"Bug Exposes Eufy Camera Private Feeds to Random Users"

Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan, and zoom in on their home video feeds for approximately one day. Inversely, customers were also suddenly given access to do the same to other users.  The China-based parent company Anker quickly patched the vulnerability, which occurred during a planned server upgrade on Monday.   Eventually, Anker acknowledged that the situation occurred due to a glitch during a server update and was discovered 40 minutes after it first occurred and fixed about an hour later.  The company tweeted an easy fix to the problem at 4:51 p.m. EST Monday, instructing users to “Please unplug and then reconnect the device” and then “Log out of the Eufy security app and log in again.” However, by then, the damage to the company’s reputation for privacy had been done, as users complained that Anker didn’t act fast enough to let people know about the problem, allowing for privacy violations across its home security system.  Security issues with cloud-based home security cameras are not uncommon. Google Nest and Amazon Ring also have experienced problems due to vulnerabilities that have threatened user privacy.  

Threatpost reports: "Bug Exposes Eufy Camera Private Feeds to Random Users"