Security breach @ Eufy


Hmm, the next few hours and days are going to be interesting…must have been quite a bug…


People, Processes. Technology.

They’ve only fixed the Technology.

What Process allowed the bug?

How do anyone remote from home unplug?

There is nobody who can answer that.
All systems got so complex meanwhile.
If you “repair” something here, another bug shows up there.

Do you know that there are still old COBOL programs working properly.
Nobody dares to touch these.

Have you ever written COBOl-programs?
If so, you could get a high paid specialist!
Not me too old!

In security world… trust is everything (or zero trust)… its going to be hard for customers to trust …

even before I saw this thread on anker, had seen the news and had checked the security app, and saw some other feeds, have since powered off the 2 pan and tilt cams i have.

Agree, now it’s even harder to regain that “trust”

1 Like

Testing reduces risk. A new release goes to some test cameras and once tested then released.

Not saying no bugs, saying you test!

Just saw this - power cycled my one cam, but apparently it was all over before I noticed. But the app still has thumbnails of the captures, etc even though the data is stored on my local SD card. So you could get something even with the camera off.

But this is why all cameras are limited to a focus on exterior access points, and not in any private areas. Security limitations always exist, on every product that connects to the outside world.

Back in the days of COBOL, you had one mainframe and a few seconds of computer time was expensive.

Now in the era of virtualisation and VMs, cloning of disk images and machine images, you can do a lot of testing using a clone of data. There’s far fewer excuses for errors now.

So the issue is not bugs are created, it is they are allowed to be promoted to production. That implies a process error, rushed untested code released, so a process error, and failed processes just cause bugs released again in the future.

One way to stop this is an encryption key per account / user which is generated in the device, and so you cannot see anyone else’s feed. This looks like the data is unencrypted when it leaves the device and then can be accessed by anyone not just the owner.

Testing and high availability (HA) and failover all use similar technology. The only difference between testing is its a virtual snapshot you test on and discard, HA is you have a sync mirror locally and an async mirror remotely and DR is a planned switchover to the mirror.

1 Like

Skilled programmer time has remained the most significant resource constraint as the others have fallen away. A culture of strong processes, good systems and quality control pays for itself in the long run. But it costs up front, and “we’ll get the software out now and improve later” has eaten a lot of companies.

Everything you are saying makes perfect sense, and I bet they even have competent programmers who could do the job. But probably not enough of them at the right times to have that entire testing flow fully utilized every time.

Architects are expensive, as it takes 20+ years of experience of assuming what can go wrong will go wrong.

A distributed encryption key would have helped in this case, so each user generates their own key in their account and only when they login is the key then decrypting. If there was a network routing error, you’d see nothing.

The way they Architected, one key for all cameras, so the only thing stopping Anker seeing everyone’s camera is either they don’t want to or haven’t accidentally done it yet. They just today proved they or someone else can access any Eufy camera.

A more expanded statement, with apologies.

Recall a similar report of users seeing other customers feeds before, again it seemed to be more of an issue for non European territories…

I’m glad they took care of the problem

Trust in the area of security is hard to come by. If Eufy is serious about regaining a reputation for a secure service they should probably partner with a company like Blackberry and revamp their security from the ground (local storage, unique user keys, etc)

1 Like

At our chair we developed algorithms to verify a program.

Called test harness, you run software through simulated inputs, it is very common now.

There is no lack of tools to avoid large breaches, it’s just the willingness to pay for it.

If a bad code release does happen, atypical network patterns are the signature of a breach, access from different IPs above average. Every architected NOC has them. I won’t name brands.

In this case, if their statement is true, they discovered their created flaw within an hour and fixed within 2 hours, but their workaround required folks to turn off/on their at home devices, which many cannot (e.g. at work and bought these Eufy products to safeguard property while away). So their workaround was never as good as not having the issue in the first place. That’s where testing comes in.

This may not be acceptable to everyone but I advocate you get what you pay for, these security type solutions are best paid for with a monthly fee. At present Eufy gets all of you money up front, if you’re then dissastified they’ve still got your money but just less chance of getting more. A monthly fee means customers walk with more money away when dissatisfied. So you have one-off hardware costs, and recurring operational costs, it’s best to buy a camera at less cost and then pay a monthly fee, then that monthly fee pays for the NOC, monitoring, testing, etc.

But the cat is out of the bag, they claim encryption but they are using one decryption key for all customers, as one customer could see another customer’s cameras. That means Eufy owns the key, and they can look whenever they want. That’s not stated in their marketing.

You don’t need access to the cameras and what not to turn them off and back on, they, as in Eufy, is referring to the app in which we access these cameras and feed. From which you can also turn on or off the same cameras and feed. Eufy wants the users to log out and then back in.

I get the app logoff/on, but just reading back what was said.

working nightshift got me being delusional. by bad i forgot about that, but really it wasnt needed as you can reset everything from the app. i just copied and pasted what they told us to pass along

1 Like