Protect home Base / eufyCam against Deauthentication attacks (802.11w / PMF)

Hi,

I just ran successfully a WiFi deauthentication attack against my eufyCam E. This is very unfortunate as 802.11w or Protected Management Frames are available to avoid such an attack. For example my AVM Fritzbox has enabled this setting and it works like a charm (with supported client devices).

If anyone can bring your security cams down with just a 3$ nodeMCU … not good

Stefan

1 Like

:warning: OH MY GOD! :scream: Very bad news and another (big and very risky) issue for eufy cam! :dizzy_face:

I am curious what @AnkerOfficial, @AnkerSupport, @AnkerTechnical, @ndalby, @TechnicallyWell will say and answer about this …

eufy cam security risk

… and what they will do now emmeditaly to protect us?!

Thanks a lot for revealing this security leak @Hauptibaupti :+1:


Black Ironic Humor:
Hey @Hauptibaupti … don’t worry. It may be a big security leak in the eufy cam system, but hey … the range of the eufy cam is so much horrible bad, you don’t need to worry about hacker attacks as they would need to stand directly next to the homebase/cam! :rofl:

I would suggest the OP reaches out to support@anker.com with his found issue, so they can investigate, validate and look towards a solution…

Playing devils advocate (and please bear in mind I have no influence or say in Eufy) @yamyam, if you put your mind to it nothing is un-hackable or unable to be compromised…just saying…

1 Like

will do, thanks

PS: I just got informed about this deauthentication attack by German website golem.de

All the security systems they tested (Abus, Nest, Yi Technology and Arlo) were affected. Which doesn’t make it better but actually not worse for Anker

Stefan

Thanks for sharing @Hauptibaupti and hope eufy and other brands as well are made aware of this and working on the patch work already !

1 Like

As you have managed to test that security, fancy seeing if you can get the SSID & WPA key, been a while since I’ve tried to use backtrack

I just flashed a MicroController with out of the box attack-software hosted on github. I’m not a hacker :wink:

Hi, Stefan, here are some suggestions and instructions for you:

  1. it is suggested that you improve the safety factor of the router in your home, such as setting a white list or blacklist, or set the password to more complex and other relevant encryption settings, to prevent the router from being easily breached;
  2. if the router is breached, eufyCam will only be unable to work; Since relevant data of eufyCam is encrypted, video or data will not be leaked, please rest assured;
  3. at present, we are continuing to strengthen the safety level of products, please stay tuned.
2 Likes

thanks, but 1 and 2 don’t protect against a Deauth attack. So the only solution is 3

2 Likes