In major privacy breach, Xiaomi Mijia cameras found to be streaming to random user’s Google Nest Hub

[Hamartia Antidote]

Looks like during a recent update Xiaomi enabled a backdoor feature by accident.

https://mspoweruser.com/in-major-pr...treaming-to-random-users-google-nest-hub/amp/

A Reddit user reports that his Google Nest Hub started showing him the video feed from the home surveillance cameras of random Xiaomi Mijia users after he attempted to access his own newly purchased Xiaomi camera.

The mix-up appears to be at Xiaomi’s backend, with his Google Nest Hub appearing to pull stills from other users instead of his own, with the user appearing to look into a child’s nursery, a porch and a lounge.

Sometimes the photos are corrupted and it is unclear who’s home they are peering into.

Google has responded to the issue by disabling Xiaomi’s integration with the Nest Hub, saying:

“We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices.”

Xiaomi Mijia cameras only cost around $50, and offer the ability to stream your video feed to the Google Nest Hub, similar to how an Echo Show can show video from Ring Video Doorbells and other cameras.

The incident is a timely warning around the potential for data leakage related to the video cameras all around us, suggesting it is never completely safe to have a smart camera in your home.

 

[Hamartia Antidote]

Certainly you are nutz to store video from inside your home on the cloud. Even Nest and Ring offer this. You are really really asking for problems with others somehow getting hold of it.

I have a video doorbell with a 128GB SD card so it isn’t sending video to the cloud 24/7 (Although outside isn’t as bad as inside). It is cool being able to view it on my phone and talk to people remotely from 1000 miles away...but storing video from inside my house on the cloud...no way.

 

[TNT]

Certainly you are nutz to store video from inside your home on the cloud. Even Nest and Ring offer this. You are really really asking for problems with others somehow getting hold of it.

I have a video doorbell with a 128GB SD card so it isn’t sending video to the cloud 24/7 (Although outside isn’t as bad as inside). It is cool being able to view it on my phone and talk to people remotely from 1000 miles away...but storing video from inside my house on the cloud...no way.

So u think if u can view ur camera footage thousands of miles away and not store it on cloud then ur safe and ur videos cant be stored without ur permission??? Haha

 

[Hamartia Antidote]

So u think if u can view ur camera footage thousands of miles away and not store it on cloud then ur safe and ur videos cant be stored without ur permission??? Haha

The video is on the SD card not on a cloud server. Which will be erased or replaced by me instead of being stored on a server for the next 100 years.

Sure somebody could get my password and they could view it. if they had storage space to spare they could copy it down.

 

[TNT]

The video is on the SD card. Which will be erased or replaced by me instead of being stored on a server for the next 100 years.

I know but once u stream anything from one location to the other through the internet, it can be stored easily.

 

[BringHarmony]

I know but once u stream anything from one location to the other through the internet, it can be stored easily.

Not if you run it via a SSH tunnel with the keys that you generated. Strong Encryption is still Strong.