Product reviews, deals and the latest tech news

Finally addressing the problems with the security cameras, Eufy pledges to “uphold the community’s trust”

It’s unlikely you’ve missed the predicament Eufy now finds itself in if you’ve been keeping up with smart home news at all in the past few weeks. At the end of November, security researcher Paul Moore uncovered (and made public) a number of vulnerabilities in Eufy’s surveillance cameras. A few weeks later, the business made some subtle adjustments to the language on its website that gave the impression that Eufy was attempting to play down the privacy-centric aspects of its offerings. Now, Eufy has issued a statement on the controversy, promising to “continue to work hard to protect our community’s trust in our goods, services, and procedures.”

This week, Eufy released a statement in the form of a post on a community forum. In the first place, Moore claims that customers who haven’t signed up for cloud services nevertheless have their notification images saved there. Even if this is the case, Eufy says it has just updated the Eufy Security app to make this information clearer. As a firm committed to minimising its cloud footprint, Eufy acknowledges the need of being transparent about the extent to which its operations are handled locally vs via its private, encrypted AWS server.

Second, Eufy agrees with Moore’s most alarming discovery, namely, that unprotected web access allowed anybody to observe live camera feeds. Although Eufy doesn’t dispute this, they insist that “no user data has been compromised, and the alleged security problems highlighted online are theoretical.” Moore and others claim to have discovered ways to see their own videos without first checking in. Users will no longer be able to access live broadcasts (or share active links to these live streams) outside of eufy’s protected Web interface, the company has said.

To wrap things up, Eufy categorically refutes Moore’s claim that it uploads face recognition data to the cloud. That the Video Doorbell Dual used to upload user photographs to the cloud in order to “broadcast that first image to additional cameras on the user’s local eufy Security system” is the source of the misunderstanding, according to Eufy. In its latest iteration, the camera appears to permit only local network or, if internet, direct peer-to-peer connection sharing of such photographs.

While it’s encouraging that Eufy is now communicating with us, the fact that it took so long to do so casts a negative light on the organisation. That’s something Eufy is aware of, saying things like, “we will need to better balance our need to obtain ‘all the facts’ with our commitment to keep our clients more promptly updated.” The forum thread has been read just under 6,000 times as of this writing. To now, the post has received just a small number of responses, all of which have been critical.