back to article Eufycam Wi-Fi security cameras streamed video feeds from other people's homes

Unlucky owners of Eufycam security cameras were horrified earlier today when they opened their app for the equipment and saw video streams from strangers' homes instead of their own. A software bug was blamed for the fault, which has been corrected, we're told. These 1080p Wi-Fi-connected devices are made by Anker, and are …

  1. Anonymous Coward
    Anonymous Coward

    A spokesperson for Anker told us...

    that due to a glaring architectural flaw, your video feed is stored in the cloud, with no user or account controlled encryption, and defective permissions code.

    say it with me one time, slowly,

    End to end encryption, including at rest, with user controlled keys, or don't put it in the cloud.

    Even bad encryption would have saved them a ton of exposure here, but instead the inevitable "camera in my kids bedroom" story once again rears it's ugly head. The person who got the crossed stream could have saved it and posted it, or may have been so freaked out themselves they set the phone on fire. This was an easily preventable architectural failure, not a bug.

    1. simonlb
      FAIL

      Re: A spokesperson for Anker told us...

      And until you have a specific IoT device protocol which is inherently secure, fully maintained and adopted as the industry standard, all these IoT devices are a complete pile of shit and not worth bothering with.

      I just happened to be looking at some WiFi webcams over the weekend and they all seem to want you to download an app, register a new account with the vendor and then set up the camera via their servers. One even sent you a QR code you had to hold up to the camera to get it to register itself and connect. None that I could see had an app you could install on your phone and then connect to the camera locally over your own network and then configure it - you had to have an account and go via the vendors servers. That's a complete fail from my perspective.

      1. jfield

        Re: A spokesperson for Anker told us...

        Unifi has wifi cameras which work off a local app. Does still require a ui.com account but all data is stored locally and accessed locally

  2. Anonymous Coward
    Anonymous Coward

    Bad idea fails unsuprisingly

    History has shown that:

    Wifi is not secure

    Making any data availible via the internet is not secure

    Trusting anyone else with your data is not secure

    Believing that encryption can provide lasting security is wishful thinking

    If you are going to have cameras then I would suggest that you only used wired connections and avoid network protocols completely since there are lots of people willing to spend time hacking your systems just to get access.

    I am sure that I will get downvotes here from people who profit from beliefs different to the above but again history has shown that when money is to be made the lies begin

    1. Mike 16 Silver badge

      Re: Bad idea fails unsuprisingly

      Generally agree, but "avoid network protocols"? How does that work? The video has to get from the camera to a screen I can see somehow.

      Wired? Yes! Segregated network? If at all possible. Encrypted in a standard protocol with multiple implementations and with user generated keys? Yes Please!

      Of course if the devices come with an "app" that needs to run on a phone, you have already lost. Running your cryptography on a device where random rogues can read your screen and inputs is not security. And not just for nanny cams.

  3. Anonymous Coward
    Anonymous Coward

    I specifically got a EUFY video doorbell because you could install and run it without any cloud or internet services required, pity they dropped the ball on the webcams.

  4. herman Silver badge
    Paris Hilton

    Pics or it didn't happen

    Well, someone had to say that...

  5. Claptrap314 Silver badge

    Remember, kids, the "S" in IOT

    Is for "security"...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021