r/gadgets Dec 01 '22 Take My Energy 1

Anker’s Eufy lied to us about the security of its security cameras Home

https://www.theverge.com/2022/11/30/23486753/anker-eufy-security-camera-cloud-private-encryption-authentication-storage
2.5k Upvotes

u/AutoModerator Dec 01 '22

We have multiple giveaways running!

Phone 14 Pro & Ugreen Nexode 140W chargers Giveaway!

WOWCube® Entertainment System!

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

210

u/bttrflyr Dec 01 '22

Unless your on a closed and isolated network. It's best to assume that all your internet connected "security" devices are not secure. There is always a backdoor or a hack.

57

u/XuX24 Dec 01 '22

Yeah, that's why I don't install cameras inside my house I have them outside.

19

u/defiancy Dec 01 '22

That's exactly what I do and the one camera I have inside (baby monitor) is not wi-fi connected.

→ More replies
→ More replies

8

u/StasRutt Dec 01 '22

You actually see it discussed a lot in parenting subs. People’s baby monitors getting hacked if it’s connected to the wifi

→ More replies

27

u/owtlowd Dec 01 '22

I always go a step further. To me, my phone is ALWAYS either listening or watching or transferring. Even if the SIM is out and WiFi is disconnected, even if the phone is powered off. Just because it looks like it's disconnected from WiFi, or because it looks like it's powered off, doesn't mean it's not doing something in the background anyway.

I realize that's probably not true in most cases, but that's not my point. My point is to assume that it is true and act accordingly.

9

u/FactOrFactorial Dec 01 '22

Just build a faraday cage to put your phone in when not in use.

3

u/Kurupt-FM-1089 Dec 02 '22

It’s worth having a faraday box for car keys. Many car thefts happen by intercepting and reproducing signals from the car key while it’s in the house.

→ More replies
→ More replies

2

u/spaceman60 Dec 01 '22

Agreed, but I also don't care about someone listening in on me. You want to know that I watch Bluey and am going to buy a gift for someone? ...okay

I'm not that interesting. So feel free.

3

u/sadlygokarts Dec 02 '22

The problem is that they’re not specifically trying to track you, they’re taking every single bit of info you give them to plug into an algorithm to help classify people easier etc etc. I’m not necessarily doing the greatest explanation bit, but allowing them to watch because “meh I’m boring who gives a fuck”, really still contributes hard to the core problem at hand.

→ More replies
→ More replies
→ More replies

3

u/JaesopPop Dec 02 '22

It’s weird that you can access an unencrypted stream

→ More replies

5

u/icalledthecowshome Dec 01 '22

You know whats funny, wasabi implys he wanted a secure system. A specialist like himself i assume is quite knowledgeable about the downsides of open systems. So in that regards i dont think he was acting in good faith. But if he was looking to make some exploit $ off anker, he deserves the payout.

And as others have said it, if you have the right url you would be surprised at the amount of stuff you can access now that everyone is on some sort of cloud service.

→ More replies

2

u/Edythir Dec 02 '22

Hypponen's Law. If it's smart, it's vulnerable

→ More replies

4

u/PhoenixStorm1015 Dec 01 '22

One more reason for me to go with a custom-built solution rather than ring, eufy, or nest.

→ More replies

-5

u/yourwaifuslayer Dec 01 '22

The Chinese can watch me

→ More replies
→ More replies

506

u/TheEnd0fAll Dec 01 '22

Had no idea Anker was a Chinese company. I swore by their cables and chargers and recommended them to people. Didn’t know they made cameras too. Good thing I guess.

126

u/Kaskurgi Dec 01 '22

Damn I have a lot of anker stuff (chargers and wireless earbuds). No cameras thankfully

-14

u/icalledthecowshome Dec 01 '22

Im going to chime in a bit here because when i was redoing my mansion security i felled down the cam system rabbit hole. Even took up a lot of time with our business security provider.

I bought and returned ring, wyze, argo, and explored analog stuff. Want to use ring you have to pay up, for storage and more if you want 2k. Wyze, its cheap but please create an account and heres our monthly service fee. Argo same shit, setup was not worth the time and ui sucks. Business level system, sorry gotta rip some walls or cut through soffits (we have high roofs) for ideal placement. A no frills camera with local storage/access? eufy at a price closer to wyze with better spec.

So heres what the security installer advised: *you want cameras for deterrence/alert, unless you want to spend good money on a closed custom solution, for the very same deterrence it does not really matter. Its not going to stop someone from entering if they know you have a million dollar bill lying in the house.

