A user who accessed their Xiaomi home security camera via their Google account was shown still images of strangers in unknown locations.
The Netherlands-based user, known as “Dio-V,” was confronted with random snapshots from other people’s lives after trying to stream content from a Xiaomi Mijia to a Google Nest Hub.
Dio-V reported the incident on Reddit yesterday. Along with footage to demonstrate the serious security flaw, Dio-V posted the comment: “When I load the Xiaomi camera in my Google home hub I get stills from other people’s homes!!”
The still black and white images include shots of a baby lying down in a crib beneath a mobile and several different scenes in which strangers’ living rooms, a staircase, and an enclosed porch area are depicted. In one restful scene, a mature gentleman is taking a nap in a kitchen.
Exactly when Dio-V’s feed first began showing still images of other people’s homes or how long the camera was connected to his Google account before this alarming situation started happening is not clear.
Dio-V said that the camera and the Nest Hub were both purchased new, ruling out any possibility that the incident involves a lingering connection with a previous owner.
Since learning of the flaw, Google has disabled Xiaomi integration for Google Home and the Assistant until a fix is found.
Google said: “We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices.”
The Xiaomi Mijia 1080p Smart IP Security Camera that Dio-V used can be linked to a Google account for use with Google/Nest devices through Xiaomi’s Mi Home app/service.
Commenting on the flaw, Xiaomi stated: “Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions.
“In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions. We have also found 1044 users were with such integrations and only a few with extremely poor network conditions might be affected.
“This issue will not happen if the camera is linked to the Xiaomi’s Mi Home app. Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again.”
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity