Google cuts off Xiaomi smart camera access after bug showed photos of strangers' homes

Instead of the view from his own Xiaomi camera, Dio's Nest Hub showed him scenes from other people's households, including a sleeping baby.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

The Nest Hub started showing photos from Xiaomi cameras in strangers' homes instead of his own feed, Dio said.

Dio-V / via Reddit

On New Year's Day, Dio looked at his Google Nest Hub and clicked on the camera tab to see video from his Xiaomi camera, expecting to see a live feed of the blackboard he had the smart device pointed to. 

Instead, he saw stills from a stranger's camera, showing what looked like someone's kitchen. Confused, he clicked again and again and got a different image each time. Only every now and then it would be an image from his own camera.

He had seen inside someone's living room, a baby sleeping, a person sitting in the kitchen and a child with toys, according to stills he posted in a Reddit thread highlighting the issue on Wednesday. 

Dio, from the Netherlands, declined to give his full name out of safety concerns. He said his camera and the Nest Hub were on the latest firmware when he first started seeing the strangers' photos. 

"I'm just glad I didn't have one pointed at our bed or shower," he said in an email.

Watch this: Your Ring camera could be a part of a police surveillance network

Google is looking into the matter.

"We're aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we're disabling Xiaomi integrations on our devices," Google said.  

In a statement, Xiaomi said it found 1,044 other people affected by this issue, which its team discovered had been going on since Dec. 26. It was caused by an app update originally intended to improve camera streaming quality, the company said, adding that the problem only happens under poor network conditions. 

"Xiaomi has communicated and fixed this issue with Google, and has also suspended this service until the root cause has been completely solved, to ensure that such issues will not happen again," a Xiaomi spokesperson said.

Smart devices are notorious for security glitches, like when hackers took advantage of Ring's authentication process and were able to hijack video doorbells and harass owners. Security issues on smart cameras are yet another reason for anxiety, since hackers could get a direct feed on people's activities. 

Dio said he wasn't doing anything malicious when he discovered the technical flaw, and found it by accident when he was testing his Xiaomi Mijia smart camera, which he bought from AliExpress in June.  

The camera can be linked to Google Nest devices through the Mi Home app, which Dio said he primarily used. 

Originally published Jan. 2 at 2:53 p.m. PT. 
Updated Jan. 3 at 5:22 a.m. PT: Added statement from Xiaomi.

16 smart doorbells to watch over your front stoop

See all photos