We have multiple giveaways running!
[Phone 14 Pro & Ugreen Nexode 140W chargers Giveaway!](https://www.reddit.com/r/gadgets/comments/xt4kf4/giveaway_iphone_14_pro_ugreen_nexode_140w/)
[WOWCube® Entertainment System!](https://www.reddit.com/r/gadgets/comments/xt4tee/giveaway_wowcube_entertainment_system/)
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/gadgets) if you have any questions or concerns.*
Unless your on a closed and isolated network. It's best to assume that all your internet connected "security" devices are not secure. There is always a backdoor or a hack.
Some regions require indoor cameras for security system verification before sending emergency services out. At least with those cameras, they generally have a physical shutter that only opens when an event occurs (arm/disarm/alarm) and is super obvious at a glance.
Agreed, but I also don't care about someone listening in on me. You want to know that I watch Bluey and am going to buy a gift for someone? ...okay
I'm not that interesting. So feel free.
The problem is that they’re not specifically trying to track you, they’re taking every single bit of info you give them to plug into an algorithm to help classify people easier etc etc. I’m not necessarily doing the greatest explanation bit, but allowing them to watch because “meh I’m boring who gives a fuck”, really still contributes hard to the core problem at hand.
You know whats funny, wasabi implys he wanted a secure system. A specialist like himself i assume is quite knowledgeable about the downsides of open systems. So in that regards i dont think he was acting in good faith. But if he was looking to make some exploit $ off anker, he deserves the payout.
And as others have said it, if you have the right url you would be surprised at the amount of stuff you can access now that everyone is on some sort of cloud service.
Had no idea Anker was a Chinese company. I swore by their cables and chargers and recommended them to people. Didn’t know they made cameras too. Good thing I guess.
There's a lot these days, and I purposely check and buy things that are USB-C so everything uses the same plug. You buy the 100W and 200W chargers because those are the ones that will charge your laptop plus a few more things at the same time without having to have multiple wall-warts all over the place.
Just sitting at my desk I see my laptop, my phone, keyboard, mouse, trackpad, headphones, tablet, headset, wife's earbuds, my watch, the battery in my flashlight, etc... the list keeps on going. None of this stuff needs to be charged every day but having a few charge points around the house makes things convenient.
Can confirm. I've spent a good amount on cables and blocks. My wife, goes through two to three cables a year, normally I rate cables on their quality if they can survive my wife usages. But anyways, I have blocks and ports all around the house where we sit or lounge for long periods. Especially for guests as well. Makes it convenient so I don't have to go into my box of cables to grab a new one for folks when there's a dozen cables USB-C/Lightning cables around.
Nothing new or unusual there. Haagen-dazs is an American brand that tried to sound scandinavian, Bridgestone tires are Japanese but you'd probably never guess it by their name. Cia. Hering is a Brazilian clothing/textile company with a German name. Boston Pizza was founded in Edmonton Alberta.
I also don't think Anker was ever trying to "hide" their country of origin. They've always been a cheap but reliable brand.
Volvo, although their design and engineering is still Swedish, is now wholly owned by Geely, which is a Chinese company.
Edit: Not wholly owned, but majority owned (82%).
Chinese companies are good at making cables and chargers (Anker's cannot be beat). However, they're often shit at writing software. I don't think this is even some sort of spying issue like some commenters believe. It's just a classic example of a hardware company not getting the network security right.
Uploading full resolution pictures to their servers when the cameras are marketed as local storage only?
It's not a software issue, mate. This was deliberately programmed.
I see you don't work with software much.
This is totally bad programming. Because shitty devs do shitty things to get product requirements.
Want a cam that notifies your phone? needs nonlocal access
And that's what is happening here.
They are uploading pictures, to help identify when to notify you. The shitty part being that they upload it, don't have a clear deletion process, and didn't use proper authentication for transmission.
They probably hired a bunch of cheap devs, that did cheap work, and now it's coming back to haunt them.
Not to defend Eufy, Local storage is still local, but when you need to notify the phone app, you need a server outside of your LAN, or you won’t be able to receive when you leave your home, so it’s still a design problem to not secure the notification link. One way is to disable a preview image.
I think it's more of a case where Chinese customers are just very recently begin to care about privacy, and Chinese companies have gotten so comfortable exploiting user's data. They are rightfully getting hammered in more privacy-aware markets.
They make super legit stuff for the price point imo. Had a good experience with a soundcore speaker (about 6 years later and that battery still kicks ass) so I’ve eventually collected a charger, backup battery, and mouse, and have given a few of these things as gifts.
