Recently, there have been occasional reports of some stupid security issues with “smart” security cameras, and the serious vulnerability found by Xiaomi’s security cameras, which binds to Google accounts, is even more worrying. Citingmedia Android Police, Google officials have announced a ban on integrated features binding Xiaomi on Google Home and Google Assistant devices because of the risks involved in Xiaomi’s cameras.
The issue was initially discovered and shared by Reddit community user/r/Dio-V, who said his own Xiaomi home 1080P Smart IP security camera would use a Google/Nest device by connecting to a Google account via Xiaomi’s Mi Home app/service. Dio-V says both the Nest Hub and Mi home cameras were newly purchased from AliExpress, and that the camera is running firmware version 3.5.1.00.66.
While trying to access surveillance video from Xiaomi’s home camera, he did not see the surveillance video stream captured by the camera, but instead showed still images from other rooms in the home. Eight still photos uploaded to the Reddit community include sleeping babies, closed porches and images of men sleeping on chairs.
Dio-V indicates that feedback goes back to the random still image shown by Google Nest Hub, which also includes the Date and Time Stamp of the Xiaomi/Mijia brand, and that the time zone shown is different from the time zone in which he is currently in. Technically, this may have been a well-planned prank, but the evidence provided by Dio-V is quite credible. In addition, these images may also be test images, Dio-V inadvertently accessed debugging mode. There are, of course, other possible explanations.
Google then took the issue seriously, saying: “We are aware of the issue and are in contact with Xiaomi to fix it.” At the same time, we are disabling Xiaomi integration on the device. “Subsequently, themedia Android Police did test and found that integration of all mi’s products had been disabled on devices such as Google Home.