Google disables 'Xiaomi integrations' on its devices after security flaw found in Xiaomi security cameras
Xiaomi security camera security flaw was first reported by a user on Reddit
Google has disabled Nest Hub integration with security cameras made by Xiaomi after a user spotted a Google Nest Hub showing images from a stranger's home.
The incident was reported by the user "Dio-V" on Reddit, and first picked by Android Police.
Dio-V revealed that when he attempted to view the feed from his own Xiaomi security camera via Nest Hub, he was instead shown still images from other cameras that did not belong to him.
We're aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we're disabling Xiaomi integrations on our devices
Each time "Dio-V" asked for a feed, a new camera appeared showing monochromatic images from other people's cameras. With his Xiaomi camera, "Dio-V" was able to see a baby sleeping, someone's living room, a person sitting in the kitchen and another picture of a child playing with toys.
It's unclear what caused the images to start appearing from random cameras on the Nest Hub of "Dio-V," but it appears that the issue here is with Xiaomi's software rather than with the Google Nest Hub.
"Dio-V" said he was using a Xiaomi Mijia cam with firmware version 3.5.1_00.66.
While some images were blurry and partially corrupted, most were clear enough to suggest a major security flaw with Xiaomi security cams.
"We're aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we're disabling Xiaomi integrations on our devices," Google told Android Police in a statement.
So far, no other user has reported similar issues with Xiaomi cameras, which means the issue lies only with a limited number of devices. Still, it is a serious flaw in terms of users' security and privacy.
Xiaomi is not the only company, however, when it comes to issues like this. A few months back, security researchers discovered multiple vulnerabilities in Google's Nest CAM IQ indoor camera, which could allow hackers to take control of a vulnerable device.
In total, eight bugs were discovered by researchers, of which three were denial-of-service (DoS) flaws, two code execution bugs, and the remaining three could be used for information disclosure.
Last June, a researcher also uncovered a vulnerability in Ring Video Doorbell Pro device that enabled hackers to take control of users' Wi-Fi networks.
A security patch for the bug was released by the vendor on 7th November 2019.