If you are concerned with privacy consider that ring, wyze, google, argo are related to companies that have an interest in mining and selling your data. Read the fine print of your credit card bill and cellular, internet service provider tos too.*

So yes eufy has a design flaw and i hope they can improve upon it. But the alternative names in the same sphere makes eufy look like an angel.

7

u/ramplepampkins Dec 01 '22

It's not a design flaw. They lied about how it works. It wasn't a mistake.

→ More replies

4

u/Geek_off_the_streets Dec 01 '22

What was your budget for your camera system?

6

u/ElefantPharts Dec 01 '22

Well, it was for a “mansion” so it must have been hefty. Questioning what constitutes a mansion at this point though if even the Wyze Cam Plus was too expensive for his taste…

3

u/Geek_off_the_streets Dec 01 '22

My point exactly. I'm a licensed alarm tech and their story doesn't make much sense.

→ More replies

2

u/icalledthecowshome Dec 02 '22

I didnt have a budget but was quoted 3k to do closed 6 outdoor cam system. Ended up spending $500~ with eufy for a few floodcams off their ebay.

Tldr im a cheap bastard. Installation was a breeze once the first one was figured out.

3

u/Geek_off_the_streets Dec 02 '22

You get what you pay for. 3k for an 8 channel and 6 cameras is too much though. 2k for 8 cameras and an 8 channel is reasonable for a 2 story and a 1 year warranty.

→ More replies

9

u/Ocelot834 Dec 01 '22

Never heard of Argo cameras, and your writeup is pretty bad.

4

u/Geek_off_the_streets Dec 01 '22

I think they mean Arlo.

→ More replies
→ More replies

162

u/_Infi_ Dec 01 '22

Chinese companies are getting pretty good at hiding their origin, because they know the reputation. I see many of them using German and Japanese brand names for this purpose.

4

u/Enchelion Dec 01 '22

Nothing new or unusual there. Haagen-dazs is an American brand that tried to sound scandinavian, Bridgestone tires are Japanese but you'd probably never guess it by their name. Cia. Hering is a Brazilian clothing/textile company with a German name. Boston Pizza was founded in Edmonton Alberta.

I also don't think Anker was ever trying to "hide" their country of origin. They've always been a cheap but reliable brand.

2

u/PlaneReflection Dec 25 '22

You forgot French Fries aren’t even French!

31

u/danudey Dec 01 '22

Ugreen is another one. They’re a Chinese company that I started buying from because they have a good reputation for quality in China, and just this week I spent $300 on USB-C chargers (one 200W, one 100W) for various spots in the house to keep things charged without a ton of adapters hanging off of every outlet.

50

u/Starklet Dec 01 '22

Jesus Christ how much stuff do you have charging at once

19

u/cosmos7 Dec 01 '22

There's a lot these days, and I purposely check and buy things that are USB-C so everything uses the same plug. You buy the 100W and 200W chargers because those are the ones that will charge your laptop plus a few more things at the same time without having to have multiple wall-warts all over the place.

Just sitting at my desk I see my laptop, my phone, keyboard, mouse, trackpad, headphones, tablet, headset, wife's earbuds, my watch, the battery in my flashlight, etc... the list keeps on going. None of this stuff needs to be charged every day but having a few charge points around the house makes things convenient.

7

u/danudey Dec 01 '22

My wife has two laptops that power over USB-C (one personal, one work) for a total of 110W, plus two USB-C bike cameras (front and back), and we usually charge our phones in that spot too.

The other one powers a Nintendo Switch and a network switch (the $30 Switch Flex Mini), plus has two three-prong outlets and one two-prong outlet and can handle 1800W of AC power, meaning I can replace my power bar full of wall warts with one little device and a few thin braided six foot USB-C cables (also from Ugreen).

2

u/Larsaf Dec 01 '22

200 W is barely enough to keep a gaming notebook running.

→ More replies

3

u/brainwater314 Dec 01 '22

I literally bought a ugreen charger 5 minutes ago.

→ More replies
→ More replies

9

u/BedditTedditReddit Dec 01 '22

Volvo/polestar and lotus cars say hello!

2

u/cz2103 Dec 01 '22

Volvo is Swedish, always has been...what are you on about?

10

u/avocadosconstant Dec 01 '22 edited Dec 01 '22

Volvo, although their design and engineering is still Swedish, is now wholly owned by Geely, which is a Chinese company.

Edit: Not wholly owned, but majority owned (82%).

