Anker has confirmed that one of its security camera products had some serious security flaws that allowed unauthorized third parties to view the camera live feeds. It also confirmed that it’s been sending mobile push notifications with people’s faces via the cloud to user endpoints (opens in new tab). Security researcher Paul Moore recently discovered that the (Anker-owned) Eufy Doorbell Dual camera’s feed could be accessed via a web browser by simply knowing the right URL, with no password was required.
…
Read more