And just to emphasise how the naughty people operate, it’s often now a business, it’s not bragging rights so much, so they’d be seeking to extract money from this. Money from Eufy and/or money from individuals to not share photos. E.g. your mistress’s visit when wife away. When a ransom is paid then none know, if not paid then it’s made known about for maximum brand damage so the next one they ransom sees reasons to pay.
Users getting panic out there, @AnkerOfficial please pass it on. A temporary containment to quickly fix would help for time being until long term assurance is provided.
A server based architecture is primarily vulnerable to outages, which is the most common critique but it also represents a single point of vulnerability to security.
You can either get an accidental error or malicious. Malicious are the stealthy ones now, they don’t let anyone know until they’ve gathered plenty of information, like downloaded lots of user’s videos, then extort for money (ransom) which is not paid then is made public.
This one was not made public by bad people, it just happened, so it feels like an admin’s error, accidental. Whoever they are (servers seem to be based in Seattle) it’s 6am their time and time to wake up…
It’s 11 months since they had a large unplanned outage.
For Eufy, the data is stored in your camera / base. Metadata is stored on the server, login, credentials, notifications, etc.
This significantly lowers costs.
It also means you can exploit any vulnerability in the network to then reach back to the property and access someone else’s information, the only protection from this is a perfect admin of a perfect system all fully patched, and monitored by a NOC (Network Operations Center) 24x7 who then leap to action in minutes…
To get out of your home router’s firewall, you open an outgoing port, through which incoming traffic can come from the server, hence if there’s an issue with the server, you can access all homes.
Doesn’t feel like bad actors, feels just an admin’s error.
Been checking mine on/off since the reports and so far have not received anyone else’s cameras (though whether anyone else has got mine at some point remains to be seen )…both my homebase’s have dropped offline for a few minutes though several times throughout the day.
Luckily they only cover the front / back gardens, so if someone has got mine today they will likely only see the grass getting a nice watering from the rain showers we are having
Will be powering them down though until some official response is given…
Dear user,
The issue was due to a bug in one of our servers. This was quickly resolved by our engineering team and our customer service team will continue to assist those affected. We recommend all users to:
1.Please unplug and then reconnect the home base.
2.Log out of the eufy security app and log in again.
Contact support@eufylife.com for enquiries.