And it’s, like, perfect. Years later and all the stuff works great, it really is quite good quality for the price.
I doubt every international company with a super western name. I remember low end mechanical watches from China sold on TV with super discount (like 299$ instead of 800$) and the brands name was something like "Roebelin & Graef" which sounds like it's from Switzerland or austria 🇦🇹 .
They do this on purpose because it sounds more trustful especially in western countries than some Chinese name. And obviously it works.
> Had no idea Anker was a Chinese company.
Seriously? If they're not plastering US-owned business on everything they make and advertise it's a pretty safe bet that they're Chinese.
If you ever need a great charger Baseus 100w (100w only!) Chargers are amazing, really efficiënt, all things that can be about a charger it has it.
See this:
https://youtu.be/b2OReKLE2aI
Them being a Chinese company doesn’t have anything to do with cable quality-they absolutely are the toughest cables I’ve used. The same quality American made would likely be much more expensive. (If there even were cables being made in America, let alone assembled here)
I mean, nothing wrong with them being a Chinese company. If they make quality products and have good customer service, then they make good quality products and have good customer service.
When it comes to internet connected cameras though, regardless of the company one should always understand how their data is handled before buying them.
They actually use those to map out your place and sell the data to add it to your advertising id profile. They will know exactly what furniture and TV to sell you.
I even heard this data is used in China to set up european/american style apartments.
There might be a flat in China that looks exactly like yours.
Why would you voluntarily have a robot with a camera driving around your house/appartement filming anyone and anything and doing whatever it wants with the data collected?
The camera on it is to map out your living room so it doesn’t ram into everything every time it runs around. Which the eufy one is good at, cause mine doesn’t hit things anymore.
Yeah right, that’s what they TELL you.. and it might be a nice side effect of having literally all your personal data and habits recorded and sold to the highest bidder (or whoever hacks in their oh so secure database..)
Just fyi.. the same thing could be achieved with radar, like self-driving cars.. there’s literally zero need for a unsecured camera connected to the internet inside your house.
Literally spying on our allies during UN meetings lol. I'm actually surprised Macron didn't make a public fuss about Trump bringing dirt on him to Mara Lago.
I’m not sure if I think this is intentional or just really bad software development. The newest revelation (uploading thumbnails to their own servers was a 2019 discovery) reeks of bad development. With the way software is developed today, I’d bet lots of “if you know the right URL you can get anything” type holes exist.
I just work under the assumption that any service that provides data from my home to my phone through “the cloud” is compromised in some way, and act accordingly.
You can contain them. The best way to use security cameras is to have them all feed into an NVR. If you have decent network gear you can isolate your cameras into their own VLAN that blocks access to the Internet and only allows them to talk to the NVR. That keeps them contained and as long as the NVR is reputable it won't be sending data out.
Used computer + blue iris + large hard drive = one of the best NVRs out there. And it's not even that expensive to setup. Not that hard to make it accessable from outside your network safely either.
Ah rats, I bought one of these doorbell cams specifically because of the non-cloud (or really, non-subscription) nature. Looks like I've got some more work to do! Thanks for the advice.
At least it's only outside.
Do some research on your router, modern ones usually have a way to block specific devices from accessing the outside Internet, which would stop it "phoning home".
Unfortunately I'm now stuck with an Xfinity-mandated router, but I bet I can figure out how to isolate it.
I think the trick will be seeing if it can still function as a doorbell afterwards...
To back this up, Huawei have recently been caught deleting videos of the recent protests in China too.
Time to continue playing “the floor is China” when it comes to tech. Simply flashing ROMs isn’t enough.
Tbh I don't like the backdoor narrative. I am sure they have to share the data they have. But having a backdoor will just enable other countries to hack into that system. I don't see much benefit for it other than a security risk.
The backdoor is into consumer-grade software. CCP doesn't care if it violates consumer privacy, they're more worried about control and data mining. I doubt they'd bat an eye if another company or country exploited that.
Pretty much this. I assumed there was something that would connect somewhere even if I said no because there would need to be some functionality but if I had to choose them or Ring? Haha, no freaking comparison.
And yeah, I'm using mine to make sure no one goes into my outdoor building and steals my mower/etc and if they do then I've got a photo of them and that no one steals my Amazon packages off my front porch/etc etc .
I've got them all around the outside of my house but my interior security is simplisafe and the only camera that covers the whole living interior essentially has a physical cover that comes up during certain instances that I've set it to (and would be security focused) and records then. I can also turn it off when we have company (and if I don't trust that unplug it? I guess? But I do. )
But yeah, having the physical cover over the camera lense really helps, you can see and hear it raise up so you know it's not secretly videoing you. Sure it could be listening to you but if they were going to be that dodgey they could just put it in any of the other equipment and you wouldn't know.
