have been exposed over the past few weeks to have been directly betraying marketing claims about privacy in addition to being subject to some glaring security issues. The brand has finally acknowledged these issues in public tonight, despite still downplaying important aspects of the story.
Add Realmicentral to your Google News feed.
The Anker brand publicly acknowledges the various issues discovered over the past few weeks in a post to its community forums titled “To our eufy Security Customers and Partners.”
First, Eufy reiterates that it sends push notifications to Android and iOS users via the cloud, despite initially advertising otherwise. The organization initially advertised its cameras as “nearby just,” never revealing that information would be shipped off the cloud in any way. The Eufy Security app has been updated to include that disclosure and its website has removed such claims, as mentioned in this new blog post. Eufy elaborates:
As mentioned earlier, eufy Security is committed to reducing the use of the cloud in our security processes wherever possible. However, some processes today still require us to use our secure AWS server.
For example, in the case of security push notifications – when the user has chosen to include a thumbnail with that security notification – a small preview image of the security event is sent to our secure AWS server and then pushed to the user’s phone. This image is protected through end-to-end encryption and is deleted shortly after the push notification has been sent. This process also complies with all industry standards.
We have updated the eufy Security app with a more detailed explanation of the different push notification options and which options require using our secure AWS server. This will help our users make a more informed decision.
Aside from that, the blog post does not offer any kind of remorse or acknowledgment of the more significant issues. Despite a security researcher’s finding to the contrary, Eufy explicitly states that biometric and facial recognition processes are “completed locally” and “never processed in the cloud.”
Additionally, the company continues to deny the possibility of multiple users and journalists being able to view live streams from Eufy cameras in VLC Media Player. However, this is not acknowledged. However, as The Verge points out, the post explicitly states in bold that “eufy [Security’s] Live View Feature on its Web-Portal Feature Has a Security Flaw,” even though Eufy never explicitly states that this is the case. The company will merely “continue to look for ways to enhance this feature,” according to the post.
Eufy also acknowledges that responses to questions about the situation as a whole and this post have arrived far too slowly. “The need for more straightforward and timely communications on these issues,” the company claims.
If you like our news and want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook and join our Telegram channel. Also, you can follow us on Google News for regular updates.