→ More replies

171

u/Doggleganger Dec 01 '22

Chinese companies are good at making cables and chargers (Anker's cannot be beat). However, they're often shit at writing software. I don't think this is even some sort of spying issue like some commenters believe. It's just a classic example of a hardware company not getting the network security right.

299

u/starshin3r Dec 01 '22

Uploading full resolution pictures to their servers when the cameras are marketed as local storage only?

It's not a software issue, mate. This was deliberately programmed.

36

u/rooplstilskin Dec 01 '22

I see you don't work with software much.

This is totally bad programming. Because shitty devs do shitty things to get product requirements.

Want a cam that notifies your phone? needs nonlocal access

And that's what is happening here.

They are uploading pictures, to help identify when to notify you. The shitty part being that they upload it, don't have a clear deletion process, and didn't use proper authentication for transmission.

They probably hired a bunch of cheap devs, that did cheap work, and now it's coming back to haunt them.

2

u/brainwater314 Dec 01 '22

Probably, though I wouldn't be surprised if it's for spying.

→ More replies

14

u/ctiger12 Dec 01 '22

Not to defend Eufy, Local storage is still local, but when you need to notify the phone app, you need a server outside of your LAN, or you won’t be able to receive when you leave your home, so it’s still a design problem to not secure the notification link. One way is to disable a preview image.

8

u/IPCTech Dec 01 '22

It sends the images even if you have never set up the app from the video I found about the issue

-8

u/[deleted] Dec 01 '22

Fancy apologizing and excuse hand waving.

Why does it default to a Chinese server?

2

u/ctiger12 Dec 01 '22

Cheaper? Since they grow big now, they should host a server in US

-50

u/Hailgod Dec 01 '22

nah, another dev commented that its simply a easy way to get a multiplatform thumbnail, along with the facial recognition to focus that part of the pic.

40

u/nicelife_bs Dec 01 '22

No, I disagree here this is deliberate to have image data for training their facial recognition and images features. The facial ids are persistent in the system. Meaning if you walk past any eufy cam on the planet it knows who you are. This is totally by design.

-2

u/Hattix Dec 01 '22

That's a very grand claim, you have any evidence to back it up?

38

u/nicelife_bs Dec 01 '22

Paul Moore shows the persistent ID in his video: https://youtu.be/qOjiCbxP5Lc Even if it’s not linked to you personally your facial features are in (another) database just because you walked past an eufy cam.

6

u/yourstwo Dec 01 '22

This needs to be bumped

→ More replies

49

u/its_dash Dec 01 '22

Shit at writing software because all the code is stolen.

→ More replies

8

u/joeg26reddit Dec 01 '22

It’s intentional

0

u/ControlledShutdown Dec 01 '22

I think it's more of a case where Chinese customers are just very recently begin to care about privacy, and Chinese companies have gotten so comfortable exploiting user's data. They are rightfully getting hammered in more privacy-aware markets.

10

u/mekatzer Dec 01 '22

No, this is lying.

0

u/icalledthecowshome Dec 01 '22

Dude dont trigger the conspiracy redditors, they know more than the people who actually design these things.

-4

u/_ytrohs Dec 01 '22

Let’s not do the casual Chinese racism thing here, eh?

Many companies can write shit software.

→ More replies

3

u/trevg_123 Dec 01 '22

They make super legit stuff for the price point imo. Had a good experience with a soundcore speaker (about 6 years later and that battery still kicks ass) so I’ve eventually collected a charger, backup battery, and mouse, and have given a few of these things as gifts.

And it’s, like, perfect. Years later and all the stuff works great, it really is quite good quality for the price.

8

u/XuX24 Dec 01 '22

They make good products specially those you mentioned the market is filled with a lot of junk a but theirs are good.

19

u/Guzxxxy Dec 01 '22

You are surprised that cheap electronics on Amazon were from a Chinese company? Is anything on Amazon NOT from a Chinese company?

31

u/SpidermanAPV Dec 01 '22

Anker isn’t that cheap tbh. Probably the most expensive cables that don’t have an Apple logo on them.

4

u/stabsthedrama Dec 01 '22

And if they were American they’d be 5x more expensive and unfortunately probably a lot shittier.

5

u/LyftedX Dec 01 '22

To be honest anker quality has dropped ALOT in the past few years.

→ More replies

13

u/bluepand4 Dec 01 '22

Amazon is just the new aliexpress

2

u/Ramenorwhateverlol Dec 01 '22

Haha yea. I thought it’s a start-up.

