Axman6 t1_j4ftuo1 wrote on January 15, 2023 at 12:24 PM

Reply to comment by longhegrindilemna in Anker 675 USB-C Docking Station 12-in-1 monitor stand wins award. by RenegadeUK

Eufy specifically marketed their product as keeping al, your data in your home, then sent images to the cloud, and allowed anyone in the world to CONNECT TO ANY CAMERA WITH JUST VLC, WITHOUT AUTHENTICATION. And then when the news broke, they flatly denied it, when it was trivial to show it was true. They could barely have handled it worse.

ahecht t1_j4q7r41 wrote on January 17, 2023 at 2:35 PM

Without authentication, as long as you knew the serial number for that specific camera (and the serial numbers are non-sequential 16-digit alphanumeric strings that would take longer than the age of the universe to guess).

Axman6 t1_j4q9bj5 wrote on January 17, 2023 at 2:46 PM

IIRC there were only 65536 possible urls, but off the top of my head I can’t remember the source I got that from.

ahecht t1_j4qityi wrote on January 17, 2023 at 3:51 PM

The URL included the serial number (with 8 million-million-million-million possibilities) plus a 4-digit code (65536 possibilities), but a lot of tech reporting these days is a giant game of telephone so many article did incorrectly say that there were only 65536 possibilities.