A lot of people are suspicious of security cameras and the ability for them to keep you and your loved ones secure — and rightly so. Eufy users have been reporting issues with their Eufy cameras where they can see someone else’s camera view in their app. Surely that means someone is looking at your house from their app right?
As so often happens, the issue first surfaced over on Reddit, and we were also contacted by an EFTM reader to share his experience. The issue is that users were not seeing their own livestream in their Eufy feed app but someone else’s. The reader told us that although they could not see the live feed from the other user it was possible to “view their full historical videos and playback videos from their history”.
Interestingly, the EFTM reader purchased Eufy so that he could use it locally and NOT via the Eufy cloud video storage. Even with this he was able to see someone else’s feed which is all kinds of breaches — security, privacy and more — and it seems to be occurring mostly in Australia and New Zealand.
At this stage it appears that the incorrect feeds were random mix ups with users unable to force the mixup to occur with a specific user with nakedsecurity noting that “one user in Australia noted that he and his wife, each supposedly hooked up to the same account under their own email addresses, ended up redirected to two completely different accounts and each had access to unrelated but incorrect feeds.”
Eufy, for their part, have released a statement, assuring everyone that they have fixed the issue already:
“Due to a software bug during our latest server upgrade at 4:50 AM EST today, a limited number (0.001%) of our users were able to access video feeds from other users’ cameras. Our engineering team recognized this issue at around 5:30 AM EST, and quickly got it fixed by 6:30AM EST.
The issue affected users at a small rate in the United States, New Zealand, Australia, Cuba, Mexico, Brazil, and Argentina. Users in Europe remain unaffected.
Our customer service team will continue contacting those who were affected. Eufy Baby Monitors, eufy Smart Locks, eufy Alarm System devices and eufy PetCare products remain unaffected.
We realize that as a security company we didn’t do good enough. We are sorry we fell short here and are working on new security protocols and measures to make sure that this never happens again. For any questions, users can contact our support team at email@example.com.“
Although this software “bug” is fixed it is unclear just how it occurred and with so many users trusting security companies to get it right it is certainly something Eufy will have to ensure never happens again. With so many these online security options you would hope the vendors would do better but that is the risk of online solutions — There is certainly something to be said for local storage only of security feeds.
If you own Eufy cameras now might be a good time to check your feed and make sure it is yours and to contact Eufy to determine if your privacy has been breached.