Eufy Security Cameras: Video Was Not Encrypted as Promised

Reading Time: 2 minutes

AppleInsider reported that video from Eufy Security Cameras have not been properly encrypted as promised, when that video is sent to the cloud. Eufy is a brand of Fantasia Trading LLC, better known in the United States by its largest brand name, Anker Innovations.

According to the article:

Anker has admitted that its line of Eufy security cameras was not fully end-to-end encrypted but has begun implementing changes to solve the issue.

In November, A security researcher discovered that Anker’s Eufy security cameras sent user images and information to the cloud without the owners’ consent….

Anker admits that Eufy cameras were never encrypted, Amber Neely, AppleInsider, January 31, 2023

In late November, The Verge reported that information security researcher Paul Moore discovered that anyone could use the VLC application to connect with and stream video from a Eufy Security Camera.

So you can imagine our surprise to learn you can stream video from a Eufy camera, from the other side of the country, with no encryption at all.

Worse, it’s not yet clear how widespread this might be — because instead of addressing it head-on, the company falsely claimed to The Verge that it wasn’t even possible.

Anker’s Eufy lied to us about the security of its security cameras, Sean Hollister, November 30, 2022

In my January 25 article Why Home Automation in the Apple Ecosystem?, I noted Apple’s description of HomeKit Secure Video:

HomeKit Secure Video: “In iOS 13 and iPadOS 13 or later, HomeKit Secure Video ensures that activity detected by your security cameras is analyzed and encrypted by your Apple devices at home before being securely stored in iCloud.”

The Eufy Security Cam 2C 2-Camera Kit apparently claims “HomeKit Compatibility”, which may not mean that it supports “HomeKit Secure Video”. If Eufy is instead claiming HomeKit Secure Video compatibility, how was this achieved before the bugs discussed in these articles were fixed?

Why would Operation Gadget recommend a product that claimed end-to-end encryption when it did not, in fact, implement it?

As a result, until a post-mortem is published of:

  1. the encryption problems that plagued Eufy’s video cameras,
  2. the way these problems were handled by Eufy’s corporate communications

Operation Gadget cannot recommend Eufy smart video cameras for any purpose.

Note to Readers: In the event that Operation Gadget posts about a product or products that we do not recommend, we will not insert any Amazon Affiliate Product Boxes about that product into the post.



, ,