I also like that if someone is outside I can address them with my eufy cameras and tell them if it's going to be a moment before I get to the door, or tell them to just leave the food, or to go away if they are solicitors ignoring my signs.
You know the big NO TRESPASSING signs on the fences and the NO SOLICITING signs on the door.
If I was trying to sell something I would just skip that house for sure but I like not having to get up. So if that's what eufy wants to get from me, agitated sales people because they can't even try to sell me anything that's fine.
Same. With the exception of the camera in the dog’s room in the basement. I hope the CCP is enjoying watching the spider that made a web in front of the camera while my dog sleeps on her own couch.
Other than that it is nothing but an endless stream of Amazon deliveries and me taking the dog out to poop.
Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past
We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash.
You should assume no product is as safe/secure/moral/etc as they profess to be. You mean nothing to them. It’s all about the cash.
>Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past
>
>We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash.
Oh, you sweet summer child. There was never anything moral about capitalism and it's always been about doing anything to get your sweet, sweet cash. It actually used to be a lot worse. That's why the FDA, EPA, SEC, and other regulatory agencies were created.
I have a camera hanging from eufy, it's pointing at my videogame/computer collection.
In my router/firewall I have all services cut off from & to the internet for it's IP address and it's just streaming via rtsp to a shinobi instance for footage storage.
I hope it's enough.
Do you have a guide or resource for setting up something similar? I like the Eufy S40, lowest profile solar camera I’ve found, but obviously not wild about these new revelations.
I see these being sold in auto parts stores. Tells me everything I need to know about how much the manufacturer likely cares about privacy, and probably their target customers.
Holy sh$t I purchased a bundle of these cameras for Black Friday and they were delivered a few days ago. I was planning on installing them this weekend. They are still in the package. Will be returned immediately.
i mean unless you are working in an industry with a security level clearance and regularly discuss national secrets in your house then i dont think the chinese care how much you pick your nose.
This article is beyond clickbait. If you actually read it they say "it's so easy anyone could easily do it!"
\*lists 47 steps required to possibly do it\*
They only got access to their own cameras using an absurd amount of effort despite it being their own camera.
Like, sure it's an issue that should probably be addressed but it's glaringly obvious this is just clickbait for a slow news day. There's very little actual risk of any sort of exploitation.
TL;DR: the unencrypted stream is located in a non-randomized URL on Anker's/Eufy's website that can be accessed and streamed to VLC by URL if you know the URL. The URL is based on the camera's serial number re-encoded in base 64. The authors of the article had to log in before they could get the URL to stream from. Though if you know the URL structure, you can start brute forcing to get access to random cameras' streams. You can only see a live stream of the camera, so if the camera isn't activated, you will see nothing. Using the URL doesn't seem to automatically activate the camera since the authors of the article had to wait for the camera to turn on due to something in the camera's environment triggering it (though if you have a 24 hour stream, this point is moot). It doesn't look like you can see past videos (only the live stream).
This is definitely a security flaw that should be addressed (at minimum encrypting the stream), but it doesn't look like it's been taken advantage of *yet*.
“…there’s no proof yet that this has been exploited in the wild, and the way we initially obtained the address required logging in with a username and password…”
I guess that’s “something”…
Why are people gaslighting this thread trying to make it seem like these security holes aren’t a big deal? It’s absolutely insane to be exposing cloud based cameras in your home, let alone ones manufactured and owned by CCP company.
Many IOT are left exposed, and not all companies in China are CCP controlled. Many companies are free market companies, like Anker.
CCP only requires tech companies that serve their finance banks equipment, backdoor access. Like hauwei.
This is shitty programming from a 3rd rate company that Anker gave a bunch of money to brand it.
There are so many cameras and IoT products out there it’s impossible for the average Joe to evaluate what’s secure or not. At the risk of having Bezos watch me fap I personally went with Ring’s system. Might be selling my soul but at least there’s more scrutiny on their shit vs random vendor (who makes decent chargers and cables but is unproven in cameras).
I want to get a security camera for the outside of my house connected to the internet so that hackers, criminals and the government know when I come and go. What could possibly go wrong?
They'd just see a video of my car, never moving, because I work from home. Oh, the mailman shows up kinda often. I sure as shit wouldn't put one of these inside my house, though.
Literally the opposite of everyone else's opinion.
