Some Clarification and Changes From Eufy Regarding Their "No Cloud" Security Cameras
upstart writes:
Eufy changed some cloud behavior, admitted it can do more, ignored some issues:
Eufy, the Anker brand that positioned its security cameras as prioritizing "local storage" and "No clouds," has issued a statement in response to recent findings by security researchers and tech news sites. Eufy admits it could do better but also leaves some issues unaddressed.
In a thread titled "Re: Recent security claims against eufy Security," "eufy_official" writes to its "Security Cutomers and Partners." Eufy is "taking a new approach to home security," the company writes, designed to operate locally and "wherever possible" to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices-"Not the cloud."
This reiteration comes after questions have been raised a few times in the past weeks about Eufy's cloud policies. A British security researcher found in late October that phone alerts sent from Eufy were stored on a cloud server, seemingly unencrypted, with face identification data included. Another firm at that time quickly summarized two years of findings on Eufy security, noting similar unencrypted file transfers.
[...] Eufy states its security model has "never been attempted, and we expect challenges along the way," but that it remains committed to customers. The company acknowledges that "Several claims have been made" against its security, and the need for a response has frustrated customers. But, the company writes, it wanted to "gather all the facts before publicly addressing these claims."
[...] The Verge, which had not received answers to further questions about Eufy's security practices after its findings, has some follow-up questions, and they're notable. They include why the company denied that viewing a remote stream was possible in the first place, its law enforcement request policies, and whether the company was really using "ZXSecurity17Cam@" as an encryption key.
[...] "Thus far, it's safer to use a doorbell which tells you it's stored in the cloud-as the ones honest enough to tell you generally use solid crypto," Moore wrote about his efforts. Some of Eufy's most enthusiastic, privacy-minded customers may find themselves agreeing.
Read more of this story at SoylentNews.