Xiaomi has its own voice assistant, but it’s not popular outside of China. So, it’s not surprising that the company would make its smart home products compatible with the Google and Amazon clouds. It is a bit surprising that it would screw that up so badly, though. It appears that at least one Xiaomi security camera has started showing images from other people’s cameras, and as a result, Google has blocked Xiaomi from its platform.
The issue first came to light earlier today via a Reddit user who bought one of Xiaomi’s super-cheap home security cameras, marketed under the Mijia brand. The device supports 1080p video and costs about $20, making it a compelling option if you want a home surveillance system on the cheap. Xiaomi’s devices support Google Assistant, allowing users to view the feeds in the Home app and via Assistant smart displays.
Reddit user /u/Dio-V discovered that loading his camera feed on a Nest Hub would instead show him a still photo from someone else’s camera. What’s more, it was different each time. Just by reloading the feed, he could snoop on Mijia camera owners all over the world who had also connected their cameras to Assistant. The images included empty offices, living rooms, and even bedrooms with sleeping children.
This is not the first time someone has gained access to someone else’s camera feed, but that usually involves someone setting a weak password. In the case of Google, it found last year that some Works with Nest cameras would remain connected to the original owners after a reset. That’s not great, but this situation is substantially worse because no one is trying to hack these cameras — Xiaomi is sending out the wrong video feeds when people attempt to use their devices as intended.
Xiaomi has yet to provide a statement, but Google isn’t taking any chances. It has disabled Xiaomi’s access to Assistant until further notice. Attempting to access a Mi-branded smart home device via Assistant produces an error message. Xiaomi also has an Alexa skill for its cameras and other smart home devices, but it’s unclear if that plugin has the same issue. As a precaution, I’d suggest unplugging any Xiaomi cameras you have around the house until the company explains what happened. You might also consider picking up some cameras that are a bit more reliable.
- Researchers Hack Smart Speakers with Lasers
- Google Killed Nest’s Interoperability Last Week, Ends ‘Works With Nest’
- Woman Films Her New Internet-Connected Camera Whispering ‘Hello’