[Update: Statement] An Eufy Security Bug Let Strangers View and Control Each Others’ Camera Feeds


Eufy

Update: (2PM ET) Added a statement from Eufy. We’re emailing the company now for more info.

An Eufy security bug gave users complete access to strangers’ accounts, including live video feeds, recordings, camera pan and zoom controls, and private account info. While Eufy claims to have fixed the problem, it suggests that all users unplug and reconnect their camera hardware and log out and back into the Eufy Security app. That’s a bad sign, folks!

The bug was reported by several Eufy users on Reddit, who found that they were logged into random Eufy Security accounts. According to Eufy, the bug occurred during a server upgrade at 4:50 AM EST, which explains why very few people in the U.S. encountered it. Still, many of the Australians who reported this bug on Reddit had access to Eufy Security accounts in the U.S. and other parts of the globe.

We reached out to Eufy for a statement, which you can read here. We will continue updating this article if the company provides more info:

Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.

‘The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.

Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.

We realize that as a security company we didn’t do good enough. We are sorry we felt short here and are working on new security protocols and measures to make sure that this never happens again.

For any questions, users can contact our support team at support@eufylife.com.

Some users on the r/EufyCam subreddit report that they heard strange noises from their camera around the time that the bug was first reported, a sign that they were being watch by someone who enabled the camera’s speakerphone functionality. Unsurprisingly, these users say that they don’t want to keep their Eufy cameras anymore.

Aside from its quick tweet, Eufy hasn’t commented on the bug. We don’t know why users suddenly stumbled into each others’ accounts or why it took Eufy nearly 2 hours to resolve the issue—and we don’treally know that it’s fixed. The company’s suggestion that users log out and back into their accounts implies that some people may still have access to strangers’ accounts. It’s also unclear whether this problem impacted HomeKit Secure Video users, who should be protected from security bugs like this.

If you own Eufy security cameras, you should log out and back into your account and temporarily unplug your camera hardware for a quick reset. Or, you know, turn off your cameras until Eufy offers some real information on how this security breach occurred. You could also ask to return your cameras and switch to another brand.

Source: Eufy, r/EufyCam via Engadget





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *