Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

January 6, 2020

A Xiaomi Mijia camera user discovered a security breach after he was able to see still images from other random peoples' homes when trying to stream content from his camera to a Google Nest Hub.

On the Reddit threat, the user uploaded a video, which depicted the issue. He also provided screenshots of his camera feed, including stills of people sleeping and an infant in a cradle. After news broke, Google entirely disabled Xiaomi integration for Google Home and the Assistant while it worked out the issue with Xiaomi. A Google spokesperson provided a news report with the following statement: "We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."

Xiaomi also reached out to the news report, and noted that they had fixed the issue. "Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions. We have also found 1044 users were with such integrations and only a few with extremely poor network conditions might be affected. This issue will not happen if the camera is linked to the Xiaomi’s Mi Home app. Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again."

James McQuiggan, security awareness advocate, says, "Google took an appropriate step in their incident response process to remove the risk of someone else experiencing the same "cache update" issue with these types of webcams. This is important why software developers working with third party systems invest heavily in the security of not only the device, but also the data access controls as well. While this issue is extremely bad, consumers should continue to be vigilant regarding the data and their systems and to alert the developers when they have security concerns."

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.