Months after a critical security flaw was discovered, Anker finally admits the issue on its Eufy cameras–and vows to do better.
Anker is a well-known brand that has a reputation for producing quality accessories–including security cameras from its Eufy sub-brand. However, a security flaw discovered last December revealed that users can access unencrypted Eufy video streams through a media player app–which was confirmed by a security researcher.
What concerned users here also is that a similar incident happened back in 2021, when users were able to view camera feeds from strangers. Back then, Eufy blamed the breach on a bug, of which “0.001% of users” were affected.
It took a while before Anker addressed the issue, and it admitted the flaws in its security cameras to The Verge. In the series of questions The Verge sent to Anker, the accessories brand admitted that their Eufy cameras “are not natively end-to-end encrypted”, which is why unsuspecting users were able to access these streams on Eufy’s web portal without any form of encryption.
“It is very clear to all of us that encryption protocols should have been designed into this solution from the very beginning,” Anker Global Head of Comms eric Villines told The Verge. As a response, all video stream requests from Eufy’s web portal are now end-to-end encrypted, and every single Eufy camera will be using WebRTC, which means they will be encrypted by default.
Aside from fixing the encryption flaw in Eufy cameras, Anker also apologized for its lack of communication (it took them almost two months before admitting the flaw) and promised to do better. Among its initiatives in improving its communication and transparency include being in talks with “a well-known security expert”, bringing in security and penetration testing companies for independent audits and reports, and creating a bug bounty program that’s set to launch this month.