“The Xiaomi Mijia 1080p smart IP security camera showed a user footage from strangers when streamed to a Google Nest Hub”
A newly purchased Xiaomi Mijia 1080p smart IP security camera in The Netherlands showed its owner footage from random strangers, making for a rather creepy experience and a potentially privacy violating one. After Reddit user Dio-V posted about this incident and started gathering considerable attention, reports on the matter state that Google has since reached out to him, and as a precautionary measure, has disabled Xiaomi’s integration with the Google Nest ecosystem of smart home devices. Xiaomi has now released a statement acknowledging the matter, and stated that the issue has been resolved.
It is not clear as to what may have caused this incident, and by the sound of it, the glitch appeared due to an error from Xiaomi’s end. Google opened its third-party devices access programme to vendors of smart home products such as security cameras in October 2019, following which 20-odd security cameras are now authorised to stream footage to Google Nest smart displays. Given the nature of the incident, it is likely that this was a flaw in the cloud storage network of either of the two companies, and how device and user accounts have been encoded into the network.
Google’s prompt and extensive reaction to this incident clearly shows how important this issue is, and further highlights how smart displays still run risks of easily exploitable flaws in their systems. A recent report by Vice’s Motherboard revealed how Amazon’s Ring security cameras lacked basic security measures to protect footage from their devices, while another smart camera maker, Wyze, reported that a glitch in one of their servers caused data belonging to 2.4 million customers to be exposed for nearly three weeks.
With the latest smart security camera flaw incident, the frequency of smart cameras falling to such glitches do not seem to ebb away. While neither Google and nor Xiaomi have released any detailed statement on what exactly caused the mess-up, a patch for the same has now been released. Going forward, it remains to be seen what steps do smart camera makers take in order to secure their devices. Given the ultra-sensitive nature of content that is recorded by them, it remains to be seen whether legal regulations finally manage to rein in the issues, and bind them in a standard.