Any home products like security cameras that connect to the Internet are a potential security risk, regardless of what the manufacturer says.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Anker Admits Eufy Cameras Did Not Offer End-to-End Encryption as Promised, Pledges to Do Better
- Thread starter MacRumors
- Start date
- Sort by reaction score
Tbh, I'm surprised someone isn't starting a class action against Apple based on them being mentioned in your post for a comparison.
You can. The only reason I’m using the third-party app is because HKSV was missing recordings.
I’m using Eufy’s outdoor 2K cams (outdoor so I’m not really that bothered about them watching my feeds: enjoy my King Sago trees you perverts).
To be honest the cameras are tremendous. It’s just a shame Eufy’s attitude toward security and privacy is “meh”.
My outdoor cams are Eufy’s 2K ones. They connect to a base station which handles the connection to HKSV. I believe you can disable the Eufy end and HKSV still works but since I don’t trust HKSV to record all events, I can’t.
I’m only continuing to use HKSV because it saves to iCloud and so the footage (if it bothers to record, that is) can’t be taken if a thief steals the Eufy hardware.
We bought a Eufy video doorbell because they promised upcoming HomeKit support. Of course, that's at least partly on me for buying something based on a promise, but it was clearly part of the marketing. They then later said they would not support HomeKit. The issue was HomeKit Secure Video, apparently.
Things can be done via HOOBS or Homebridge, but I haven't had any luck setting it up so far, and it's not my preferred solution.
Things can be done via HOOBS or Homebridge, but I haven't had any luck setting it up so far, and it's not my preferred solution.
Inspired response for @twistedpixel8
Anyway, I have one of their cams via HomeKit which I believe makes this mess moot but damn did they get caught with their pants down. Will probably never use their cams again. Thankfully, even if they could see my feeds while using HKSV all they got was a great view of my cats eating whilst I was on vacation.
Do you know if this vulnerability was present for people who used both? I have these cameras with HKSV set up, but it wouldn’t allow me to set them up without using eufy security’s app. I’m afraid the video I see in the home app is secure while the video available via eufy’s app (and apparently website) would be visible to anyone. Idk exactly how it works and if HKSV actually saves you in eufy’s case
Sounds like bad software standards and/or laziness rather than anything explicitly malicious. I'm not gonna stop buying Anker chargers and cables but I don't trust their software team.
Which had not been working since iOS 16.2 for a month until the iOS 16.3 update. In the process of the outage, it also erased all my previous recordings.
The damage is already done, for me the Anker brand is irreversibly tainted by this whole fiasco.
If they did better immediately after the initial report I would have given them a chance. But the fact that they downplayed the whole thing, let it rot for a solid month, then only barely communicated about it when The Verge was about to threaten to go public about this, showed that they have absolutely no care about their consumers.
Why should I give money to a company who allegedly sells me a secure and private device, and when caught with the hand in the cookie jar, proceed to gaslight me? Bye.
If they did better immediately after the initial report I would have given them a chance. But the fact that they downplayed the whole thing, let it rot for a solid month, then only barely communicated about it when The Verge was about to threaten to go public about this, showed that they have absolutely no care about their consumers.
Why should I give money to a company who allegedly sells me a secure and private device, and when caught with the hand in the cookie jar, proceed to gaslight me? Bye.
HomeKit will still work. I'm sure someone can explain it better than I can, but HKSV doesn't/didn't use the unsecure video stream. Eufy's video stream and HomeKit's video stream are two separate things.
It’s apples fault for having arbitrary hardware requirements that makes it impossible for many products to comply even when the maker would want to. For example the netatmo doorbell won’t be compatible because the hardware simply can’t cope with a high res high framerate (nor it should have to… it’s a doorbell!).
The vulnerability would have still been present if you used both, and your assumption is correct. When the news broke out, some would set up their cameras in HomeKit, turn the camera off in the Eufy app (it'd still be on for HomeKit), and then block outgoing network traffic to Eufy.
I use Eufy cameras, but only for local streams. I don't use their Web Portal. And never wanted to "subscribe" (pay monthly) to their cloud servers. In fact, the biggest selling point (to me) of many Eufy security cameras models was that it came with a base station (sitting in my living room, tied to my WiFi) that doubled as a local video storage for my captured videos. IIRC my base station could store around 32GB of videos? Thats enough to store HUNDREDS of 20-30 second video clips of people coming and going such as the Fedex guy. Hence I would store (and occasionally clear out old) video clips from my own base station, rather than storing any video clips on their subscription cloud service.
Most other video camera companies actually force you to use their subscription cloud services to store (non live stream) videos for later replay.
As for a lawsuit... since I'm a Eufy customer, then let loose the
P.S. --- big KUDOS to The Verge for fantastic work here. Great investigative journalism, and catching the creeps at Anker/Eufy. I'm glad they were caught.
Last edited:
another reason not to buy their items. years of buying their overpriced stuff. no reason to buy any more of it.
If they had any sense of remorse they’d send an email to ALL users of these cameras and explain exactly what happened and face the consequences of their actions. But they won’t because they don’t care.
They ought to be sued for incompetence and straight up lying, not to mention the breach of privacy.
They ought to be sued for incompetence and straight up lying, not to mention the breach of privacy.
Ahh I see. How do you prevent the eufy app from accessing the camera though? I’m assuming you blocked its outgoing network access either via something like eero’s app (or another router app) or setting the accessory to restricted in the home app
True. But now they’ve admitted it they could face big fines. Especially in Australia we have the ACCC which do not take lightly to companies misleading customers.
HKSV doesn’t allow continuous recording regardless of powered or battery camera. It only records events as clips.
I have two logi circle view cameras, work natively with HKSV and no third party app from Logitech. I also have a new Aqara G3 camera and hub I’ve been playing around with. Works with HKSV as well as the Aqara app. This camera has micro SD slot so you could continuously record or record events within Aqara system, but still just clips within HKSV.
Last edited:
I'm glad Wyze cam is encrypted, I wouldn't want anyone to see my thousands of motion detections for flying insects each night.