Eufy Security Problem

Just read that Eufy cameras streams can be accessed anywhere on the web, by anyone, basically.

Worth noting that, if true, this is way, way, way worse than any previous Wyze vulnerabilities - it was essentially impossible to reach Wyze cameras remotely even under the worst one.

Heh, this is a very honest point they made:

Vulnerability discovery is far more of a norm than an exception in the smart home and home security fields. Ring, Nest, Samsung, the corporate meeting cam Owl—if it has a lens, and it connects to Wi-Fi, you can expect a flaw to show up at some point, and headlines to go with it.

In other words, just don’t put cameras anywhere extremely private and you should mostly be fine. They’re not good for bathrooms, or bedrooms (possible exceptions for things like a baby cam).

But if anyone thinks to themselves "I’m just going to run away from any company that is ever found to have a vulnerability, you’ll be switching companies often and eventually run out of all the main companies and have to start buying from increasingly sketchier ones that have only not been reported on because nobody even knows they exist so they’ve just had less scrutinydoesn’t necessarily make them “safer.”

As I said in another thread, the big concern with this Eufy issue is the way they handled it…deny, deny deny…they get presented solid evidence by multiple pros and simply claim it’s a lie? That is the most concerning part.

Security issues will come up for EVERYONE over time As was linked to in this article:

• Ring patched an Android bug that could have exposed video footage
• This Nest Security Flaw Is Remarkably Dumb
• It’s shockingly easy to hijack a Samsung SmartCam camera
• Meeting Owl videoconference device used by govs is a security disaster

What’s really important to me is that they address it, not sit in denial. Then preferably explain to me how you’re going to improve the security going forward since other things will inevitably happen or come out. I liked that Wyze explained after their issue happened that they made a dedicated security team and added a bunch of dedicated security employees to be continually working on improvements for these things in addition to fixing what was reported. Great, that was a demonstrable action plan. Like everyone else, I am sure they will have things happen in the future, but at least they’ve clearly done something tangible in response.