We know creeps have hacked smart baby monitors to spy on families, but a bug affecting Xiaomi smart cameras linked to Google accounts creates the reverse problem: one user received unwanted images from strangers’ homes when streaming content from his own camera to a Google Nest Hub.
The bug was publicized on Reddit by a Google Nest Hub user, ‘Dio’, who had clicked the camera tab on the app and expected to see video from his connected Xiaomi smart camera.
But rather than getting a view of his own house, he got still images from strangers’ cameras, including images of someone’s living room, a sleeping baby, a child with toys and a man sleeping in a chair. He shared the images on Reddit, which clearly show a baby sleeping in a cot.
SEE: Sensor’d enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)
Dio’s camera was a new Xiaomi Mijia Smart IP Security Camera. The device can be associated with a Google account, allowing the user to connect it with Google Nest devices. He purchased the Xiaomi camera from AliExpress this June.
It’s not clear what caused the Nest Hub to receive images from other households. However, following his report Google disabled Xiaomi integrations with its devices.
“We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices,” Google said in a statement to ZDNet sister site CNET.
Google said it had not received reports from other users experiencing the same problem.
As per Android Police, Google’s Xiaomi access restrictions have disabled all Mi Home integrations for Google Assistant.
Dio told CNET his camera and the Nest Hub were running the latest firmware when he started seeing other users’ photos.
“I’m just glad I didn’t have one pointed at our bed or shower,” he said.