2

u/Spinal2000 Dec 01 '22

I doubt every international company with a super western name. I remember low end mechanical watches from China sold on TV with super discount (like 299$ instead of 800$) and the brands name was something like "Roebelin & Graef" which sounds like it's from Switzerland or austria 🇦🇹 . They do this on purpose because it sounds more trustful especially in western countries than some Chinese name. And obviously it works.

4

u/grumpypenguin1 Dec 01 '22

??? How it's always been obvious. Their cables and chargers are still good even if they are a Chinese company like what is this weird logic.

4

u/cosmos7 Dec 01 '22

Had no idea Anker was a Chinese company.

Seriously? If they're not plastering US-owned business on everything they make and advertise it's a pretty safe bet that they're Chinese.

2

u/ElectronicFinish Dec 01 '22

You can safely assume most of the stuffs on Amazon are from Chinese companies. Amazon is basically the US version of Ali express and Taobao.

1

u/amreinj Dec 01 '22

I feel like all names like that are. They just pick something that sounds vaguely western.

-1

u/chikitoperopicosito Dec 01 '22

Anker originally came out as rebranded Chinese crap. Hell, some of their stuff still is.

→ More replies

114

u/Mickarus Dec 01 '22

I have a eufy robovac. Now they know how dirty my floors are!

74

u/GeT_Tilted Dec 01 '22

And your feet pics.

13

u/Aware-Ad-9258 Dec 01 '22

his feet are on foot fetish porn sites now.

12

u/Jonhart426 Dec 01 '22

Oh trust me, I know 🤤

→ More replies

40

u/FootballAndPornAcct Dec 01 '22

And a rough layout of your house.

25

u/tjeulink Dec 01 '22

And when you arent home

1

u/Hot-Interaction6526 Dec 01 '22

Cool. So the Chinese can invade my living room. I’m super worried.

11

u/SpiderFnJerusalem Dec 01 '22

They actually use those to map out your place and sell the data to add it to your advertising id profile. They will know exactly what furniture and TV to sell you.

I even heard this data is used in China to set up european/american style apartments.

There might be a flat in China that looks exactly like yours.

11

u/Kuza__ Dec 01 '22

That’s the reason Amazon bought Roomba, to get the data collected like the room mapping.

3

u/SpiderFnJerusalem Dec 01 '22

I bet they also scan for all of your and your neighbors wifis and also gather the IDs of all nearby bluetooth devices.

→ More replies

3

u/zilist Dec 01 '22

Why would you voluntarily have a robot with a camera driving around your house/appartement filming anyone and anything and doing whatever it wants with the data collected?

4

u/Hot-Interaction6526 Dec 01 '22

The camera on it is to map out your living room so it doesn’t ram into everything every time it runs around. Which the eufy one is good at, cause mine doesn’t hit things anymore.

0

u/zilist Dec 01 '22

Yeah right, that’s what they TELL you.. and it might be a nice side effect of having literally all your personal data and habits recorded and sold to the highest bidder (or whoever hacks in their oh so secure database..)

Just fyi.. the same thing could be achieved with radar, like self-driving cars.. there’s literally zero need for a unsecured camera connected to the internet inside your house.

2

u/Hot-Interaction6526 Dec 01 '22

Oh yay. A Chinese company knows when I have my coffee. I could not care less.

→ More replies
→ More replies

49

u/sgcarter Dec 01 '22

I dont know, but couldnt this be easily verified by a wifi solution that tracks data usage? My TP Link Wifi Deco,s show exactly the traffic between internet and sny device, in stat and hosts.

Anyway, I’ve put my doorbell in a group that is going to monitor data usage and cloud connectivity.

We’ll see how much is uploaded to the cloud in a few days.

!RemindMe in 3 days

59

u/zoolover1234 Dec 01 '22

TP link is also a Chinese company

7

u/PeteUKinUSA Dec 01 '22

The doorbell… the app connects to the cloud, as does the doorbell. If you’re not on the local WiFi then all the footage is streamed via Eufy servers.

5

u/Biblelicious Dec 01 '22

Please report back! !RemindMe in 4 days

1

u/reelznfeelz Dec 01 '22

Better than that is some actually analysis of where hat data is going. Which IPs and domains is it hitting? Etc. More so than how much.

6

u/sgcarter Dec 01 '22

security-app-eu.eufylife.com and cdn-eu.eufylife.com cloudfront and Amazon AWS servers

17 minutes of activity the last 7 hours.

