Once again, a networked surveillance device has reduced security: live streams and recordings from private eufy surveillance cameras were temporarily available to other eufy customers. Users in Argentina, Australia, Brazil, Cuba, Mexico, New Zealand and the United States of America were affected. Europeans are said to have been spared.
Users noticed on Monday that they had access to settings, controls, live streams and saved recordings of individual other eufy users via their user accounts. After logging out and logging in again, access was usually no longer given. The provider apparently also installed a software bug during a server update. This is said to have led to user accounts being assigned to other accounts as “guest”, which gave the involuntary “host” full control.
According to eufy, only 0.001 percent of all of their own customers used this misconfiguration. The company said the error was fixed in less than two hours opposite the website 9to5mac specified. The affected customers would now be informed individually.
“We acknowledge that we have not done well enough as a security company,” said eufy, “We are sorry we did not meet expectations here. We are working on new security protocols and measures to ensure this never happens again will happen.” Eufy’s baby monitors, networked door locks, certain alarm systems and pet monitoring devices were unaffected by the error.
Eufy is a brand of the Chinese company Anker Innovations, based in Shenzhen. For example, the company sells external batteries under the Anker brand. Other brands are Soundcore (headphones and speakers), Nebula (video projectors) and Roav (car accessories). Anker apparently no longer uses the brands Zolo (headphones) and Karapax (cell phone cases). Roav is also no longer advertised on the company website.