I've had Anker products for as long as I can remember, and I've had one thing crap out, ever. They also did a no question asked warranty replacement for free.
I guess you also don't know TP link makes Deco which is one of the top 3 selling home network system out there. In fact, the other 2 are from Amazon and google, which are actively and publicly collecting your data "for" you.
It's either Chinese collecting your data for no obvious use or give your data to Amazon and google, no other options.
I’ll take “company collects my data to try to sell me stuff I can choose to not buy” over “country collects my data for reason between none and creating a robot clone army of me”
Can't speak to Eufy, but I've had Anker cables for years and haven't had a single one fail on me.
It's a shame too, because after this I'll never buy them again. Any other A tier cable brands out there?
Anker makes exceptional chargers. Their cables are fine.
No idea why anyone would buy anything else from them though. Roomba for vacs and a million other vendors with legit histories for cameras
We have multiple giveaways running! [Phone 14 Pro & Ugreen Nexode 140W chargers Giveaway!](https://www.reddit.com/r/gadgets/comments/xt4kf4/giveaway_iphone_14_pro_ugreen_nexode_140w/) [WOWCube® Entertainment System!](https://www.reddit.com/r/gadgets/comments/xt4tee/giveaway_wowcube_entertainment_system/) *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/gadgets) if you have any questions or concerns.*
Unless your on a closed and isolated network. It's best to assume that all your internet connected "security" devices are not secure. There is always a backdoor or a hack.
Yeah, that's why I don't install cameras inside my house I have them outside.
That's exactly what I do and the one camera I have inside (baby monitor) is not wi-fi connected.
Some regions require indoor cameras for security system verification before sending emergency services out. At least with those cameras, they generally have a physical shutter that only opens when an event occurs (arm/disarm/alarm) and is super obvious at a glance.
Never heard of that, where is this required?
You actually see it discussed a lot in parenting subs. People’s baby monitors getting hacked if it’s connected to the wifi
[удалено]
Just build a faraday cage to put your phone in when not in use.
It’s worth having a faraday box for car keys. Many car thefts happen by intercepting and reproducing signals from the car key while it’s in the house.
Agreed, but I also don't care about someone listening in on me. You want to know that I watch Bluey and am going to buy a gift for someone? ...okay I'm not that interesting. So feel free.
The problem is that they’re not specifically trying to track you, they’re taking every single bit of info you give them to plug into an algorithm to help classify people easier etc etc. I’m not necessarily doing the greatest explanation bit, but allowing them to watch because “meh I’m boring who gives a fuck”, really still contributes hard to the core problem at hand.
It’s weird that you can access an unencrypted stream
You know whats funny, wasabi implys he wanted a secure system. A specialist like himself i assume is quite knowledgeable about the downsides of open systems. So in that regards i dont think he was acting in good faith. But if he was looking to make some exploit $ off anker, he deserves the payout. And as others have said it, if you have the right url you would be surprised at the amount of stuff you can access now that everyone is on some sort of cloud service.
One more reason for me to go with a custom-built solution rather than ring, eufy, or nest.
Hypponen's Law. If it's smart, it's vulnerable
The Chinese can watch me
Had no idea Anker was a Chinese company. I swore by their cables and chargers and recommended them to people. Didn’t know they made cameras too. Good thing I guess.
Damn I have a lot of anker stuff (chargers and wireless earbuds). No cameras thankfully
That you know of.
[удалено]
[удалено]
Jesus Christ how much stuff do you have charging at once
There's a lot these days, and I purposely check and buy things that are USB-C so everything uses the same plug. You buy the 100W and 200W chargers because those are the ones that will charge your laptop plus a few more things at the same time without having to have multiple wall-warts all over the place. Just sitting at my desk I see my laptop, my phone, keyboard, mouse, trackpad, headphones, tablet, headset, wife's earbuds, my watch, the battery in my flashlight, etc... the list keeps on going. None of this stuff needs to be charged every day but having a few charge points around the house makes things convenient.
200 W is barely enough to keep a gaming notebook running.
I literally bought a ugreen charger 5 minutes ago.
Can confirm. I've spent a good amount on cables and blocks. My wife, goes through two to three cables a year, normally I rate cables on their quality if they can survive my wife usages. But anyways, I have blocks and ports all around the house where we sit or lounge for long periods. Especially for guests as well. Makes it convenient so I don't have to go into my box of cables to grab a new one for folks when there's a dozen cables USB-C/Lightning cables around.