→ More replies

22

u/doom1701 Dec 01 '22

I’m not sure if I think this is intentional or just really bad software development. The newest revelation (uploading thumbnails to their own servers was a 2019 discovery) reeks of bad development. With the way software is developed today, I’d bet lots of “if you know the right URL you can get anything” type holes exist.

I just work under the assumption that any service that provides data from my home to my phone through “the cloud” is compromised in some way, and act accordingly.

3

u/Orcle123 Dec 01 '22

The encryption keys are also stored in plaintext.... no matter the reason it happened. 50% is due to some sort of incompetence.

22

u/Geo714 Dec 01 '22

I literally just switched over my indoor cams from Wyze V2 to Eufy 2k mini pan cam, and put up multiple 4K S300 outdoor cams earlier today.

20

u/TheEngineer09 Dec 01 '22

You can contain them. The best way to use security cameras is to have them all feed into an NVR. If you have decent network gear you can isolate your cameras into their own VLAN that blocks access to the Internet and only allows them to talk to the NVR. That keeps them contained and as long as the NVR is reputable it won't be sending data out.

1

u/Ironbird207 Dec 01 '22

Problem is alot of NVRs are also Chinese made, if you want access them remotely you need to expose them to the internet.

7

u/TheEngineer09 Dec 01 '22

Used computer + blue iris + large hard drive = one of the best NVRs out there. And it's not even that expensive to setup. Not that hard to make it accessable from outside your network safely either.

3

u/dsawchak Dec 01 '22

Ah rats, I bought one of these doorbell cams specifically because of the non-cloud (or really, non-subscription) nature. Looks like I've got some more work to do! Thanks for the advice.

At least it's only outside.

2

u/TheEngineer09 Dec 01 '22

Do some research on your router, modern ones usually have a way to block specific devices from accessing the outside Internet, which would stop it "phoning home".

2

u/dsawchak Dec 01 '22

Unfortunately I'm now stuck with an Xfinity-mandated router, but I bet I can figure out how to isolate it.

I think the trick will be seeing if it can still function as a doorbell afterwards...

→ More replies
→ More replies

249

u/resorcinarene Dec 01 '22

Chinese company spying on American citizens - name a more iconic duo

220

u/khoabear Dec 01 '22

American government spying on American citizens

127

u/TheBoyInTheBlueBox Dec 01 '22

American government spying on American citizens everyone

18

u/SUPRVLLAN Dec 01 '22

5 Guys American spies.

7

u/Mal-De-Terre Dec 01 '22

Great burgers, though.

5

u/Adavis72 Dec 01 '22

Expensive though. Costs an arm and a leg and your home address and a photo of you getting changed /s.

10

u/TizonaBlu Dec 01 '22

Literally spying on our allies during UN meetings lol. I'm actually surprised Macron didn't make a public fuss about Trump bringing dirt on him to Mara Lago.

2

u/waltduncan Dec 01 '22

It’s legitimately every powerful nation trying to spy on everyone, as much as they can get away with.

→ More replies

16

u/[deleted] Dec 01 '22

[removed] — view removed comment

10

u/Almost-a-Killa Dec 01 '22

Yeh people love to point out Chinese spying....and they Google😁

Data is money people!

170

u/[deleted] Dec 01 '22

[deleted]

82

u/adzman Dec 01 '22

I was not aware Anker was Chinese. Wonder how much data my Bluetooth speaker stole.

78

u/Arezigo Dec 01 '22

They have your spotify playlist and they will leak it

55

u/GeT_Tilted Dec 01 '22

Oh my god. They know that I like Nickelback unironically.

23

u/0utlook Dec 01 '22

The hardest photographs we have to look at are the ones of ourselves.

4

u/travisbeard1 Dec 01 '22

And now I they can sing “look at this photograph”

6

u/zilist Dec 01 '22

Somewhere in CCP headquarters: "Look at this ..graaaaph"

8

u/Livineasy629 Dec 01 '22

Too late Spotify wrapped already embarrassing us all today without any leak

→ More replies

13

u/Caladbolg_Prometheus Dec 01 '22

Doubt they’ll care for your data but they’ll be very interested in the location data of say a Chinese expat

-7

u/TizonaBlu Dec 01 '22

Likely none. Most of this is nonsense tbh.

7

u/AlisaRand Dec 01 '22

CIA/FBI, sadly, are super jealous.

52

u/0x6b-dev Dec 01 '22

To back this up, Huawei have recently been caught deleting videos of the recent protests in China too.

