Recently it was revealed that Anker’s Eufy was sending data from its cameras to the cloud, despite advertising the opposite. Now, Eufy has updated its app to with a disclosure more clearly explaining that it is sending data to the cloud when certain settings are enabled.
To summarize Eufy’s security issues, there were two key problems. Firstly, Eufy was advertising its cameras and video doorbells with local-only recording for enhanced security, but a security researcher found that the company was uploading images from the cameras to AWS servers alongside facial recognition data. The second issue was a massive security hole that allowed for streams of cameras from third-party media players such as VLC.
For the latter situation, Eufy explained that “thumbnails” of clips captured on users’ cameras were uploaded to deliver notifications from the mobile apps. While the security researcher who first uncovered this problem argues that this is downplaying the situation, the main problem was that the data was being uploaded without any notice.
As spotted by ZDNet, Eufy has updated its Eufy Security app on iOS to show a statement “when users choose to push thumbnail messages.” The statement is visible in the settings menu, as pictured below.
The update, so far, seems to be still missing on Android.
Eufy is still, however, denying the other major security hole found in its systems. The company has stated to multiple publications including The Verge that “it is not possible to start a stream and watch live footage using a third-party player such as VLC” despite multiple researchers and journalists proving otherwise on multiple occasions.
More on Home Security:
FTC: We use income earning auto affiliate links. More.