A Xiaomi security camera owner reports receiving random images from strangers’ homes.
Smart-home security appliances are not always what they are made out to be and recently some have been running into more problems than is healthy. Some smart doorbells have been caught recording more data than thought, while Wyze Labs, which makes connected home gadgets, has been hit by a data breach.
The latest news is that a mishap involving one of Xiaomi’s security cameras has lead Google to temporarily shut down access for Xiaomi devices to Google Nest Hub and Assistant. This was after a user reported that his Xiaomi Mijia 1080p Smart IP Security Camera received still images from random people’s homes when he tried to stream the feed from his camera to his Google Nest Hub. The mix-up – uncovered by a Reddit user going by the handle /u/Dio-V and apparently picked up first by Android Police – is described in detail in Reddit’s r/googlehome thread.
The security camera itself can be linked to the Google Nest line of devices using Xiaomi’s proprietary Mi Home app. The hub, while trying to access the camera feed, started showing still images from random locations. Some of the black-and-white, partly corrupted images even included people sleeping and a baby in a cradle, which is especially disturbing.
Google reacted promptly: “We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices.”
The Chinese tech giant has acknowledged the issue and said that it doesn’t take users’ privacy issues lightly: “We apologize for the inconvenience this has caused to our users. Our team has since acted immediately to solve the issue and it is now fixed. Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions,” reads Xiaomi’s statement for XDA developers.
Although IoT devices have come a long way in simplifying our lives, they still have a long way to go before we can consider them secure enough to become a regular part of our lives. Manufacturers have to make cybersecurity one of the pillars of their devices and not a mere afterthought.
On a related note, ESET researchers recently documented a series of security holes in a D-Link cloud camera that allowed attackers to not only intercept and view the recorded video, but also to manipulate the device’s firmware.
written by Amer Owaida, ESET We Live Security