The cameras have a flaw that Eufy insisted would be impossible
is remarkable: it promises your data will be stored locally, that it “never leaves the safety of your home,” that its footage only gets transmitted with “end-to-end” military-grade encryption, and that it will only send that footage “straight to your phone.”
When we asked Anker point-blank to confirm or deny that, the company categorically denied it. “I can confirm that it is not possible to start a stream and watch live footage using a third-party player such as VLC,” Brett White, a senior PR manager at Anker, told me via email.can now confirm that’s not true.
Also, it seems like it only works on cameras that are awake. We had to wait until our floodlight camera detected a passing car, or its owner pressed a button, before the VLC stream came to life.But it also gets worse: Eufy’s best practices appear to be so shoddy that bad actors might be able to figure out the address of a camera’s feed — because that address largely consists ofencoded in Base64, something you can easily reverse with a simple online calculator.
On the plus side, Eufy’s serial numbers are long at 16 characters and aren’t just an increasing number. “You’re not going to be able to just guess at IDs and begin hitting them,” says Mandiant Red Team consultant Dillon Franke, calling it a possible “saving grace” of this disclosure. “It doesn’t sound quite as bad as if it’s UserID 1000, then you try 1001, 1002, 1003.”
Deutschland Neuesten Nachrichten, Deutschland Schlagzeilen
Similar News:Sie können auch ähnliche Nachrichten wie diese lesen, die wir aus anderen Nachrichtenquellen gesammelt haben.
Eufy Security Cameras Have Been Uploading Unencrypted Footage Without Owners KnowingEufy apparently stores thumbnails on the cloud, even if you don't have a cloud account.
Weiterlesen »
Eufy Security Cameras Have Been Uploading Unencrypted Footage Without Owners KnowingEufy apparently stores thumbnails on the cloud, even if you don't have a cloud account.
Weiterlesen »
Sam Bankman-Fried Called to FTX Hearing by Texas Securities RegulatorTexas regulators have called former FTX_Official CEO SBF_FTX to a hearing in February to answer claims that FTX offered unregistered securities through its yield-bearing service. jesseahamilton and cheyenneligon report
Weiterlesen »
Bankman-Fried on the hook in Texas, called to appear at Feb. hearingSam Bankman-Fried has been ordered to testify in a Texan court in February to address claims his firm offered unregistered securities, which could see him forced to refund affected users from the state.
Weiterlesen »