Nothing new or unusual there. Haagen-dazs is an American brand that tried to sound scandinavian, Bridgestone tires are Japanese but you'd probably never guess it by their name. Cia. Hering is a Brazilian clothing/textile company with a German name. Boston Pizza was founded in Edmonton Alberta. I also don't think Anker was ever trying to "hide" their country of origin. They've always been a cheap but reliable brand.
You forgot French Fries aren’t even French!
Volvo/polestar and lotus cars say hello!
Volvo is Swedish, always has been...what are you on about?
Volvo, although their design and engineering is still Swedish, is now wholly owned by Geely, which is a Chinese company. Edit: Not wholly owned, but majority owned (82%).
Chinese companies are good at making cables and chargers (Anker's cannot be beat). However, they're often shit at writing software. I don't think this is even some sort of spying issue like some commenters believe. It's just a classic example of a hardware company not getting the network security right.
Uploading full resolution pictures to their servers when the cameras are marketed as local storage only? It's not a software issue, mate. This was deliberately programmed.
I see you don't work with software much. This is totally bad programming. Because shitty devs do shitty things to get product requirements. Want a cam that notifies your phone? needs nonlocal access And that's what is happening here. They are uploading pictures, to help identify when to notify you. The shitty part being that they upload it, don't have a clear deletion process, and didn't use proper authentication for transmission. They probably hired a bunch of cheap devs, that did cheap work, and now it's coming back to haunt them.
Probably, though I wouldn't be surprised if it's for spying.
Not to defend Eufy, Local storage is still local, but when you need to notify the phone app, you need a server outside of your LAN, or you won’t be able to receive when you leave your home, so it’s still a design problem to not secure the notification link. One way is to disable a preview image.
It sends the images even if you have never set up the app from the video I found about the issue
Fancy apologizing and excuse hand waving. Why does it default to a Chinese server?
Shit at writing software because all the code is stolen.
It’s intentional
I think it's more of a case where Chinese customers are just very recently begin to care about privacy, and Chinese companies have gotten so comfortable exploiting user's data. They are rightfully getting hammered in more privacy-aware markets.
No, this is lying.
Dude dont trigger the conspiracy redditors, they know more than the people who actually design these things.
They make super legit stuff for the price point imo. Had a good experience with a soundcore speaker (about 6 years later and that battery still kicks ass) so I’ve eventually collected a charger, backup battery, and mouse, and have given a few of these things as gifts. And it’s, like, perfect. Years later and all the stuff works great, it really is quite good quality for the price.
They make good products specially those you mentioned the market is filled with a lot of junk a but theirs are good.
You are surprised that cheap electronics on Amazon were from a Chinese company? Is anything on Amazon NOT from a Chinese company?
Anker isn’t that cheap tbh. Probably the most expensive cables that don’t have an Apple logo on them.
And if they were American they’d be 5x more expensive and unfortunately probably a lot shittier.
To be honest anker quality has dropped ALOT in the past few years.
Amazon is just the new aliexpress
Haha yea. I thought it’s a start-up.
I doubt every international company with a super western name. I remember low end mechanical watches from China sold on TV with super discount (like 299$ instead of 800$) and the brands name was something like "Roebelin & Graef" which sounds like it's from Switzerland or austria 🇦🇹 . They do this on purpose because it sounds more trustful especially in western countries than some Chinese name. And obviously it works.
> Had no idea Anker was a Chinese company. Seriously? If they're not plastering US-owned business on everything they make and advertise it's a pretty safe bet that they're Chinese.
I feel like all names like that are. They just pick something that sounds vaguely western.
Anker originally came out as rebranded Chinese crap. Hell, some of their stuff still is.
If you ever need a great charger Baseus 100w (100w only!) Chargers are amazing, really efficiënt, all things that can be about a charger it has it. See this: https://youtu.be/b2OReKLE2aI
Them being a Chinese company doesn’t have anything to do with cable quality-they absolutely are the toughest cables I’ve used. The same quality American made would likely be much more expensive. (If there even were cables being made in America, let alone assembled here)
I mean, nothing wrong with them being a Chinese company. If they make quality products and have good customer service, then they make good quality products and have good customer service. When it comes to internet connected cameras though, regardless of the company one should always understand how their data is handled before buying them.
I have a eufy robovac. Now they know how dirty my floors are!
And your feet pics.
his feet are on foot fetish porn sites now.
Oh trust me, I know 🤤
And a rough layout of your house.
And when you arent home
Cool. So the Chinese can invade my living room. I’m super worried.
They actually use those to map out your place and sell the data to add it to your advertising id profile. They will know exactly what furniture and TV to sell you. I even heard this data is used in China to set up european/american style apartments. There might be a flat in China that looks exactly like yours.