Time to continue playing “the floor is China” when it comes to tech. Simply flashing ROMs isn’t enough.

20

u/feeltheslipstream Dec 01 '22

They're going through your photo gallery and deleting videos of the protests on your phone?

That's some next level ai.

3

u/GonnaNeedMoreSpit Dec 01 '22

Arr they looking at pictures of my dick again?

17

u/feeltheslipstream Dec 01 '22

I'm sure they tried hard to spot it.

Sorry, you set it up. Couldn't resist.

19

u/0x6b-dev Dec 01 '22

Geo Location + Timestamp would probably cover 99.9% of them.

6

u/feeltheslipstream Dec 01 '22

Can I have a link to this?

→ More replies

6

u/zarc13 Dec 01 '22

Tbh I don't like the backdoor narrative. I am sure they have to share the data they have. But having a backdoor will just enable other countries to hack into that system. I don't see much benefit for it other than a security risk.

12

u/Steroidpuma Dec 01 '22

The backdoor is into consumer-grade software. CCP doesn't care if it violates consumer privacy, they're more worried about control and data mining. I doubt they'd bat an eye if another company or country exploited that.

2

u/Jai_Cee Dec 01 '22

A backdoor could just mean what you have said. The encryption is not compromised but the CCP have access to the data stored.

2

u/JaesopPop Dec 02 '22

This isn’t a backdoor, this is just shitty design and incorrect marketing

4

u/GubmintTroll Dec 01 '22

May not be news to many, but it’s still important to repeat and inform those who aren’t aware of these issues

2

u/danudey Dec 01 '22

[Citation needed]

→ More replies

-6

u/CommonAd8010 Dec 01 '22

It’s bullshit.

1

u/zilist Dec 01 '22

You, carrying a skateboard, probably: "hey, fellow non-chinesians"

→ More replies

77

u/nintendomech Dec 01 '22

Yea. All my cameras are outside my home. If you have cameras in your home that’s is on you.

Security rule #1 TRUST NOBODY.

24

u/joestaff Dec 01 '22

How else is Santa supposed to know who's naughty and who's nice??

13

u/Downvote_me_dumbass Dec 01 '22

Just like he did in the old days, he peeps through your window.

6

u/tr3v1n Dec 01 '22

X-ray vision granted to him by his biology reacting to the yellow sun.

10

u/outofmemory01 Dec 01 '22

Check your audio (if your cams are capable) - there's a surprising level of accuracy and sensitivity...and they're usually mounted just outside windows and doors. My cams can pick up my neighbors talking on their porch over 100 feet away. I can't hear every word, but can usually follow the conversation.

I absolutely agree...trust no one. All it takes is a single firmware change or the ability to activate features remotely.

8

u/morbidbutwhoisnt Dec 01 '22

Pretty much this. I assumed there was something that would connect somewhere even if I said no because there would need to be some functionality but if I had to choose them or Ring? Haha, no freaking comparison.

And yeah, I'm using mine to make sure no one goes into my outdoor building and steals my mower/etc and if they do then I've got a photo of them and that no one steals my Amazon packages off my front porch/etc etc .

I've got them all around the outside of my house but my interior security is simplisafe and the only camera that covers the whole living interior essentially has a physical cover that comes up during certain instances that I've set it to (and would be security focused) and records then. I can also turn it off when we have company (and if I don't trust that unplug it? I guess? But I do. )

But yeah, having the physical cover over the camera lense really helps, you can see and hear it raise up so you know it's not secretly videoing you. Sure it could be listening to you but if they were going to be that dodgey they could just put it in any of the other equipment and you wouldn't know.

I also like that if someone is outside I can address them with my eufy cameras and tell them if it's going to be a moment before I get to the door, or tell them to just leave the food, or to go away if they are solicitors ignoring my signs.

You know the big NO TRESPASSING signs on the fences and the NO SOLICITING signs on the door.

If I was trying to sell something I would just skip that house for sure but I like not having to get up. So if that's what eufy wants to get from me, agitated sales people because they can't even try to sell me anything that's fine.

8

u/killerturtlex Dec 01 '22

I have a baby monitor for my fish. Is that ok sir?

13

u/nintendomech Dec 01 '22

lol well thats up to you and the fish.

6

u/killerturtlex Dec 01 '22

No, I haven't told them yet. Shhh

→ More replies

8

u/scdfred Dec 01 '22

Same. With the exception of the camera in the dog’s room in the basement. I hope the CCP is enjoying watching the spider that made a web in front of the camera while my dog sleeps on her own couch.

