Anker's Eufy lied to us about the security of its security cameras - The Verge
Dec 01, 2022 1 min, 44 secs

Anker has built a remarkable reputation for quality over the past decade, building its phone charger business into an empire spanning all sorts of portable electronics — including the Eufy home security cameras we’ve recommended over the years.

On Thanksgiving Day, infosec consultant Paul Moore and a hacker who goes by Wasabi both alleged that Anker’s Eufy cameras can stream encryption-free through the cloud — just by connecting to a unique address at Eufy’s cloud servers with the free VLC Media Player.

This week, we repeatedly watched live footage from two of our own Eufy cameras using that very same VLC media player, from across the United States — proving that Anker has a way to bypass encryption and access these supposedly secure cameras through the cloud.

Your camera’s 16-digit serial number — likely visible on the box — is the biggest part of the key.

But it also gets worse: Eufy’s best practices appear to be so shoddy that bad actors might be able to figure out the address of a camera’s feed — because that address largely consists of your camera’s serial number encoded in Base64, something you can easily reverse with a simple online calculator.

On the plus side, Eufy’s serial numbers are long at 16 characters and aren’t just an increasing number.

But we also don’t know how else these serial numbers might leak, or if Eufy might even unwittingly provide them to anyone who asks.

Thompson also wonders whether there are other potential attack vectors now that we know Eufy’s cameras aren’t wholly encrypted: “If the architecture is such that they can order the camera to start streaming at any time, anyone with admin access has the ability to access the IT infrastructure and watch your camera,” he warns.

Most worrying if true, he also claims that Eufy’s encryption key for its video footage is literally just the plaintext string “[email protected]”.

Wasabi, the security engineer who showed us how to get a Eufy camera’s network address, says he’s ripping all of his out

1. Xbox's Activision-Blizzard Merger Spurs Formal Antitrust Warning From EU - IGN
Feb 03, 2023 # technology 57 secs
2. HomePod 2 teardown shows what’s different compared to the 2018 model - 9to5Mac
Feb 08, 2023 # technology 32 secs
3. When will United Launch Alliance’s Vulcan rocket fly? - Ars Technica
Feb 03, 2023 # science 58 secs
4. Samsung Unpacked Recap: Galaxy S23, Galaxy Book 3 Ultra and More - CNET
Feb 04, 2023 # technology 43 secs
5. 5 simple ways to help prevent heart disease this year - Fox News
Feb 03, 2023 # politics 42 secs
6. February's Google Play System update is live with Nearby Share enhancements - XDA Developers
Feb 07, 2023 # politics 1 min, 4 secs
7. Slow TCA flux and ATP production in primary solid tumours but not metastases -
Feb 01, 2023 # health 50 secs
8. HBO's The Last Of Us Fans Are More Than A Little Horrified By Reports Of Real-Life Fungi Spread In U.S - Yahoo Entertainment
Feb 03, 2023 # health 52 secs
9. David Sabatini, biologist fired for sexual misconduct, lands millions from private donors to start new lab - Science
Feb 04, 2023 # science 57 secs
10. Duxbury mother Lindsay Clancy 'planned these murders,' prosecutors allege - CBS Boston
Feb 08, 2023 # politics 51 secs
11. Hamilton County officials not charging Wyoming officers in fatal shooting of Joe Frasure Jr. - The Cincinnati Enquirer
Feb 03, 2023 # politics 45 secs
12. Ubisoft just broke their games on Linux desktop and Steam Deck - GamingOnLinux
Feb 01, 2023 # technology 38 secs
13. Mario Kart Live: Home Circuit Dev Announces Hot Wheels Follow-Up - Nintendo Life
Feb 08, 2023 # technology 46 secs
14. James Webb Telescope Captures Scores Of Ancient Galaxies - Videos from The Weather Channel - The Weather Channel
Feb 07, 2023 # science 8 secs
15. NBA Today's FULL REACTION to Kyrie Irving going to the Mavericks - ESPN
Feb 06, 2023 # politics 7 secs
16. The 'anti-cancer' spice that could help shed visceral fat in 'weeks' - study - Express
Feb 05, 2023 # health 42 secs



Get monthly updates and free resources.


© Copyright 2023 365NEWSX - All RIGHTS RESERVED