Google has recently disabled all Xiaomi smart home integrations on Nest Hub after being informed that some users could access other people’s camera feeds.
On January 1st, 2020, a Reddit user (‘/u/Dio-V’) posted a discussion revealing that Nest Hub was able to access feeds from other Xiaomi cameras. As proof of the issue, the user shared screenshots of other cameras’ feed that he received on his Xiaomi Mijia 1080p Smart IP Security Camera.
He was receiving images from random people’s homes when he tried to stream the feed from his camera to his Google Nest Hub.
“When attempting to access a video feed from his connected camera (as depicted in the video above), instead of the expected local video feed, he’s provided a random, occasionally partly corrupted black and white still image from another home.” reported the website AndroidPolice. “Among the eight or so examples initially provided to Reddit are a handful of disturbingly clear images showing a sleeping baby, a security camera’s view of an enclosed porch, and a man seemingly asleep in a chair.”
Google opted to disable all Xiaomi integrations on its devices even if the issue was only observed with the Mi Home Security Camera Basic 1080p.
“Late night on January 1st, we were made aware of an issue where a Reddit user posted that their Nest Hub was able to access other people’s Xiaomi camera feeds.” reads a post published by the Google support website.
“We’ve been working with Xiaomi and we’re comfortable that the issue was limited to their camera technology platform,”
Google investigated the issue and decided to re-enable Xiaomi device integrations, except for camera streaming.
“We will not reinstate camera functionality for Xiaomi devices until we are confident that the issue has been fully resolved. We’ll keep you updated with information as more becomes available to share,” continues the post from Google support.
The issue was likely caused by some sort of cache update that occurred on December 26, 2019, it has impacted nearly 1000 users.
After Google has re-enabled Xiaomi integration on Nest Hub, some users reported problems in reconnectig their devices.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.