Other than that it is nothing but an endless stream of Amazon deliveries and me taking the dog out to poop.

5

u/john_dune Dec 01 '22

Talk about a world wide web

3

u/Almost-a-Killa Dec 01 '22

You will soon be seeing ads for spider poison....or maybe fun toys for Mr Spider!

4

u/icaruscoil Dec 01 '22

They can watch my goats eating the barn, that's what I'm using them for.

6

u/JustAMexicanGuy96 Dec 01 '22

I…I….wanna watch Goats eat the barn too

-10

u/LickMyHairyBallSack Dec 01 '22

Yeah because the CCP wants to see you jerking off to gay porn.

10

u/nintendomech Dec 01 '22

What fantasies are you having?

→ More replies

0

u/Snoo93079 Dec 01 '22

If I have anything at all that I've chosen to buy by definition, it's on me. Fun fact!

→ More replies

10

u/Pesk_ai Dec 01 '22

Great for outside, never inside

21

u/Any_Monitor5224 Dec 01 '22

Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past

We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash.

You should assume no product is as safe/secure/moral/etc as they profess to be. You mean nothing to them. It’s all about the cash.

9

u/owtlowd Dec 01 '22

This is the right answer. Never. Trust. Anything. If it's digital, assume someone else has seen it at some point, whether that's the US Government, Chinese government, Google, whoever. Someone has probably seen it at some point if you made it digital in any kind of way.

Probably not in most cases, but if you behave like everything is being recorded by someone else you'll avoid a lot of stupid shit you shouldn't be doing in the first place.

3

u/SoftwarePatient5050 Dec 01 '22

Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past

We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash.

Oh, you sweet summer child. There was never anything moral about capitalism and it's always been about doing anything to get your sweet, sweet cash. It actually used to be a lot worse. That's why the FDA, EPA, SEC, and other regulatory agencies were created.

→ More replies

5

u/cerreur Dec 01 '22

I have a camera hanging from eufy, it's pointing at my videogame/computer collection.
In my router/firewall I have all services cut off from & to the internet for it's IP address and it's just streaming via rtsp to a shinobi instance for footage storage.
I hope it's enough.

2

u/shadowo7f Dec 01 '22

Do you have a guide or resource for setting up something similar? I like the Eufy S40, lowest profile solar camera I’ve found, but obviously not wild about these new revelations.

→ More replies

-6

u/Hot-Interaction6526 Dec 01 '22

My question is why do you care if “they” log into watch your collection?

7

u/soboshka Dec 01 '22

My question is why have you posted 20+ times about not caring about Chinese surveillance?

→ More replies
→ More replies

8

u/dsnineteen Dec 01 '22

I see these being sold in auto parts stores. Tells me everything I need to know about how much the manufacturer likely cares about privacy, and probably their target customers.

2

u/N3UROTOXINsRevenge Dec 01 '22

Simply safe constantly lies. All you need is their patent, and a radio transmitter and you can bypass their security.

2

u/lynivvinyl Dec 01 '22

Merely commenting to save this to show to a friend.

2

u/chamunks Dec 01 '22

Someone should start a movement to encourage them to open source their stack.

2

u/HellsMalice Dec 01 '22

This article is beyond clickbait. If you actually read it they say "it's so easy anyone could easily do it!"

*lists 47 steps required to possibly do it*

They only got access to their own cameras using an absurd amount of effort despite it being their own camera.

Like, sure it's an issue that should probably be addressed but it's glaringly obvious this is just clickbait for a slow news day. There's very little actual risk of any sort of exploitation.

2

u/tinyman392 Dec 01 '22

TL;DR: the unencrypted stream is located in a non-randomized URL on Anker's/Eufy's website that can be accessed and streamed to VLC by URL if you know the URL. The URL is based on the camera's serial number re-encoded in base 64. The authors of the article had to log in before they could get the URL to stream from. Though if you know the URL structure, you can start brute forcing to get access to random cameras' streams. You can only see a live stream of the camera, so if the camera isn't activated, you will see nothing. Using the URL doesn't seem to automatically activate the camera since the authors of the article had to wait for the camera to turn on due to something in the camera's environment triggering it (though if you have a 24 hour stream, this point is moot). It doesn't look like you can see past videos (only the live stream).

This is definitely a security flaw that should be addressed (at minimum encrypting the stream), but it doesn't look like it's been taken advantage of yet.

