When security researchers found that Eufy’s supposedly cloud-free cameras were uploading thumbnails with facial data to cloud servers, Eufy’s response was that it was a misunderstanding, a failure to disclose an aspect of its mobile notification system to customers.
It seems there’s more understanding now, and it’s not good.
Eufy didn’t respond to other claims from security researcher Paul Moore and others, including that one could stream the feed from a Eufy camera in VLC Media Player, if you had the right URL. Last night, The Verge, working with the security researcher “Wasabi” who first tweeted the problem, confirmed it could access Eufy camera streams, encryption-free, through a Eufy server URL.
This post has been read 19 times!