Comments

You must log in or register to comment.

Rkeriem OP t1_iy9q5pb wrote

I didn't include Nebula or Soundcore as they are not the parent company of Eufy, I added Anker to the title to provide more context. Idk what part about "eufy is part of Anker Innovations, one of the leading and most trusted consumer electronics brands in America." you fail to understand. It’s like saying Nest Wifi isn’t related to Google since it's branded as Nest…

3

MasterpieceBrave420 t1_iy9rq78 wrote

"big security problem" is a fucking understatement.

They're sending copies of user photos and videos tagged with facial recognition and storing them so insecurely they can be accessed by the public using VLC even after the customers has deleted their account. When called out on it they said they would start encrypting the data, so that it would be even harder for their customers to tell that they are stealing it.

LTT did a piece on it during the wan show.

Edit: added some fucking astounding details I forgot.

116

_kw t1_iy9sa4q wrote

Curious how buttoned up Wyze is on this front? I suspect it’s kinda hot garbage on all these cheap IOT devices…

18

[deleted] t1_iy9sjnj wrote

LTT posted a video on this, and are also terminating their collaboration with Anker as a result.

45

Youvebeeneloned t1_iy9u6q7 wrote

Wyze is quite a bit different, as you dont even have to use the cloud for them. Even their security system has the ability to use SD cards for storage of video and events though you lose the whole offsite backup aspect and now with the new intruder protection aspect, you lose the ability for them to flag intruders even before they access your house.

They have had 3 CVEs that I know of recently, and all have been patched as they patch their firmware SUPER quick (almost too quick, i have had firmware patches hit days after I applied one). So they seem to take the whole security aspect somewhat seriously and are willing to patch constantly and continue to update firmware even on older products.

That said I purposely am not using their inside cameras and only their outdoor ones. I dont honestly care what people see of me outside the house because its nothing my neighbors dont already see anyway, I DO care if people see what is going on with my kids and my family inside the house though.

13

realitycheckers4u t1_iy9vj33 wrote

Having dealt with Eufy support, I image the response will be an overly polite, extra wordy, poorly translated statement that apologies multiple times yet offers no resolution to the problem and sort of puts the blame on the customer...

18

Charles_Mendel t1_iya1qld wrote

So my Anker power bricks are cables are ok.

4

[deleted] t1_iya2fee wrote

They noted that they loved the Anker products, but considered Anker responsible for the actions of their subsidiary.

It wasn't about the flaw, it was about the company's behavior regarding it.

33

littleMAS t1_iya4qtw wrote

Smells like poor software development, a.k.a. 'minimal viable product.'

0

zeeozersaide t1_iyaeuii wrote

People are still buying proprietary IOT stuff after years of warnings from security experts? I mean come on...

11

flyswithdragons t1_iyas50z wrote

Unfortunately cameras even big expensive ones, were not built with security from the start. The industry has known about these issues for over 10 years. The open source security researchers have been yelling at enterprise about this issue but they don't want to care about security.

Corporations will not improve security unless forced to.

8

thalassicus t1_iyb7whj wrote

It shouldn’t be precarious to believe a company when they say “your data isn’t in the cloud. The only things that go through our servers are metadata tags so your app knows which video to pull from your server, but the stream is E2E encrypted and only you have the key.” Anker has a fantastic reputation and I believed their public statements about privacy. I’m very curious if this is a bug and their initial claims are true or if they overtly lied.

2

_Rand_ t1_iybyt2j wrote

I've been meaning to give this a try.

https://github.com/gtxaspec/wz_mini_hacks

So far as I'm aware with that software "installed" on the camera (which can be removed simply by removing the SD card) you should be able to set up the camera's with standard local access and block them from the internet entirely.

Its a thing I plan on trying out in the near future, but it works like it should then its like a $45 (CAD) wireless(ish) security camera. Which isn't bad.

1

Artonox t1_iydh4tj wrote

it should not be stored on the cloud FULL STOP.

1