I want to share my thoughts and ideas on the Eufy security products. I own the indoor cameras, Battery Doorbell, Homebase 2, Door and Motion sensors.
I am a cybersecurity specialist with 14 years of experience. Therefore, I don’t make these recommendations lightly or without knowledge.
Eufy should:
- Add home base 2 compatibility with indoor 2K Pan & tilt camera, not necessarily to use the Homebase’s storage, but to synchronize modes like “away” when leaving the house. It would be best for the indoor cameras to also switch profiles then, without a second and third manual action.
- Add the Automation tab with additional triggers for indoor 2K cameras.
- In home base 1 you can set the duration of the alarm; in home base 2 this option is missing, so it will stop the siren very soon; this should be fixed to increase the length of the alarm or to make sure it only turns off when given the command via app or keypad.
- The lack of Global 2FA (Two-factor authentication) is very troubling. I live in the Netherlands, and I need 2FA! Both on the Eufy website, viewing portal, and with setting up new phones on the app.
- The passwords you can choose for your eufy account are limited to 18 characters in length, and not all symbols are supported. Eufy should at least increase the password length to 32 characters without symbol limitations for increased security.
- Eufy advertises their doorbell, Homebase 2, and indoor cameras as “local storage” with AES encryption on the storage. However, your video stream is also uploaded to the Eufy Portal, which still uses Flash. Flash is very outdated and insecure, so it will be a matter of time before the cameras and/or eufy’ portal gets hacked. This is also why 2FA (Two-factor authentication) is so important.
- Regarding 2FA, they are rolling it out ONLY in certain regions. The only reason they would do this is that they are using text (SMS) messages and email. Of course, SMS messages cost money, but they are also less secure. Therefore they should add regular 2FA, which can be used with apps like AndOTP, Google Authenticator. There are free open source solutions for Eufy, so cost is not a factor here. The current implementation is cumbersome, less secure, and will only accommodate a small part of their entire customer base.
- Can eufy please elaborate on the camera streams to the apps and their viewing portal? Do they use secure encryption when making this connection, or is security just an afterthought for them?
- When a sensor or camera loses connection, there are no app (push) alerts. There should be, however, since this could indicate sabotage in progress. Why hasn’t eufy implemented this essential yet straightforward features?
- The trained AI algorithms do a mediocre job of detecting someone trough the cameras and doorbell. They should be further improved.
- The doorbell camera (battery version but hardwired with 14 volts) is only detecting and recording when the person is already at the door. I don’t need a 1-second clip. I need to see who that person is. I have a front garden with a clear sight for the camera, and it is at least 8 meters to the road, so it should act a lot sooner.
I was pleasantly surprised by the minimal dimensions of the products and the ease of setting it up. However, I feel disappointed by the lack of features, promises that Eufy made to customers, and online on the forum and never delivered. (Such as IFTT implementation, Homebase 2 support)
This is not how businesses should operate with the people that keep them alive financially. Eufy, your managers, programmers, and engineers should step up their game and improve the overall security and usability of the products. How can I, with good consciousness, recommend your system when I find so many imperfections with it, some of which could lead to severe issues, like compromised cameras or “alarm” systems.
I hope that someone from Eufy reads this; if you are not the person who can help, please send the entire message to the person or department who can look at my points.
gets to reading above and start seeing even security specialists are pickling apart your inferior products. Please just implement 2FA already I don’t understand why you still wait to do so after major security breaches have occurred. I guess you all wanna be the next to face penalties and fines by these countries governments etc.
