Over the weekend I posted a story about Eufy and the fact that they have lied about the security that their had for years. And that my belief is that they should be banned from sale because this isn’t the first time that this has happened. Part of my belief that they should be banned comes from the fact that I don’t believe that Eufy is serious about gaining the trust of their users. This is being reinforced by the news that Eufy isn’t patching out a potential security issue in the Eufy Security app. Instead Eufy is just telling users that their thumbnails will be uploaded to the cloud when they choose specific notification settings in the app;
As of Monday, an update has been rolled out to the Eufy Security app to add a statement disclosing that thumbnail images will be uploaded to the company’s cloud servers.
For you to get notifications with thumbnails in them from a security camera, a thumbnail has to be uploaded someplace. That’s true for any camera system. And part of the problem is that Eufy sells these cameras with the expectation that they are completely private. Which clearly they are not. Now that Eufy has clarified this, I am guessing that they hope that this issue will go away. But it won’t because this doesn’t do anything about the ability for a threat actor to stream video. Eufy hasn’t commented on this as far as I know. And there’s no sign that they will do anything about it.
Thus if Eufy was hoping to make this issue go away, I don’t think that this will do it.