Bug Exposes Eufy Camera Private Feeds to Random Users - silversurfer - 20 May 21
Quote:Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds for approximately one day. Inversely, customers were also suddenly given access to do the same to other users.
The SNAFU, according to experts, is a stark reminder of the security-challenged consumer market for wireless cameras that have caused major headaches for a long list of vendors including Amazon, Google and ADT.
China-based Anker quickly patched the vulnerability, which occurred during a planned server upgrade on Monday, that mistakenly connected Eufy users with video streams of other accounts from around the world, according a report on the issue by research firm Recorded Future, published on its The Record news feed.
However, users quickly noticed the problem—which persisted throughout the day, permitting many users who were running established server sessions to be spied on—and sounded a privacy alarm that is still echoing across online platforms, including the Eufy user forum, Reddit and Twitter.
“Guys and gals, if you have any Eufy cams indoors or out please check your accounts and or shut the cameras down for the time being,” according to a post by Tank on the Eufy user forum on Anker’s website Monday. “There are numerous reports of a security breach where other users are gaining control over others’ cameras and can see them as well as talk and control them. Please shut it down.”
Read more: Bug Exposes Eufy Camera Private Feeds to Random Users | Threatpost
|