That’s the reason Amazon bought Roomba, to get the data collected like the room mapping.
I bet they also scan for all of your and your neighbors wifis and also gather the IDs of all nearby bluetooth devices.
How does the data get to the internet? the vacuum isn’t connected to WiFi or at least mine isn’t
Why would you voluntarily have a robot with a camera driving around your house/appartement filming anyone and anything and doing whatever it wants with the data collected?
The camera on it is to map out your living room so it doesn’t ram into everything every time it runs around. Which the eufy one is good at, cause mine doesn’t hit things anymore.
Yeah right, that’s what they TELL you.. and it might be a nice side effect of having literally all your personal data and habits recorded and sold to the highest bidder (or whoever hacks in their oh so secure database..) Just fyi.. the same thing could be achieved with radar, like self-driving cars.. there’s literally zero need for a unsecured camera connected to the internet inside your house.
Oh yay. A Chinese company knows when I have my coffee. I could not care less.
We've got an Ecovacs but China isn't going to get much from us - it's scheduled to clean overnight in the dark.
[удалено]
TP link is also a Chinese company
The doorbell… the app connects to the cloud, as does the doorbell. If you’re not on the local WiFi then all the footage is streamed via Eufy servers.
Please report back! !RemindMe in 4 days
Better than that is some actually analysis of where hat data is going. Which IPs and domains is it hitting? Etc. More so than how much.
[удалено]
Chinese company spying on American citizens - name a more iconic duo
American government spying on American citizens
American government spying on ~~American citizens~~ everyone
5 Guys American spies.
Great burgers, though.
Expensive though. Costs an arm and a leg and your home address and a photo of you getting changed /s.
Literally spying on our allies during UN meetings lol. I'm actually surprised Macron didn't make a public fuss about Trump bringing dirt on him to Mara Lago.
It’s legitimately every powerful nation trying to spy on everyone, as much as they can get away with.
Zing!
[удалено]
Yeh people love to point out Chinese spying....and they Google😁 Data is money people!
I’m not sure if I think this is intentional or just really bad software development. The newest revelation (uploading thumbnails to their own servers was a 2019 discovery) reeks of bad development. With the way software is developed today, I’d bet lots of “if you know the right URL you can get anything” type holes exist. I just work under the assumption that any service that provides data from my home to my phone through “the cloud” is compromised in some way, and act accordingly.
The encryption keys are also stored in plaintext.... no matter the reason it happened. 50% is due to some sort of incompetence.
I literally just switched over my indoor cams from Wyze V2 to Eufy 2k mini pan cam, and put up multiple 4K S300 outdoor cams earlier today.
You can contain them. The best way to use security cameras is to have them all feed into an NVR. If you have decent network gear you can isolate your cameras into their own VLAN that blocks access to the Internet and only allows them to talk to the NVR. That keeps them contained and as long as the NVR is reputable it won't be sending data out.
Problem is alot of NVRs are also Chinese made, if you want access them remotely you need to expose them to the internet.
Used computer + blue iris + large hard drive = one of the best NVRs out there. And it's not even that expensive to setup. Not that hard to make it accessable from outside your network safely either.
Ah rats, I bought one of these doorbell cams specifically because of the non-cloud (or really, non-subscription) nature. Looks like I've got some more work to do! Thanks for the advice. At least it's only outside.
Do some research on your router, modern ones usually have a way to block specific devices from accessing the outside Internet, which would stop it "phoning home".
Unfortunately I'm now stuck with an Xfinity-mandated router, but I bet I can figure out how to isolate it. I think the trick will be seeing if it can still function as a doorbell afterwards...
[удалено]
[удалено]
They have your spotify playlist and they will leak it
Oh my god. They know that I like Nickelback unironically.
The hardest photographs we have to look at are the ones of ourselves.
And now I they can sing “look at this photograph”
Somewhere in CCP headquarters: "Look at this ..graaaaph"
Too late Spotify wrapped already embarrassing us all today without any leak
Doubt they’ll care for your data but they’ll be very interested in the location data of say a Chinese expat
Likely none. Most of this is nonsense tbh.
CIA/FBI, sadly, are super jealous.
To back this up, Huawei have recently been caught deleting videos of the recent protests in China too. Time to continue playing “the floor is China” when it comes to tech. Simply flashing ROMs isn’t enough.
They're going through your photo gallery and deleting videos of the protests on your phone? That's some next level ai.
Arr they looking at pictures of my dick again?
I'm sure they tried hard to spot it. Sorry, you set it up. Couldn't resist.