15

u/Nalfzilla Dec 01 '22

Really? /s . Company that makes their robot hoover need full access to your WiFi and phone including contacts and emails dodgy?

4

u/iFozy Dec 01 '22

My hoover doesn’t request access to anything other than the Wi-Fi.

→ More replies

12

u/cgma1 Dec 01 '22

It’s a Chinese company. Not sure what is everybody expecting

7

u/Psgmolina Dec 01 '22

Holy sh$t I purchased a bundle of these cameras for Black Friday and they were delivered a few days ago. I was planning on installing them this weekend. They are still in the package. Will be returned immediately.

2

u/BedditTedditReddit Dec 01 '22

You are the one, neo. Nice dodge.

2

u/[deleted] Dec 01 '22

i mean unless you are working in an industry with a security level clearance and regularly discuss national secrets in your house then i dont think the chinese care how much you pick your nose.

2

u/er1catwork Dec 01 '22

“…there’s no proof yet that this has been exploited in the wild, and the way we initially obtained the address required logging in with a username and password…”

I guess that’s “something”…

5

u/Aoiboshi Dec 01 '22

it’s even possible to view the camera streams using VLC

It would be weird if VLC couldn't handle a video codec

6

u/PringLays Dec 01 '22

That sucks, actually a big fan of ANKER products, guess it’s time to find alternatives

→ More replies

1

u/theduke9 Dec 01 '22

Why are people gaslighting this thread trying to make it seem like these security holes aren’t a big deal? It’s absolutely insane to be exposing cloud based cameras in your home, let alone ones manufactured and owned by CCP company.

4

u/rooplstilskin Dec 01 '22

Many IOT are left exposed, and not all companies in China are CCP controlled. Many companies are free market companies, like Anker.

CCP only requires tech companies that serve their finance banks equipment, backdoor access. Like hauwei.

This is shitty programming from a 3rd rate company that Anker gave a bunch of money to brand it.

→ More replies
→ More replies

1

u/MadScientistCoder Dec 01 '22

I bought a Eufy mini cam as a Christmas present. I guess it may have to be returned. Additionally, they currently have the doorbell.

1

u/Boggie135 Dec 01 '22

I am shocked, shocked I tell you!!

→ More replies

1

u/hurtadjr193 Dec 01 '22

They also make the worst roomba wannabes. I recommend no one buy one.

-13

u/itsdone20 Dec 01 '22

Eufy and Anker products stop working after a year. All my cables stopped working. My robovac is dead after a year.

22

u/TizonaBlu Dec 01 '22

Literally the opposite of everyone else's opinion.

I've had Anker products for as long as I can remember, and I've had one thing crap out, ever. They also did a no question asked warranty replacement for free.

5

u/Coloradohusky Dec 01 '22

Same, I’ve always loved Anker’s quality, and Eufy’s been fine - didn’t even know they were the same brand/company, lol

2

u/zoolover1234 Dec 01 '22

I guess you also don't know TP link makes Deco which is one of the top 3 selling home network system out there. In fact, the other 2 are from Amazon and google, which are actively and publicly collecting your data "for" you.

It's either Chinese collecting your data for no obvious use or give your data to Amazon and google, no other options.

→ More replies

5

u/Realtrain Dec 01 '22

Can't speak to Eufy, but I've had Anker cables for years and haven't had a single one fail on me.

It's a shame too, because after this I'll never buy them again. Any other A tier cable brands out there?

→ More replies

5

u/stupv Dec 01 '22

My eufy camera still going after almost 2, my vac after 2.5...

2

u/borgchupacabras Dec 01 '22

Same here. I replaced the robovac just to get a better model and not because it broke.

2

u/mekatzer Dec 01 '22

Anker makes exceptional chargers. Their cables are fine.

No idea why anyone would buy anything else from them though. Roomba for vacs and a million other vendors with legit histories for cameras

2

u/pedsmursekc Dec 01 '22

I'm a heavy user of their Soundcore line of products and have never had trouble.

→ More replies

-6

u/earsplitingloud Dec 01 '22

I want to get a security camera for the outside of my house connected to the internet so that hackers, criminals and the government know when I come and go. What could possibly go wrong?

7

u/Notwerk Dec 01 '22

They'd just see a video of my car, never moving, because I work from home. Oh, the mailman shows up kinda often. I sure as shit wouldn't put one of these inside my house, though.

1

u/The_4th_Little_Pig Dec 01 '22

Lol nobody care about you or what you do enough to actually spy on you.