Eufy Security Facepalm Allowed Users To View Live Footage From Strangers' Webcams
In the past 24 hours, security camera company Eufy had a massive lapse in privacy when customers began to report that they had access to other peoples’ devices live and recorded feeds. Though this could be a one-off situation, it begs the discussion about cloud-based camera solutions and how secure your IoT devices are.
First mentioned by Reddit user MeChum87, the situation began when the New Zealander opened his Eufy app and managed to access an Australian’s camera feeds, videos, and contact details. Initially, he became concerned about his children and other people peering into his life and decided to bin the cameras due to this event.
The post now has 266 comments, several of which are reporting the same thing happening. The_rarest_CJ replied, stating that from Australia, he “turned on the camera that watches our baby sleep only to find a family sitting around talking in Honolulu, Hawaii.” He was then able to see every camera of the Hawaiian family’s and an email which he presumed to belong to the other family. This problem was fixed after signing out and back in again, but it is still creepy and incredibly concerning.
After this privacy breach was noticed, Eufy tweeted that this was caused by a “software bug” during a server upgrade at 4:50 AM EST. While the bug was identified around 40 minutes later, it was not fixed for another hour, meaning anyone could have had access to cameras they did not own for approximately 1 hour and 40 minutes. Like the fix that The_rarest_CJ found, Eufy followed its tweet with instructions to unplug and reconnect Eufy devices and log out of the Eufy security app and log back in.
It appears that the prevailing theme across the board is that anyone who was affected by this was using Eufy’s cloud-based solutions and had their system connected to the web somehow. While some people have decided to ditch Eufy entirely, another option is to isolate the camera system from the web entirely if possible. However, if it is not feasible, there are options such as using Apple’s HomeKit Secure Video, which was not affected by the privacy breach.
Whatever customers decide to do with their Eufy cameras, it is incredibly disconcerting to know that a security system can become incredibly insecure in the blink of an eye due to a “bug.” Hopefully, Eufy will be more transparent about what happened and will release a statement about the situation soon, so stay tuned to HotHardware for updates.