Anker’s Eufy breaks its silence on security cam security

Why do your supposedly end-to-end encrypted cameras produce unencrypted streams at all?

Under what circumstances is video actually encrypted?

Do any other parts of Eufy’s service rely on unencrypted streams, such as Eufy’s desktop web portal? 

How long is an unencrypted stream accessible?

Are there any Eufy camera models that do *not* transmit unencrypted streams? 

Will Eufy completely disable the transmission of unencrypted streams? When? How? If not, why not?

If not, will Eufy disclose to its customers that their streams are not actually always end to end encrypted? When and where?

Has Eufy changed the stream URLs to something more difficult to reverse engineer? If not, will Eufy do so? When?

Are unencrypted streams still accessible when cameras use HomeKit Secure Video?

Is it true that ”ZXSecurity17Cam@” is an actual encryption key? If not, why did that appear in your code labeled as an encryption key and appear in a GitHub repo from 2019?

Beyond the thumbnails and the unencrypted streams, are there any other private data or identifying elements that Eufy’s cameras allow access to via the cloud? 

Beyond potentially tapping into an unencrypted stream, are there any other things that Eufy’s servers can remotely tell a camera to do?

What keeps Eufy and Anker employees from tapping into these streams?

Which other specific measures will Eufy take to address its security and reassure customers? 

Has Anker retained any independent security firms to conduct an audit of its practices following these disclosures? Which?

Will Anker be offering refunds to those customers who bought cameras based on Eufy’s privacy commitment?

Why did Anker tell The Verge that it was not possible to view the unencrypted stream in an app like VLC?

Does eufy share video recordings with law enforcement agencies?

Source link