9to5google.com Open in urlscan Pro
192.0.66.2  Public Scan

Form analysis
1 forms found in the DOM

GET https://9to5google.com/

<form role="search" class="search-form" method="get" action="https://9to5google.com/" id="js-search-form">
  <label class="search-label">
    <span class="screen-reader-text">Search</span>
    <input type="search" placeholder="search" name="s" class="searchInput" value="" tabindex="-1">
  </label>
  <button type="submit" class="search-submit" tabindex="-1">
    <svg class="ninetofive-icon search " aria-hidden="true">
      <use xlink:href="https://9to5google.com/wp-content/themes/9to5-2015/images/svg-sprite-2020.svg?ver=1669665855#ninetofive-icon-search"></use>
    </svg>
    <span class="screen-reader-text">Search</span>
  </button>
</form>

Text Content

Switch site
 * Exclusives
 * Pixel
   * Google Pixel 6
   * Google Pixel 6 Pro
   * Google Pixel 6a
   * Google Pixel 7
   * Google Pixel 7 Pro
   * Pixel Buds A-Series
   * Pixel Buds Pro
   * Pixel Watch
   * Pixel Tablet
 * Nest
   * Google Nest Hub
   * Google Nest Hub Max
   * Google Nest Mini
   * Google Nest Audio
   * Google Nest Wifi
   * Google Wifi
   * Nest Thermostats
   * Nest Cam
   * Google Nest Doorbell
   * Nest Hello
   * Nest Protect
 * Android
   * Android 12
   * Android 13
   * Auto
   * Wear OS
   * Samsung
   * OnePlus
   * Oppo
   * Xiaomi
 * Chrome
   * Google Chrome
   * ChromeOS
 * TV
   * Google TV
   * Android TV
   * Chromecast
   * Chromecast with Google TV
 * Workspace
   * Gmail
   * Google Meet
   * Google Chat
   * Google Calendar
   * Google Keep
   * Google Drive
   * Google Docs
 * YouTube
   * YouTube
   * YouTube Music
   * YouTube TV
 * Stadia
 * Alphabet
   * Waymo
   * Verily Life Sciences
   * DeepMind
   * Google Ventures
   * Google Fiber
   * Access & Energy
   * Calico
 * Videos
 * Reviews

Toggle main menu

More social networks
Submit a Tip / Contact Us Trade In
Toggle dark mode
Search Search
Toggle search
 * 9to5Mac
 * 9to5Toys
 * 
   Electrek
 * 
   DroneDJ
 * Space Explored
 * About
 * Privacy




Today




EUFY CAUGHT LYING ABOUT LOCAL-ONLY SECURITY CAMERAS WITH FOOTAGE SENT TO CLOUD,
ACCESSIBLE IN UNENCRYPTED STREAMS

Ben Schoon

- Nov. 29th 2022 9:56 am PT



@NexusBen




1 Comment
 * Facebook
 * Twitter
 * Pinterest
 * LinkedIn
 * Reddit
 * 

Home security cameras have gotten a lot better in recent years, but the security
of your footage has always been a concern. Anker’s Eufy brand claims to keep
data local, but a security researcher has exposed that the claim is far from
true, with footage not only going to the cloud, but remaining visible even after
it was supposed to be deleted.



Eufy sells several of its security cameras with the promise that video footage
and other data are local only, explicitly saying “no one has access to your data
but you” on its website.

Paul Moore, a security researcher, posted on Twitter last week a frightening
security situation with Eufy home security products including camera-equipped
doorbells. In the thread and accompanying videos, Moore shows proof that Eufy
cameras are sending data that is said to be “stored locally” to the cloud, even
when cloud storage is disabled.

The security hole was first discovered on Eufy’s Doorbell Dual camera which
utilizes two cameras to view both people walking up to your door as well as your
doorstep where packages may be left.

The doorbell’s camera was uploading facial recognition data from the camera to
Eufy’s cloud servers with identifiable information attached, and that this data
wasn’t actually removed from Eufy’s servers when the related footage had been
deleted from the Eufy app. In the video below, Moore also notes that Eufy used
the facial recognition data from two different cameras on two completely
different accounts to link data from each, and points out that Eufy never
notifies the user that this is happening – the company’s market rather implies
just the opposite.

It’s not clear how many of Eufy’s home security cameras and products are
affected by this. Android Central was able to replicate the same security issues
on a EufyCam 3 paired to a Eufy HomeBase 3.



Perhaps more frightening was another user’s findings that these streams of Eufy
footage are accessible through unencrypted streams. Simply using the popular VLC
media player, a user was able to access a camera’s feed, and Paul Moore
confirmed (though without showing how it works) that the streams can be accessed
with no encryption or authentication required.



Eufy has yet to respond to these claims publicly, but the evidence is quite
clear at this point, and it’s a massive security failure on top of direct lies
to customers. Moore did receive an email from Eufy in which the company tried to
explain the behavior shown, though Moore did reason that most of the company’s
response was downplaying the seriousness of the issue.

Moore offered an update to the situation yesterday, saying that Eufy has removed
the “background call” which shows stored images, but not the underlying footage,
and that the company has also encrypted other calls to cover its tracks.


MORE ON HOME SECURITY:

 * Arlo’s new Home Security system is exactly what a Nest Guard sequel should
   have looked like
 * How to view and manage your Google Nest Camera or Nest Doorbell video
   recordings
 * Nest Doorbell (wired) review: A solid upgrade waiting on a better Google Home
   app

Add 9to5Google to your Google News feed.  Google News google-news

FTC: We use income earning auto affiliate links. More.


You’re reading 9to5Google — experts who break news about Google and its
surrounding ecosystem, day after day. Be sure to check out our homepage for all
the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to
stay in the loop. Don’t know where to start? Check out our exclusive stories,
reviews, how-tos, and subscribe to our YouTube channel

--------------------------------------------------------------------------------

Check out 9to5Google on YouTube for more news:




GUIDES


ANKER




EUFY






ABOUT THE AUTHOR


BEN SCHOON

@NexusBen

Ben is a writer and video producer for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to
benschoon@protonmail.com.


BEN SCHOON'S FAVORITE GEAR

GALAXY WATCH 5

The Galaxy Watch 5 is Ben's current smartwatch of choice, paired with a Galaxy Z
Fold 4.

SONY A7III

Ben uses a Sony A7iii for photography here on 9to5Google and beyond!

YouTube Music starts rolling out 2022 Recap

Rumor: Google preps Gmail and Calendar for Wear OS

Review: Fossil Gen 6 Wellness Edition should be better

XGIMI Horizon 4K Pro review

Skip
Ads by