Feb 2, 2023 anker norway encryption security risk

Admits lying

Do you remember the case from December last year, "Cameras sold in Norway are a security disaster"?

This is the case
The company in question is Anker, which is best known for chargers but also sells security cameras in the Eufy series.

 

The cameras are also sold in Norway, but massive security problems were uncovered, including that strangers could look into other people's homes – already in May 2021 this was the case. Anker then denied last winter that this was real - until now.

 

The Verge has followed the case closely and was also the same newspaper that tried to get the truth out of the company.

 

The newspaper summarizes:

“At first Anker told us it was impossible. Then they covered their tracks. Then they avoided us and completely ignored our emails.

 

So shortly before Christmas, we gave the company an ultimatum: If Anker wouldn't answer why its supposedly always-encrypted Eufy cameras produced unencrypted streams—among other questions—we would publish a story about the company's lack of answers.”

 

Got them talking
The strategy worked, reports the newspaper.

 

They have received an email from Anker in which the company admits that the cameras were not equipped with point-to-point encryption and that video streams were produced that were not encrypted.

 

The latter applies to Eufy's web portal which gave access to video streams with video programs such as VLC that support video URLs.

 

This they do
The company apologizes and admits they should have done a better job. The security problems must be "largely" corrected.

 

Every single video stream coming from the company's Eufy web portal receives point-to-point encryption, like the Eufy app.

 

Each and every Eufy camera is also upgraded to WebRTC which has encryption enabled by default.

 

The Verge speculates that as things stand now, they may still be vulnerable to sneak peeks, so until an update is available for your camera, turn them off.