Gadgetoid

gadg-et-oid [gaj-it-oid]

-adjective

1. having the characteristics or form of a gadget;
resembling a mechanical contrivance or device.

Eufy Floodlight Security Camera Reviewed

EufyCam Security Flaws

There are multiple features of Eufy’s security products that directly contradict their “end to end encryption” and “no cloud” claims and might raise real security concerns with end-users. I have confirmed these with my own eyes. In fact I was trying to exploit these features to grab an OBS video stream from my cameras and- hands in the air on this one- did not realize the security implications at the time. In particular the public video streams that Wasabi Burns was trying to draw attention to prove fairly conclusively that Eufy’s video feeds are not encrypted and, under some circumstances, are accessible over the internet via potentially guessable, public URLs.

The video streaming concerns are joined by are a fairly tangled mess of bad to worse security practices including Eufy uploading video thumbnails to the cloud and an incredibly suspect looking single, ecosystem-wide “encryption key”.

Eufy’s response to these findings has been – thus far – less than ideal and is by far the most concerning thread of this emerging story. Whether or not there’s any immediate exploit that would give a third party access to start and view your camera feeds is unclear, but if you have Eufy cameras pointed at anything sensitive- turn them off now.

More detail on the security concerns with Eufy cameras is available here.

This review has been far too long in the making. Why? The Eufy Floodlight camera requires a somewhat professional installation and while you can DIY it – which is kinda, sorta half what I did – you’re still going to need a hole from indoors to outdoors in order to supply the mains AC required to power those bright, bright floodlights.

This is in stark contrast to most of Eufy’s external security cameras, their USP being a long lived, built-in battery. This makes installation a simple two shallow holes, rawplugs and screws arrangement that can be easily DIY’d by anyone with a drill and a ladder. This leads me into the elephant in the room:

Mounting This Sucker

A wild @CannonFodder appeared! So I can finally test the @EufyOfficial floodlight camera. pic.twitter.com/id7v35a4g2

— Phil Howard (@Gadgetoid) August 13, 2021

Fortunately I had a somewhat professional in the form of Brian Cortiel – fellow tinkerer, robot maker and general dooer of things. I’m at least somewhat competent at DIY but I’m not ashamed to say I’d never have got this camera mounted so professionally and tidily without his help. We – well he, I mostly got in the way – got the floodlight camera installed in an afternoon and the most difficult part was ramming the power cable through the long, long hole through two bricks and an insulation cavity.

As Brian pointed out the camera feels designed for use in North America (or generally America/Canada?) where it’s presumably easier to bang a hole through a wall right behind where you want to mount it. Either way it is well prepared for British weather, with a watertight seal between the mounting plate and camera, plus waterproof caps over the screw heads and a grommet through which the power supply passes. In order to flush mount the camera on the exterior wall, Brian had to do some drill jockeying to remove some mortar from between the bricks. This created a recess into which the power cable could be routed so it’s not squashed between the camera and wall. If you’re mounting you should pay attention to the hole through which power is routed and make sure it lines up with the mortar to pull off this tidy trick.

Rather than wire the floodlight camera right into mains power, spurring off the kitchen, I decided we should use the same trick I’d devised for our rear, motion sensitive lighting- banging a regular plug on the end and sticking it into a regular plug socket. This takes a lot of the danger and misadventure out of fitting a camera, since wiring the plug and plugging it in is the last thing you do, and none of the circuit is live until the sealed, safe, plug is plugged in and turned on. This worked excellently and the camera has been working for a few days without incident, a simple straight swap for the cheap, indoor camera that I had occupying the same socket. If you’re going to DIY this approach could be a life-saver (literally) and a money-saver if you’re hesitant to pay for an electrician on top of the cost of the camera. It’s not the most tidy of solutions, since you need a wire trailing along and disappearing up into your wall, but it’s straight forward and saves time, money and mess.

Setting up

Once installed the camera setup process is relatively straight forward, but you do have to be mindful that the “sync” button is on top of the camera that you’ve just mounted high up on the wall. Keep the ladder handy until you’re good and set up! Make sure to point the floodlights as far down as they’ll go while you’re up there, too. These lights are *bright* and your neighbours will quietly resent you for lighting up their bedroom at random times of the night.

Setup involves using the Eufy Security app to connect temporarily to your camera via WiFi. At first it’ll ask you for a QR code- I couldn’t find one anywhere on either the box or the camera and opted for a manual setup. This was a relatively painless if slow process. I tried pairing to the 5Ghz network in my office at first, which didn’t seem to work. Using the 2.5Ghz network instead did the trick.

Once set up the Eufy floodlight camera offers exactly the functionality you would expect- short, snappy video clips capture whenever it detects motion. These are accompanied by a buzz of your phone, plus a notification, so you know when someone’s approaching the house.

Still no rtsp

While the Eufy Security app is pretty comprehensive many of Eufy’s products – including this, and the doorbell that I tested- have a glaring lack of any standard video feeds.

