[Nextgrid]

I'm not sure whether the doorbell uses the same Tuya platform as their vacuum cleaners do, but if they do then there's a major vulnerability there - essentially all their Tuya-based devices can be accessed by knowing just a (sequential) ID.

[immnn]

Thanks for the advice. Do you have some sources?

[Nextgrid]

This GitHub issue describes how the official Eufy app talks to Tuya: https://github.com/mitchellrj/eufy_robovac/issues/1 - you see that once you get your Tuya User ID from the Eufy API, the actual password to talk to Tuya is actually hardcoded and the same for every user.

I've got some code that implements the "request signature" mechanism (the missing piece of the puzzle in the above issue) that might make this more obvious - you'll notice that the TuyaAPISession class only takes a username (the aforementioned sequential ID) and country code, no password (as it's hardcoded and the same for everyone): https://gitlab.com/Rjevski/eufy-device-id-and-local-key-grab...