Smart security cameras can be an extremely useful tool, but they can also be a cause for concern when it comes to privacy. This week, a potentially serious security issue has appeared with Xiaomi’s smart cameras when viewed through a Google Nest Hub.
A Reddit user found that his Google Nest Hub wasn’t displaying a camera feed from his Xiaomi device when asked. Rather, the Hub was showing feeds from what appears to be cameras in the homes of random people who bought the same hardware. Each time he asked for a feed, a new camera appeared showing a still from that other person as can be seen below. There are also several examples on the Reddit post including an image of a sleeping baby.
There are a lot of questions around this, but we can assume that this probably has nothing to do wit the Google Nest Hub. Rather, it’s likely an issue with Xiaomi’s software. The camera’s owner noted it was a Xiaomi Mijia camera running on firmware version 3.5.1_00.66.
Update: Google tells us that it is aware of the issue and is in contact with Xiaomi to fix the problem. The cause it still unclear, but for now, Google is disabling integration with Xiaomi devices on Google Home/Nest hardware.
We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices.
Update 12/3: A day after the story broke, Xiaomi has finally spoken up regarding the issue. Speaking to Engadget, the company confirms our theory that this is a caching issue. Apparently, up to 1,044 users could have been affected, but only “a few” may have had the exact circumstances to trigger the stills from other user’s cameras. The issue has been fixed on Xiaomi’s end.
Xiaomi has always prioritized our users’ privacy and information security. We are aware there was an issue of receiving stills while connecting Mi Home Security Camera Basic 1080p on Google Home hub. We apologize for the inconvenience this has caused to our users.
Our team has since acted immediately to solve the issue and it is now fixed. Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions.
We have also found 1044 users were with such integrations and only a few with extremely poor network conditions might be affected. This issue will not happen if the camera is linked to the Xiaomi’s Mi Home app.
Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again.
Update 12/16: A Xiaomi spokesperson speaking to 9to5Google has now confirmed that Xiaomi has fully resolved this issue. From today, January 16th, Xiaomi integration with Google Assistant should be fully working once again and “stronger measures” will be taken to prevent this from happening again.
We now confirm that we have fully resolved the root cause of this issue, and Xiaomi’s Google integration service has resumed from 16, January. Users can now use Xiaomi’s Mi security camera services via Nest devices. At Xiaomi, we take user privacy and information security as top priority. We sincerely apologize for any inconvenience caused for affected users. We will take even stronger measures to prevent such incidents in the future.
When we first encountered this post on Reddit, there were no reports of the issue from any other users. Now, several hours later, no one else has replicated the issue which makes it seem like it might be just affecting a very limited number of people. That doesn’t mean this isn’t a huge security issue with Xiaomi’s cameras, but it doesn’t seem particularly widespread at the least. The limited scope of who’s affected also means this should be taken with a grain of salt.
Xiaomi isn’t really alone when it comes to issues like this. Not long ago, Google’s Nest had a bug discovered which let used Nest cameras feed information to previous account holders until that was patched.
As mentioned, this is only a case of one but it’s still a cause for concern. If you have a Xiaomi camera in your home, especially in a sensitive area, it might not be a bad idea to stop using it until Xiaomi or Google have made comment on the matter.
More on Nest Hub:
- Nest Hubs gaining simple ‘home’ button on Photo Frame/Ambient mode
- Google details ultrasound sensing on Nest Hub, upcoming features
- Google Assistant will now recommend recipes that follow your dietary restrictions
FTC: We use income earning auto affiliate links. More.