You might recall that last year it was discovered that Eufy security cameras which were made by Anker, were not “end to end encrypted” despite what their advertising said. This link will give you my thoughts on this along with this follow up where they tried to make this issue go away via a software update that wasn’t really a software update, which didn’t go over well.
The Verge has been doing its best to get answers from Anker on this. And last night they finally did:
In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal, like the ones we accessed from across the United States using an ordinary media player.
But Anker says that’s now largely fixed. Every video stream request originating from Eufy’s web portal will now be end-to-end encrypted — like they are with Eufy’s app — and the company says it’s updating every single Eufy camera to use WebRTC, which is encrypted by default. Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request.
That’s not all Anker is disclosing today. The company has apologized for the lack of communication and promised to do better, confirming it’s bringing in outside security and penetration testing companies to audit Eufy’s practices, is in talks with a “leading and well-known security expert” to produce an independent report, is promising to create an official bug bounty program, and will launch a microsite in February to explain how its security works in more detail.
Those independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It’s a little hard to take the company at its word!
I for one cannot take Anker at its word. Even with all of this, I don’t believe that this company can be trusted again regardless of the promises that it makes. And given that their cameras and other security products live inside your homes, you should not trust them either. This company needs to disappear from the face of the Earth as either screwing up to this degree or outright lying is completely unacceptable. And there must be some sort of punishment for that that deters others from pulling this sort of stunt. So if governments won’t act to ban Anker, consumers should be voting with their wallets to make sure that companies think twice about doing something like this.
Like this:
Like Loading...
Related
This entry was posted on February 1, 2023 at 9:42 am and is filed under Commentary with tags Anker, Privacy. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Anker FINALLY Admits That It Lied About End To End Encryption With Their Eufy Security Cameras
You might recall that last year it was discovered that Eufy security cameras which were made by Anker, were not “end to end encrypted” despite what their advertising said. This link will give you my thoughts on this along with this follow up where they tried to make this issue go away via a software update that wasn’t really a software update, which didn’t go over well.
The Verge has been doing its best to get answers from Anker on this. And last night they finally did:
In a series of emails to The Verge, Anker has finally admitted its Eufy security cameras are not natively end-to-end encrypted — they can and did produce unencrypted video streams for Eufy’s web portal, like the ones we accessed from across the United States using an ordinary media player.
But Anker says that’s now largely fixed. Every video stream request originating from Eufy’s web portal will now be end-to-end encrypted — like they are with Eufy’s app — and the company says it’s updating every single Eufy camera to use WebRTC, which is encrypted by default. Reading between the lines, though, it seems that these cameras could still produce unencrypted footage upon request.
That’s not all Anker is disclosing today. The company has apologized for the lack of communication and promised to do better, confirming it’s bringing in outside security and penetration testing companies to audit Eufy’s practices, is in talks with a “leading and well-known security expert” to produce an independent report, is promising to create an official bug bounty program, and will launch a microsite in February to explain how its security works in more detail.
Those independent audits and reports may be critical for Eufy to regain trust because of how the company has handled the findings of security researchers and journalists. It’s a little hard to take the company at its word!
I for one cannot take Anker at its word. Even with all of this, I don’t believe that this company can be trusted again regardless of the promises that it makes. And given that their cameras and other security products live inside your homes, you should not trust them either. This company needs to disappear from the face of the Earth as either screwing up to this degree or outright lying is completely unacceptable. And there must be some sort of punishment for that that deters others from pulling this sort of stunt. So if governments won’t act to ban Anker, consumers should be voting with their wallets to make sure that companies think twice about doing something like this.
Share this:
Like this:
Related
This entry was posted on February 1, 2023 at 9:42 am and is filed under Commentary with tags Anker, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.