Does anyone know if other battery powered camera makers (e.g. Arlo, Ring, Blink) have a similar sync button on their cameras and if so, how they handle this use case? Eufy is the only security camera brand I’ve ever used so I don’t have experience with other cameras.
Eufy isn’t going to do anything about this unless they get a lot of bad publicity on it. If someone could make a youtube video about this exploit and have it go viral… But risk is that if Eufy still doesn’t fix the issue afterwards, a lot more people, including bad ones, will be aware of it.
I know Eufy sells those black silicon sleeves for the camera body (e.g. https://www.amazon.com/eufy-Security-Protective-Silicone-Protection/dp/B0854K8WB3). This would at least hide the sync button and maybe make it harder to press. But it’s an extra cost for an issue that should really be fixed in the software and black color may not work well for many (including me).
No other camera maker I have tried lets you delete video from a button on the externally accessible camera - it simply makes no sense to allow this. In addition, most systems (my Blink cameras for example) will not let you simply add a reset camera to a new system until the original owner deletes the camera from their account. Thief gets a bonus with Eufy - once they delete the video of themselves stealing your camera - they are then able to take your camera and sell it or add it to their own system - no need for the original owner to delete or remove the camera from their account. Made to be stolen.
It could be the case that video stays in cloud if reset but I wouldn’t take Eufy’s word for it - has anyone tested this? I certainly won’t pay for cloud to test - the reason most folks got into the Eufy ecosystem was the fact that video is stored on the local homebase. They just forgot to tell us a thief can make it disappear. If it does remain in the cloud, as I suspect, the reason Eufy won’t fix the issue is to force users to subscribe to their cloud service. My cameras will go into the garbage before I do that.
I’m just reading on the Eufy app their section entitled “Is Cloud Storage Right For You?” They say “In the last installment we looked into what storage options are available to you for your security products. We discussed how local storage is our top choice when it comes to security.” - what garbage.
Even if you do get cloud storage and video remains (unconfirmed) they don’t address the fact a thief can reset and resell your cameras for use on another account with a push of a button.
I’d take anything Eufy support says with a degree of salt. Most of them don’t really have much product knowledge and are just reading from a script. That includes the ones with Manager in their job titles. If you don’t test it yourself, you can’t be sure.
I’m like you and don’t want to pay to test their cloud solution. I suspect that the same problem will affect the cloud video because the camera record key is getting deleted on the homebase when the Sync button is triggered. If there is no record key on the homebase, how can the cloud clips be retrieved?
Maybe I don’t understand the cloud data flow and the record key doesn’t get deleted in cloud storage, but I’ve already given Eufy too much of my money and I’m not willing to be a further guinea pig for their lame software.
Well if anyone wanted to know after alot of emails back and forth to Eufy/Anker.
I was told this is a feature that they will not fix since they want it to be like this.
Told me that if someone steals the camera they have access to the recordings on the homebase. Which makes zero sense since they are on the hub not the camera itself.
They were willing to give me a partial refund on my eufy items if i payed for shipping.
Sounds like you got the usual runaround by someone who knows next to nothing. Usually they tell you they are working on the issue, rather than its designed that way, but that might just be ignorance of the support person.
Really surprised they offered a partial refund. Maybe we should all contact them and demand a refund.
@preset I’m still dumbfounded that after all this time it hasn’t been addressed by Eufy OR that reviewers on Youtube have not exposed or alerted others about this major flaw.
Not read this whole thread and could be wrong but I THINK the issue is if you hold the sync button down on a camera for 10 seconds it formats the homebase?
While holding the SYNC button down for 10 seconds do not formats the HB, it removes the camera, therefore making all videos recorded by the removed camera unaccesible.
When adding the camera back all videos get available again, which would be impossible of course in the case the camera got stolen after being removed.
Bottom line, this is indeed a major flaw and is still happening with all firmware versions up-to-date.
Not only do you lose the video of the theft if the camera is reset, but there is incentive for the thief to steal the cameras as once reset, the camera can be added to another account - ie. thief can sell the camera, No other current security camera I am aware of lets you reuse a camera on another account without the user releasing the camera in the app or via a method other then on the device itself.
a thief would be stupid to either sell or activate the stolen camera. as soon as the camera is reconnected to a network it will relay the SN to eufy along with it’s exact location. so if your camera gets stolen couldn’t you just have eufy see if the camera has in fact been reconnected from a different location. just make sure you have all the SN’s of all your cameras.
Given my experience with EUFY so far, I doubt very much they would come rushing to my aid to track and trace my stolen camera. In fact, I could pretty much guarantee they wouldn’t
Don’t know about you but I’ve spent more than enough money with them already and I don’t even have operational, fully functioning cameras-- a seperate issue entirely from this embarrasing ‘sync button delete’ debacle.
I appreciate the optimism, but previous track reccord has to be taken into consideration here.
This is based on physically having to press the sync button…but if Eufy’s threat modelling of their system is as poor as this tread suggests, there’s every possibility of the communication between the camera and homebase being hijacked.
Have Eufy implemented something like MTLS between cameras and homebase, does the homebase verify a request to delete has genuinely come from and active camera and not some man in the middle service? I don’t know but I’m not going to risk my property, with the other issues I’ve had my trust in this system is shot. Looked so promising but let down by what appears to be a poor implementation.
Recordings of a deleted camera should be archived at the very least. But I should have to confirm a delete via the app. “By design” is a cop out when threat modelling has not been done…designs change when new threats are discovered. Companies that don’t change their design get hacked and eventually go out of business.
