Skip to main content

Eufy finally speaks out on privacy and security problems with its cameras

Over the past several weeks, it’s come out that Eufy security cameras and video doorbells have been subject to some glaring security issues as well as directly betraying marketing claims for privacy. Tonight, the brand has finally publicly acknowledged these issues while still downplaying some key aspects of the story.

In a message posted to its community forums titled “To our eufy Security Customers and Partners,” the Anker brand makes a public acknowledgment of the various issues that have been found over the past several weeks.

This firstly includes Eufy reiterating that it uses the cloud, despite originally marketing otherwise, to send push notifications to users via Android and iOS. The company originally marketed its cameras as “local-only,” never disclosing that data would be sent to the cloud in any capacity. As mentioned in this new blog post, the Eufy Security app has since been updated to include that disclosure and stripped its website of such claims. Eufy explains:

As mentioned earlier, eufy Security is committed to reducing the use of the cloud in our security processes wherever possible. However, some processes today still require us to use our secure AWS server.

For example, in the case of security push notifications – when the user has chosen to include a thumbnail with that security notification – a small preview image of the security event is sent to our secure AWS server and then pushed to the user’s phone. This image is protected through end-to-end encryption and is deleted shortly after the push notification has been sent. This process also complies with all industry standards.

We have updated the eufy Security app with a more detailed explanation of the different push notification options and which options require using our secure AWS server. This will help our users make a more informed decision.

But beyond that, the blog post doesn’t really contain any form of apology or acknowledgment of the bigger issues. Eufy directly says that facial recognition and biometric processes are “completed locally” and “never processed in the cloud,” despite a security researcher finding otherwise.

There’s also no acknowledgment of multiple users and journalists having been able to view livestreams from Eufy cameras in VLC Media Player, which the company continues to deny is possible. As The Verge brings out, though, the post does directly say that “eufy [Security’s] Live View Feature on its Web-Portal Feature Has a Security Flaw” in bold lettering, which Eufy at no point actually says is false. The post only says that the company will “continue to look for ways to enhance this feature.”

Eufy also acknowledges that this post and responses to questions regarding this whole situation have come far too slowly. The company says that it knows “the need for more straightforward and timely communications on these issues.”

More on Eufy:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Schoon Ben Schoon

Ben is a Senior Editor for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications