Don't Xiaomi pics of other people's places! Chinese kitmaker fingers dodgy Boxing Day cache update after Google banishes it from Home

Redditor finds security camera capturing stills from strangers' cribs

Someone checking out security footage of a home

Xiaomi has blamed some post-Christmas cache digestion problems after finding itself plonked on the naughty step by Google – which blocked the Chinese tech conglomerate's devices from its Nest Hub and Assistant last night.

This follows a shocking glitch where one Xiaomi Mijia security camera owner was able to peer into the homes of several strangers.

The issue was raised by Reddit user Dio-V, who noticed that his Google Nest Hub was showing him stills from other people's homes, rather than footage from his own camera.

In a comment posted to the Google Home subreddit, you see several clear frames depicting a sleeping baby, someone's hallway, and an unidentified man passed out on an armchair. It's not immediately obvious when these pictures were taken, or how long the issue has remained unresolved.

The Xiaomi Mijia 1080P Smart IP Security Camera retails for £38 on Amazon, and can be bought from Chinese retailers like BangGoood and GearBest for about $25. Dio-V says he bought his camera new from AliExpress, and it was running the latest firmware version.

For its part, Google has contacted the Redditor affected, and promptly disabled Xiaomi's integrations. And while this will undoubtedly inconvenience many users, it's better to be safe than sorry.

It told several outlets late last night: "We're aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we're disabling Xiaomi integrations on our devices."

Xiaomi provided The Register with this statement, attributing the flaw to a caching issue:

Xiaomi has always prioritized our users' privacy and information security. We are aware there was an issue of receiving stills while connecting Mi Home Security Camera Basic 1080p on Google Home hub. We apologize for the inconvenience this has caused to our users.

Our team has since acted immediately to solve the issue and it is now fixed. Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions.

We have also found 1,044 users were with such integrations and only a few with extremely poor network conditions might be affected. This issue will not happen if the camera is linked to the Xiaomi's Mi Home app.

Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again.

This isn't the first security issue associated with a cheap IP camera. A cursory browse of Shodan, a search engine for dodgy IoT devices, reveals thousands exposed to the internet, allowing anyone to peer in. The main difference here is that Xiaomi isn't a fly-by-night operator flogging rebranded and unsupported OEM kit, and is actually taking action.

That said, this episode is still hugely damaging to the company's esteem, particularly as it's in the midst of a Europe-wide push. It's also unclear when Google will lift Xiaomi's suspension. As always, when we find out, we'll let you know. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020