After weeks of silence, Eufy finally addressed some of the public’s findings about its “safe” cameras.
We live in a connected world, so for the most part, it should come as no surprise that our data is shared across networks, and some of our personal data is collected by the companies and apps we use every day. But when a company promises it will never store personal data, and it happens, that’s another story entirely. It gets even worse when someone else shares the news, bringing the company’s integrity into question.
Unfortunately, Eufy customers experienced this same nightmare at the end of November when it was revealed that the company was in fact storing images from its cameras on remote servers. Since the explosive report by Paul Moore, a security researcher, many outlets have tried to get Eufy to get an explanation. Instead of reaching out to the public, she started updating her website, Rewrite and update some of its privacy policies. This, of course, raised some eyebrows and raised more red flags about the company.
A few weeks after the accident, Eufy is now issued a statement About it, which is posted on their website. The company explains that the things it does are unique, and since that’s the case, there are “anticipated challenges” that will arise. She acknowledges that there are many reports about her products and that she does her own research. While the company understands that urgency is key, it needs to have “all the facts” in order to better inform its customers.
“Eufy Security Uses Zipper To send mobile users Pay Notices
Eufy states that some of its operations require the use of the cloud such as push notifications, which include a small thumbnail preview image. The company states that when this action occurs, the data is end-to-end encrypted and deleted shortly thereafter. While this is a reasonable statement, this is not how the company initially presented its products, and therein lies the problem. Rather than take responsibility for misleading her customers, she goes on to say that the process “complies with all industry standards.”
The company has now apparently updated its app, giving users a clearer explanation of how its service works and outlining different types of push notifications with local and cloud options. The Company will also release an updated Privacy Statement on its website, which will be forthcoming and will also be available throughout its website and products. Of course, none of this, at this point, really explains what happened or why. Furthermore, the company does not apologize to users who may feel that Eufy’s ads were misleading.
Eufy Security’s The Live View feature on its Web-Portal feature has a security flaw”
Fortunately, halfway through, the company is finally getting recognition for its products — but it doesn’t provide any clear details as to why its streams can be accessed without authentication.
First, no user data was exposed, and the potential security flaws discussed online are purely speculative. However, we do agree that there are some key areas for improvement. So we made the following changes.
Today, users can still log into our website eufy.com 1 Web portal to view the live feed of their cameras. However, users can no longer view live streams (or share active links to these live streams with others) outside of eufy’s secure web portal. Anyone wishing to view these links must first log in to eufy.com 1 web portal.
We will continue to look for ways to improve this feature.
It is difficult to know how much this incident affected the company. While it is somewhat pervasive in the tech community, it is not known if this issue has damaged its integrity with consumers. Although there are some sites that suggest that Eufy cannot be trusted, there are others that gladly promote Eufy products. If one thing’s for sure, Eufy is definitely aware, and there will be plenty of people looking for holes in its security going forward.
Source: ioffe
Through: the edge
[ad_2]