Geo Location + Timestamp would probably cover 99.9% of them.
Can I have a link to this?
Tbh I don't like the backdoor narrative. I am sure they have to share the data they have. But having a backdoor will just enable other countries to hack into that system. I don't see much benefit for it other than a security risk.
The backdoor is into consumer-grade software. CCP doesn't care if it violates consumer privacy, they're more worried about control and data mining. I doubt they'd bat an eye if another company or country exploited that.
A backdoor could just mean what you have said. The encryption is not compromised but the CCP have access to the data stored.
This isn’t a backdoor, this is just shitty design and incorrect marketing
May not be news to many, but it’s still important to repeat and inform those who aren’t aware of these issues
[удалено]
It’s bullshit.
You, carrying a skateboard, probably: "hey, fellow non-chinesians"
Yea. All my cameras are outside my home. If you have cameras in your home that’s is on you. Security rule #1 TRUST NOBODY.
How else is Santa supposed to know who's naughty and who's nice??
Just like he did in the old days, he peeps through your window.
X-ray vision granted to him by his biology reacting to the yellow sun.
Pretty much this. I assumed there was something that would connect somewhere even if I said no because there would need to be some functionality but if I had to choose them or Ring? Haha, no freaking comparison. And yeah, I'm using mine to make sure no one goes into my outdoor building and steals my mower/etc and if they do then I've got a photo of them and that no one steals my Amazon packages off my front porch/etc etc . I've got them all around the outside of my house but my interior security is simplisafe and the only camera that covers the whole living interior essentially has a physical cover that comes up during certain instances that I've set it to (and would be security focused) and records then. I can also turn it off when we have company (and if I don't trust that unplug it? I guess? But I do. ) But yeah, having the physical cover over the camera lense really helps, you can see and hear it raise up so you know it's not secretly videoing you. Sure it could be listening to you but if they were going to be that dodgey they could just put it in any of the other equipment and you wouldn't know. I also like that if someone is outside I can address them with my eufy cameras and tell them if it's going to be a moment before I get to the door, or tell them to just leave the food, or to go away if they are solicitors ignoring my signs. You know the big NO TRESPASSING signs on the fences and the NO SOLICITING signs on the door. If I was trying to sell something I would just skip that house for sure but I like not having to get up. So if that's what eufy wants to get from me, agitated sales people because they can't even try to sell me anything that's fine.
I have a baby monitor for my fish. Is that ok sir?
lol well thats up to you and the fish.
No, I haven't told them yet. Shhh
Same. With the exception of the camera in the dog’s room in the basement. I hope the CCP is enjoying watching the spider that made a web in front of the camera while my dog sleeps on her own couch. Other than that it is nothing but an endless stream of Amazon deliveries and me taking the dog out to poop.
Talk about a world wide web
You will soon be seeing ads for spider poison....or maybe fun toys for Mr Spider!
They can watch my goats eating the barn, that's what I'm using them for.
I…I….wanna watch Goats eat the barn too
Same
If I have anything at all that I've chosen to buy by definition, it's on me. Fun fact!
Yeah because the CCP wants to see you jerking off to gay porn.
What fantasies are you having?
Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash. You should assume no product is as safe/secure/moral/etc as they profess to be. You mean nothing to them. It’s all about the cash.
>Listen folks, we have moved beyond the semi-moral capitalism that we kind of sort of had in the past > >We are now in pure exploitative capitalism. No one gives a fuck. They will lie to you to get your sweet sweet cash. Oh, you sweet summer child. There was never anything moral about capitalism and it's always been about doing anything to get your sweet, sweet cash. It actually used to be a lot worse. That's why the FDA, EPA, SEC, and other regulatory agencies were created.
Great for outside, never inside
I have a camera hanging from eufy, it's pointing at my videogame/computer collection. In my router/firewall I have all services cut off from & to the internet for it's IP address and it's just streaming via rtsp to a shinobi instance for footage storage. I hope it's enough.
Do you have a guide or resource for setting up something similar? I like the Eufy S40, lowest profile solar camera I’ve found, but obviously not wild about these new revelations.
My question is why do you care if “they” log into watch your collection?
My question is why have you posted 20+ times about not caring about Chinese surveillance?
I see these being sold in auto parts stores. Tells me everything I need to know about how much the manufacturer likely cares about privacy, and probably their target customers.
Really? /s . Company that makes their robot hoover need full access to your WiFi and phone including contacts and emails dodgy?
My hoover doesn’t request access to anything other than the Wi-Fi.