That’s to say that getting an rtsp feed from this camera into some security software on a PC or Pi is close to impossible. It’s not quite totally impossible- I was able to log in to Eufy’s web portal, start the video playback in the browser, capture the URL and toss that into VLC media player. While this suggests it should be easy to repeat these steps with a Python script and some basic HTTPS requests I couldn’t get head nor tail out of their servers. The resulting video feed and URL is prone to stopping and dropping connections, presumably because Eufy are going to the trouble of rebroadcasting it from your camera over WAN and have bandwidth/security concerns with doing so.

I could not, for love nor money, retrieve a local stream from the camera and this is frustrating since a cheap and nasty pan/tilt IP camera from Amazon supports this right out of the box. Eufy- you need to fix this since the more advanced users of your products are probably also the most vocal.

A poor substitute for rtsp is Eufy’s web portal which I can use to peek outdoors on the camera, but even this stops after a 5 minute time cap. This is either to save Eufy bandwidth or, potentially, to prevent some devices – which were never really designed with continuous streaming in mind – from overheating. C’mon just let me connect locally!

On your phone you can record video clips from the camera on demand. I’m not sure how much utility there is to this, and it’s not really a feature I’ve ever used with the doorbell, but you could catch some interesting wildlife or weather happenstances if you remember it’s there. You can also activate your phone’s microphone and yell at intruders which could be extremely useful at deterring theft if you happen to be away but want to present the illusion that you’re home. Some deterrent sound-clips would have been handy here for the microphone-shy- dogs barking, fake 999 call, ED-209? I guess you can keep a soundboard on hand if you’re really inventive. There’s a manual alarm button which requires a confirmation to activate, but I haven’t dared press it.

There’s a total of 3.6GB of storage onboard the camera- significantly less than the ~16GB available on the Doorbell’s “Homebase”, but bear in mind the latter is potentially shared across multiple devices. Eufy would probably *like* you to purchase a subscription for their cloud storage, but they don’t seem to push it very hard in the app. We might have Apple’s stringent in-app purchase policies and hefty cut of subscription fees to thank for this. Or perhaps Eufy make good money selling devices- the App seems to have no problem pushing these! You must sign in to the Eufylife web portal to subscribe to cloud storage, which costs $2.99/cam for basic or $9.99 for “Premier” with no up-front indication what the difference might be. A little digging reveals that Basic is 30 days of rolling video history and priced per camera, while Premier supports up to 10 camera with 30 days of rolling history. 30 days is a little tight, in my opinion, and the camera already stores considerably more than that on-device. With 200GB of cloud storage on iCloud costing just £2.49/month and 2TB costing £6.99 Eufy’s prices aren’t especially competitive and generally I wouldn’t recommend bothering with cloud storage.

You’ll be fine rolling with these cameras on no subscription, and I’ve been running the doorbell for 260 days so far. Most of the time archival footage is useful only for a month or two, and then it’s ancient history. Additionally if your footage isn’t on “The Cloud” then nobody else can view it.

But it’s pretty good anyway…

While local streaming is a pig, and my dreams of using the camera as a virtual window are going to be difficult to realize I can’t deny that Eufy’s floodlight cam does what it advertises. If you’re non-technical, are looking for a turnkey solution with camera and app, and have no inclination of doing anything fancy then you’ll find this camera perfectly acceptable. For us geeks… it’s a little lacking! Nothing a software update can’t fix though, right? Right!?

Back to the app. Eufy’s security app is relatively straight forward, giving you a list of devices and the last captured still image from the camera. Usually the back of my head as I nip outdoors to grab something or take out the rubbish. Tapping any camera status a live feed and depending on the camera features you can interact in various ways to startle friends, family and strangers with mysterious voices. While I can’t stream the camera feed to my desktop and keep it in the corner of my screen, I can prop my phone up on my desk and watch it there through the app.

The floodlight camera allows you to manually toggle the floodlighting, which is useful if its serving double duty as a dramatic garden light for your carefully curated foliage. It also supports brightness control- which is a handy additional way to stop excessive floodlight leakage disturbing your neighbours. I found the minimum brightness was still plenty light enough to see by without casting an obnoxiously bright beam of light across the street.

Hair Trigger

This thing is *sensitive*. I’ve made a habit of playing peekaboo as I go outdoors, poking my head out of the door quickly to see just how fast the camera will catch on and trigger the lights. The *big* passive infra-red sensor across the bottom has a very wide field of view and triggers far quicker than those smaller lights we’ve got down the side of the house. It’s extremely convenient, even at lowest brightness, to avoid fumbling with keys in the dark.

Overall

Overall the difficult installation is fairly typical of an external floodlight and you’ve got to be mindful that it’s not a slap-it-on-the-wall-and-charge-it-occasionally device. The result, however, is a very functional all-in-one that will illuminate the way to your front door or car at nighttime, while also keeping a watchful eye over them.

Monday, August 16th, 2021, Home Appliances.