Google Disables Links To Xiaomi Cameras Amid Security Scare

One user of a Google Xiaomi Mijia home security camera recently got a shock when they discovered their device projecting images from another person’s home. The images reportedly included shots of an infant in a cradle, a man sleeping and an enclosed porch.

The user, who went by the name /r/Dio-V, specified the device as a Xiaomi Mijia 1080p Smart IP Security Camera, which can be linked to one’s Google Home/Assistant via Xiaomi’s Mi Home app. The user noted that they had purchased the technology new from AliExpress, and that it used firmware version 3.5.1_00.66.

As of Thursday (Jan. 2), no one was clear on when the camera had begun showing a feed of images from others’ homes, or how long it had been going on. However, /r/Dio-V said an examination of the images indicated that they were in a different timezone than their own.

News site Android Police said it’s “technically possible” that this could all be a hoax, but admitted that the evidence provided thus far has been convincing, as it’s a “pretty high effort” to create a whole video feed of corrupted images as a hoax. The report added that it could be test images shown on accident.

Google commented that it was aware of the incident, and was working to correct whatever error had occurred. In the meantime, the company would disconnect Google’s services from the Mi Home devices for the time being. Reddit users reported that this was indeed the case: that the cameras were no longer working through Google. User /r/Dio-V confirmed the same of their own device.

Xiaomi did not respond for comment to Android Police on the incident.

Home security cameras have had similar issues before. For example, pre-owned Nest cameras would remain linked to the original owner’s account, and could show images from the new purchaser’s home. In another instance, Wyze, which makes smart security cameras, made a mistake by storing user data in an unsecured manner, forcing users to set up their devices all over again.