Eufy makes a ton of cameras for various household needs: doorbell cameras, cameras you can set on at table to chat with people while you work, security cameras you can stuff in the corner of a ceiling, and more. The one attribute they share in common is that some kind of bug, vulnerability, or unfortunate issue on Eufy’s end allowed random people to view each others’ camera feeds.
As one Reddit user wrote:
This is EXTREMELY EXTREMELY concerning.
I have had my eufy front door camera for just over a month now. I wanted my partner to also have access to the account, so instead of making her a separate account and inviting her, I just logged into my account on her phone.
Now here is the troubling part…. Now on her phone she is seeing someone elses front and backyard camera… We can see it live, we have full control over it… Wtf!?
This is concerning cause if this is happening than how do we know our account isn’t somehow being seen by someone else….
Anyone have ANY idea why this would happen?
Eufy has since taken to Twitter to vaguely describe what happened:
A software bug occurred during our latest server upgrade at 4:50 AM EST today. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.— Eufy (@EufyOfficial) May 17, 2021
We recommend that all users:
But that doesn’t really address the elephant in the room — the fact that some people were able to view others’ camera feeds. In fact, there’s no mention of it whatsoever in Eufy’s brief announcement, which is almost startling given the breach of privacy.
If you haven’t already panicked and pulled the plug on your Eufy for good, the company is recommending that all owners unplug their devices and plug them back in again. Also, log out of the Eufy security app wherever you’ve used it and log back in again. That should fix everything, one hopes, or else Eufy will have an even larger disaster on its hands.
I won’t get on my soapbox and talk about how these kinds of issues are much more likely to happen now that everything we do and buy seems to have some built-in connection to the cloud.
For a security camera, that makes sense; why wouldn’t you want to be able to dial in from afar and see what’s going on in your backyard, for example? However, for your indoor cameras, I would recommend that you think hard about where they’re placed and positioned. If your camera catches areas that are unnecessary — like your bathroom when you’re getting ready in the morning — consider pointing it elsewhere. Or rethink whether you really need a connected camera in your bedroom for security, for example; maybe that’s better placed outside your home, or pointing at your front door, or anywhere that isn’t where you undress all the time.
Similarly, if your camera setup allows you to turn it on and off via a schedule, or you don’t mind using a smart switch to achieve the same thing, consider keeping it off for the times you know you’re home. (Unless you’re using said camera to monitor your baby or tell your new puppy to stop chewing on things from afar.) You can probably even set up a smartphone automation that powers the camera on and off whenever you’re home or away.
I realise that “scheduling” a security camera somewhat defeats the point of an always-on look into your home, but when said camera is connected to the cloud, all it takes is one breached password, account misconfiguration, or whatever the heck happened to Eufy to suddenly give someone else access who shouldn’t have it. I’m not sure a prison-like security feed is worth the lost privacy.