Security researcher Paul Moore discovered the Eufy Doorbell Dual camera’s feed could be accessed via a web browser by simply knowing the right URL, and no password was required.
Moore said camera videos encrypted with AES-128 are using a simple key that can be broken with relative ease, and the app was uploading thumbnails to the cloud, before sending them to people’s mobile apps as notifications, the camera was uploading facial recognition data to its AWS cloud without encryption.
In a blog post Eufy (owned by Anker) addressed these claims, confirming some of them, but denying others.
www.techradar.com/news/anker-admits-eufy-camera-security-issues
community.security.eufy.com/t/to-our-eufy-security-customers-and-partners/3568215