Protect home Base / eufyCam against Deauthentication attacks (802.11w / PMF)

Hi,

I just ran successfully a WiFi deauthentication attack against my eufyCam E. This is very unfortunate as 802.11w or Protected Management Frames are available to avoid such an attack. For example my AVM Fritzbox has enabled this setting and it works like a charm (with supported client devices).

If anyone can bring your security cams down with just a 3$ nodeMCU … not good

Stefan

1 Like

:warning: OH MY GOD! :scream: Very bad news and another (big and very risky) issue for eufy cam! :dizzy_face:

I am curious what @AnkerOfficial, @AnkerSupport, @AnkerTechnical, @ndalby, @TechnicallyWell will say and answer about this …

eufy cam security risk

… and what they will do now emmeditaly to protect us?!

Thanks a lot for revealing this security leak @Hauptibaupti :+1:


Black Ironic Humor:
Hey @Hauptibaupti … don’t worry. It may be a big security leak in the eufy cam system, but hey … the range of the eufy cam is so much horrible bad, you don’t need to worry about hacker attacks as they would need to stand directly next to the homebase/cam! :rofl:

I would suggest the OP reaches out to support@anker.com with his found issue, so they can investigate, validate and look towards a solution…

Playing devils advocate (and please bear in mind I have no influence or say in Eufy) @yamyam, if you put your mind to it nothing is un-hackable or unable to be compromised…just saying…

2 Likes

will do, thanks

PS: I just got informed about this deauthentication attack by German website golem.de

All the security systems they tested (Abus, Nest, Yi Technology and Arlo) were affected. Which doesn’t make it better but actually not worse for Anker

Stefan

Thanks for sharing @Hauptibaupti and hope eufy and other brands as well are made aware of this and working on the patch work already !

1 Like

As you have managed to test that security, fancy seeing if you can get the SSID & WPA key, been a while since I’ve tried to use backtrack

I just flashed a MicroController with out of the box attack-software hosted on github. I’m not a hacker :wink:

Hi, Stefan, here are some suggestions and instructions for you:

  1. it is suggested that you improve the safety factor of the router in your home, such as setting a white list or blacklist, or set the password to more complex and other relevant encryption settings, to prevent the router from being easily breached;
  2. if the router is breached, eufyCam will only be unable to work; Since relevant data of eufyCam is encrypted, video or data will not be leaked, please rest assured;
  3. at present, we are continuing to strengthen the safety level of products, please stay tuned.
3 Likes

thanks, but 1 and 2 don’t protect against a Deauth attack. So the only solution is 3

2 Likes

I just tried a deauth attack against my Homebase 2.
It still works: no recordings, no access to the cameras.
@AnkerTechnical: will there be a solution available? 802.11w or a different connection to the cameras instead of 802.11 Wifi?

@AnkerTechnical: any news here?

As @ndalby said there is no such thing as zero vulnerability technology, only zero known vulnerability.

What you’re doing by highlighting this in a public forum is bringing particular attention to this product and this vulnerability, inviting attacks and making things potentially worse for all Eufy owners.

Common decency in the whitehat community is to bring this privately to attention of the manufacturer and offer to test a patch. Often whitehats can get a small fee income for their time.

Discretion is part of minimising vulnerability. Often vulnerability is revealed after a fix is worked out as part of telling owners to ensure they update, rather than out the vulnerability and then public shaming.

As @ndalby stated, you should move this to PM.

Sorry, but this vulnerability has been known for at least 10 months, and even computer magazines have reported about this problem. So the public and potential buyers should know about it. Whitehat hackers usually give a 90-day grace period. Those 90 days are long gone.

By the way, this is an absolute standard vulnerability in wireless devices, so blackhat hackers are not increasingly made aware of it.