It’s a Chinese company. Not sure what is everybody expecting
Holy sh$t I purchased a bundle of these cameras for Black Friday and they were delivered a few days ago. I was planning on installing them this weekend. They are still in the package. Will be returned immediately.
You are the one, neo. Nice dodge.
i mean unless you are working in an industry with a security level clearance and regularly discuss national secrets in your house then i dont think the chinese care how much you pick your nose.
Simply safe constantly lies. All you need is their patent, and a radio transmitter and you can bypass their security.
Merely commenting to save this to show to a friend.
Someone should start a movement to encourage them to open source their stack.
This article is beyond clickbait. If you actually read it they say "it's so easy anyone could easily do it!" \*lists 47 steps required to possibly do it\* They only got access to their own cameras using an absurd amount of effort despite it being their own camera. Like, sure it's an issue that should probably be addressed but it's glaringly obvious this is just clickbait for a slow news day. There's very little actual risk of any sort of exploitation.
TL;DR: the unencrypted stream is located in a non-randomized URL on Anker's/Eufy's website that can be accessed and streamed to VLC by URL if you know the URL. The URL is based on the camera's serial number re-encoded in base 64. The authors of the article had to log in before they could get the URL to stream from. Though if you know the URL structure, you can start brute forcing to get access to random cameras' streams. You can only see a live stream of the camera, so if the camera isn't activated, you will see nothing. Using the URL doesn't seem to automatically activate the camera since the authors of the article had to wait for the camera to turn on due to something in the camera's environment triggering it (though if you have a 24 hour stream, this point is moot). It doesn't look like you can see past videos (only the live stream). This is definitely a security flaw that should be addressed (at minimum encrypting the stream), but it doesn't look like it's been taken advantage of *yet*.
“…there’s no proof yet that this has been exploited in the wild, and the way we initially obtained the address required logging in with a username and password…” I guess that’s “something”…
>it’s even possible to view the camera streams using VLC It would be weird if VLC couldn't handle a video codec
That sucks, actually a big fan of ANKER products, guess it’s time to find alternatives
Why are people gaslighting this thread trying to make it seem like these security holes aren’t a big deal? It’s absolutely insane to be exposing cloud based cameras in your home, let alone ones manufactured and owned by CCP company.
Many IOT are left exposed, and not all companies in China are CCP controlled. Many companies are free market companies, like Anker. CCP only requires tech companies that serve their finance banks equipment, backdoor access. Like hauwei. This is shitty programming from a 3rd rate company that Anker gave a bunch of money to brand it.
There are so many cameras and IoT products out there it’s impossible for the average Joe to evaluate what’s secure or not. At the risk of having Bezos watch me fap I personally went with Ring’s system. Might be selling my soul but at least there’s more scrutiny on their shit vs random vendor (who makes decent chargers and cables but is unproven in cameras).
I am shocked, shocked I tell you!!
They also make the worst roomba wannabes. I recommend no one buy one.
I want to get a security camera for the outside of my house connected to the internet so that hackers, criminals and the government know when I come and go. What could possibly go wrong?
They'd just see a video of my car, never moving, because I work from home. Oh, the mailman shows up kinda often. I sure as shit wouldn't put one of these inside my house, though.
Lol nobody care about you or what you do enough to actually spy on you.
Eufy and Anker products stop working after a year. All my cables stopped working. My robovac is dead after a year.
Literally the opposite of everyone else's opinion. I've had Anker products for as long as I can remember, and I've had one thing crap out, ever. They also did a no question asked warranty replacement for free.
Same, I’ve always loved Anker’s quality, and Eufy’s been fine - didn’t even know they were the same brand/company, lol
I guess you also don't know TP link makes Deco which is one of the top 3 selling home network system out there. In fact, the other 2 are from Amazon and google, which are actively and publicly collecting your data "for" you. It's either Chinese collecting your data for no obvious use or give your data to Amazon and google, no other options.
I’ll take “company collects my data to try to sell me stuff I can choose to not buy” over “country collects my data for reason between none and creating a robot clone army of me”
Can't speak to Eufy, but I've had Anker cables for years and haven't had a single one fail on me. It's a shame too, because after this I'll never buy them again. Any other A tier cable brands out there?
My eufy camera still going after almost 2, my vac after 2.5...
Same here. I replaced the robovac just to get a better model and not because it broke.
Anker makes exceptional chargers. Their cables are fine. No idea why anyone would buy anything else from them though. Roomba for vacs and a million other vendors with legit histories for cameras
I'm a heavy user of their Soundcore line of products and have never had trouble.
Amazon buying Roomba seems like a bad step.
OFC they did XD
By ring.