Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

January 6, 2020

A Xiaomi Mijia camera user discovered a security breach after he was able to see still images from other random peoples' homes when trying to stream content from his camera to a Google Nest Hub.

On the Reddit threat, the user uploaded a video, which depicted the issue. He also provided screenshots of his camera feed, including stills of people sleeping and an infant in a cradle. After news broke, Google entirely disabled Xiaomi integration for Google Home and the Assistant while it worked out the issue with Xiaomi. A Google spokesperson provided a news report with the following statement: "We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."

Xiaomi also reached out to the news report, and noted that they had fixed the issue. "Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions. We have also found 1044 users were with such integrations and only a few with extremely poor network conditions might be affected. This issue will not happen if the camera is linked to the Xiaomi’s Mi Home app. Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again."

James McQuiggan, security awareness advocate, says, "Google took an appropriate step in their incident response process to remove the risk of someone else experiencing the same "cache update" issue with these types of webcams. This is important why software developers working with third party systems invest heavily in the security of not only the device, but also the data access controls as well. While this issue is extremely bad, consumers should continue to be vigilant regarding the data and their systems and to alert the developers when they have security concerns."

You must login or register in order to post a comment.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

The latest news and information

Content written for business-minded executives who manage enterprise risk and security

Xiaomi Mijia Camera Picking Up Strangers' Camera Feeds

Related Articles

Related Products

Report Abusive Comment

The latest news and information

Content written for business-minded executives who manage enterprise risk and security