Added mention in a software update to migrate data to a missing cloud service. /Maria Diaz/ZDNET
Over the past two weeks, Eufy Security has been the subject of public criticism as customers have reported numerous security flaws in its system. As of Monday, an update was released to the Eufy Security app adding a statement that video thumbnails are uploaded to the company’s cloud servers.
The app bug fix follows reports that images captured in the camera stream as well as face detection were sent to AWS cloud servers even when the cloud storage option was disabled in the app settings.
The Eufy Security app allows users to select only text push notifications or text and a thumbnail image taken by the camera. These photos are only sent to the cloud when the customer chooses to display a thumbnail in push notifications on their phone.
Maria Diaz/ZDNET
The controversy hidden by the company
In truth, storing images in the cloud is a fairly common process for security cameras that send push notifications with photo thumbnails to Android devices and iPhones. The problem is, Yufi never told his clients about it. The company has even pushed for customer data to be stored locally and privately, attracting people who prefer local storage for privacy reasons.
As a leaked email from Eufy from information security consultant Paul Moore proves, the company was aware of this inconsistency when it was supposed to be working on fixing the problem with the new version of “Eufy”. The company also stated that it will “encrypt the API between the browser and the server so that URLs are not displayed in the clear,” which simply means that downloaded data will be better hidden.
Personally, I prefer to keep my push notifications without thumbnails to avoid these issues.
A new disclaimer has been added to the Eufy Security app. Maria Diaz/ZDNET
We asked Anker for a comment on this update, but we don’t know yet if the company will address the issue of being able to view feeds from cameras without authentication using the VLC player and a URL.
Source: “.com”