Security breach @ Eufy

#4

Thanks for the heads-up, I investigated Eufy’s security and decided to not procure…

They have a server based architecture meaning if anyone controls their server they have access to all cameras which use those servers.

Also note that the maximum revenue gain for the naughty people is from stealth, accessing compromising photos / videos and waiting til ransom to not release them, so a breach may just be the revealing of historical access.

You’d also think there would be money to be made to sell remote deletion / disable for physical thieves to preempt a local event, but that’s less likely to be done by stealth as more people (the physical thieves) know.

#5

image
image.png738×681 107 KB

image

image image

And just to emphasise how the naughty people operate, it’s often now a business, it’s not bragging rights so much, so they’d be seeking to extract money from this. Money from Eufy and/or money from individuals to not share photos. E.g. your mistress’s visit when wife away. When a ransom is paid then none know, if not paid then it’s made known about for maximum brand damage so the next one they ransom sees reasons to pay.

1 Like
Error 503 . I’m Unbale to Login into Eufy Security App Account
#6

Users getting panic out there, @AnkerOfficial please pass it on. A temporary containment to quickly fix would help for time being until long term assurance is provided.

1 Like
#7

This is not only one of the reasons I will never use such a thing.
“Many BIG brothers are watching you”

1 Like
#8

com-gif-maker(2)

image

2 Likes
#9

A server based architecture is primarily vulnerable to outages, which is the most common critique but it also represents a single point of vulnerability to security.

You can either get an accidental error or malicious. Malicious are the stealthy ones now, they don’t let anyone know until they’ve gathered plenty of information, like downloaded lots of user’s videos, then extort for money (ransom) which is not paid then is made public.

This one was not made public by bad people, it just happened, so it feels like an admin’s error, accidental. Whoever they are (servers seem to be based in Seattle) it’s 6am their time and time to wake up…

It’s 11 months since they had a large unplanned outage.

#10

There is one thing I would never accept :
My private data stored at a server which is somewhere in the world and can be corrupted easliy.

I know all server are vulnerabe.
Some more some less.

1 Like
#11

We chatted extensively about this a year ago.

For Eufy, the data is stored in your camera / base. Metadata is stored on the server, login, credentials, notifications, etc.

This significantly lowers costs.

It also means you can exploit any vulnerability in the network to then reach back to the property and access someone else’s information, the only protection from this is a perfect admin of a perfect system all fully patched, and monitored by a NOC (Network Operations Center) 24x7 who then leap to action in minutes…

That’s expensive.

com-add-text%20(7)

f837d2c7-144c-4df0-aaba-16317754f34f.__CR0,0,970,300_PT0_SX970_V1___.jpg970×300 139 KB

To get out of your home router’s firewall, you open an outgoing port, through which incoming traffic can come from the server, hence if there’s an issue with the server, you can access all homes.

Doesn’t feel like bad actors, feels just an admin’s error.

#12

server
server.jpg529×820 158 KB

1 Like
#13

Been checking mine on/off since the reports and so far have not received anyone else’s cameras (though whether anyone else has got mine at some point remains to be seen :open_mouth: )…both my homebase’s have dropped offline for a few minutes though several times throughout the day.

Luckily they only cover the front / back gardens, so if someone has got mine today they will likely only see the grass getting a nice watering from the rain showers we are having :wink:

Will be powering them down though until some official response is given…

1 Like
#14

Screenshot_20210517-150325
Screenshot_20210517-150325.jpg1080×400 31 KB

I like your garden.

:wink:

#15

Watering only?
May be the spies know now where you are hiding your Whisky-bottles! :rofl:

39274328_303

#16

Nah, they are safe and sound :grin:

image

Did you see the big fat pigeon land for his morning feed :rofl:

2 Likes
#17

Is it well done now?

taube-im-speckmantel-rezept
taube-im-speckmantel-rezept.jpg1200×902 65.2 KB

:rofl:

( Dont forget to wrap it in some bacon)

1 Like
#18

All good now, this has been fixed

Dear user,
The issue was due to a bug in one of our servers. This was quickly resolved by our engineering team and our customer service team will continue to assist those affected. We recommend all users to:
1.Please unplug and then reconnect the home base.
2.Log out of the eufy security app and log in again.
Contact support@eufylife.com for enquiries.

#19

I was reading reports where people were getting talked to or hearing obscene noises through their cameras.

I don’t think “it’s all good”

I think there is an issue that occurred that needs to be fully explained and also what eufy plans to do so it will never happen again

#20

Yes it has been addressed and fixed, Eufy will be releasing a statement addressing the issue as well as an apology

1 Like
#21
#22

:thinking:

#23

Hmm, the next few hours and days are going to be interesting…must have been quite a bug…

3 Likes