Anker’s Eufy admits unencrypted videos could be accessed, plans overhaul
Enlarge / Anker's Eufy division has said its web portal was not designed for end-to-end encryption and could allow outside access with the right URL. (credit: Eufy)
After two months of arguing back and forth with critics about how so many aspects of its "No clouds" security cameras could be accessed online by security researchers, Anker smart home division Eufy has provided a lengthy explanation and promises to do better.
In multiple responses to The Verge, which has repeatedly called out Eufy for failing to address key aspects of its security model, Eufy has plainly stated that video streams produced by its cameras could be accessed, unencrypted, through the Eufy web portal, despite messaging and marketing that suggested otherwise. Eufy also stated it would bring in penetration testers, commission an independent security researcher's report, create a bug bounty program, and better detail its security protocols.
Prior to late November 2022, Eufy had enjoyed a distinguished place among smart home security providers. For those willing to trust any company with video feeds and other home data, Eufy marketed itself as offering "No Clouds or Costs," with encrypted feeds streamed only to local storage.