Well, the user Picklefoot for his comment might be
.Sounds like a disgruntled employee left eufy a fare well gift.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds
- Thread starter MacRumors
- Start date
- Sort by reaction score
.Sounds like a disgruntled employee left eufy a fare well gift.
Except this isnt a 2FA issue. As far as I can find, Eufy account have 2FA; since 2020.
This isn't an "accounts being directly accessed/breached by a 3rd party" issue from what I can deduce.
No, all of Eufy’s employees are fully gruntled.Well, the user Picklefoot for his comment might be
Sounds like a disgruntled employee left eufy a fare well gift.
Right. It’s a database problem combined with bad security architecture. The client queries the server and is being fed entries corresponding with the wrong user ID. But in a properly designed system, even if the database scrambled the user ids, the client wouldn’t be able to do anything with what it received, because it’s keys wouldn’t be able to decipher the data.
I hope this gets sorted out in an acceptable manner. I have a pair of their 2k PTZ indoor cameras and they're quite impressive for being among the cheapest home surveillance cameras you can buy.
Not an excuse, it's not acceptable, but it does happen. Edison has this happen with their mail app about a year ago where users saw other users' emails.
That is FAR more concerning (personally) than seeing some outdoor views. But people seem to have forgotten/got over it and still downloading the app. Not considering it was the 2nd MAJOR privacy breach when they were caught reading user emails by workers there.
It's also still a top 100 app in Productivity in the App Store with 64k ratings, so 🤷♂️
You have to pick your poison sometimes. Cloud-based will likely always have its issues. And be mindful of things like this- not putting cameras inside your dang house.
Hey guys. I think Apple should be forced to open up the App Store and undermine the billions in security and privacy efforts they invest. It’s far more important for developers to get a free ride that Apple be allowed to protect those of us who trust them.
It does indeed happen, which is pretty inexcusable since everyone in the industry knows how to avoid it.
If you use asymmetric encryption, and you have the private key on your device and the server has only the public key, then it can’t happen. Any video you send will be encrypted so that even if the server sends the video to the wrong person, it will be useless to them.
When this sort of thing happens, it usually means there was nothing stopping whoever controlled the server from seeing all the raw data.
No. Just because you use the app to setup doesn’t mean you are susceptible to this problem. As long as you are using HSV, your video doesn’t go to Eufy’s servers, so Eufy can’t send your video to the wrong people, etc.
Obsession over run-of-the-mill surveillance video privacy will someday be a quaint relic. I mean imagine if your goal was to HAVE viewers instead of blocking them. So you'd publish all your feeds. You'd literally be at zero watchers, same as today. Your content sucks.
What if instead of elevating security we created anonymous live feeds of 1 million homes with 5 cameras inside. That would be 43,800,000,000 hours of content a year to sift through just to prove everyone picks their nose. For scale, that's the equivalent of watching every single show on Netflix 1.2 million times. And 99.9999% of them would be the worst show.
What if instead of elevating security we created anonymous live feeds of 1 million homes with 5 cameras inside. That would be 43,800,000,000 hours of content a year to sift through just to prove everyone picks their nose. For scale, that's the equivalent of watching every single show on Netflix 1.2 million times. And 99.9999% of them would be the worst show.
It seems you need to be a Eufy customer in order to see other people's cameras. That's a pity, as I have no Eufy kit but love nosing around other people's houses. I'll have to stick to staring in people's windows.
Yep, just checked in the Netatmo app and i can see i can turn off the monitoring done by Netatmo and its still working in the Home app. Thanks. However, you still need an Eufy account i guess, so if you are logged in with a different account(basically this was the issue, some authentication server error provided access tokens for the wrong user account), you would have access to other personal info. If this happened to the Netatmo app, one could turn the monitoring back on for example.
I agree it's not a 2FA issue. It's much more serious considering folks are logging into their own account and seeing someone else's data. The point I was making is that unless you don't have 2FA enabled (which, again, is user error in my opinion), iCloud has been rock solid in terms of privacy issues.
Has anybody seen mention of the Eufy cams that use their Homehub to record video locally and not in their cloud? Those are what I have, which are also linked to HSV so hopefully mine are pretty secure. My indoor cams are all off when I am at home anyways.
Or you buy ~$20 cameras, use them with a CCTV DVR app on a computer, and have complete control over the setup.
It's not news to me that people will pay for 'convenience' but the extent some people will go to avoid any effort themselves is beyond belief.
Understood. My counter-point here is "has been rock solid in terms of privacy issues" SO FAR.
Let's not forget Apple has had security issues and simply chose not told customers as I pointed out a few posts back in this thread.
Apple is not beyond reproach to have issues at some point. It's really inevitable with all of the big data breaches lately; even government operations.
The major point here is NEVER put cameras (ANY brand) inside that connect to the internet.
If this does happen, and they see your porch, I mean, meh? It's not right, but no harm no foul too if anyone can walk up to your door anyway.
With local only, you run the risk of having the video evidence stolen or destroyed by whoever broke in.
Eufy is Anker, and Anker is known for their quality and customer service. So this honestly is somewhat of a surprise.
NO ONE deserves their privacy invaded. Hopefully this will motivate them to move to HSV.
Utterly unforgivable. The EU GDPR is going to absolutely crucify them and rightly so.
Owners of Eufy home security cameras are this morning reporting seeing live and recorded feeds show up in the Eufy app from other users' cameras, in what appears to be a disturbing breach of privacy and a major malfunctioning of the company's service.
As with many connected domestic security cameras, Eufy cameras offer users the ability to view real-time and recorded streams of video feeds from the devices set up in and around the home. However, many Eufy owners are reporting seeing video feeds from cameras that are clearly not their own, while some users are claiming they are even able to pan and zoom strangers' cameras.
Eufy users on Monday took to Reddit to express their disbelief:
Other users have reported similar experiences in the last few hours, and the issue appears to be widespread. Some owners affected by the issue are in the United States, but others are located as far afield as New Zealand, suggesting the breach is global.
On a positive note, the issue doesn't seem to be affecting streams set up using Apple's HomeKit Secure Video, which encrypts video footage and stores it in iCloud rather than on servers handled by a third party.
It's not yet clear what's caused the issue, but the best advice for Eufy camera owners right now is to disconnect the devices at least until the breach is resolved. We've asked Eufy for comment and we'll update this article as soon as we learn more.
Article Link: Major Privacy Breach as Eufy Security Camera Owners Report Seeing Other Users' Video Feeds
