A creepy glitch on Google Nest Hub leads to camera restriction

The latest home security camera privacy invasion.


Chinese tech suffered a blow on Friday when a Reddit post worked its way up the ladder describing a problem with a Xiaomi camera linked to a Google account.

The Reddit post, first picked up by Android Patrol, describes a Google Nest Hub gathering and displaying seemingly random images from strangers. The issue has been connected to the user’s own Xiaomi Mijia 1080p Smart IP security cameras.

“We’re aware of the issue and are in contact with Xiaomi to work on a fix,” a Google spokesperson told The Verge. “In the meantime, we’re disabling Xiaomi integrations on our devices.”

The camera, which the Redditor purchased from Chinese site AliExpress, is just the latest Internet of Things (IoT) product to face security issues. As The Verge notes, hackers have been able to infiltrate their own IP cameras with generic-style tests that did not even bother to look for weaknesses in the first place.

The Redditor, who tells The Verge that they are based out of The Netherlands, displayed their problem on the social media forum. The user, who goes by the handle Dio-V, tells the site that the unwanted images included “an enclosed porch, a sleeping man in a chair, and a sleeping baby in a crib.”

“Xiaomi has always prioritized our users’ privacy and information security. We are aware there was an issue of receiving stills while connecting Mi Home Security Camera Basic 1080p on Google Home hub. We apologize for the inconvenience this has caused to our users,” the company said in a statement emailed to Inverse.

“Our team has since acted immediately to solve the issue and it is now fixed. Upon investigation, we have found out the issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality. This has only happened in extremely rare conditions. In this case, it happened during the integration between Mi Home Security Camera Basic 1080p and the Google Home Hub with a display screen under poor network conditions.”

The company’s statement goes on to say that “1044 users were with such integrations and only a few with extremely poor network conditions might be affected.” Xiaomi describes the issue as “fixed,” although says that all Mi Home Security Camera Basic 1080p cameras have been suspended from working with Google products until “the root cause has been completely solved.”

Smart home security systems have been on the uptick, but security flaws within the cameras themselves have increasingly made the headlines. Recently, the New York Times-owned tech review site Wirecutter revoked its endorsement of Ring security cameras due to massive data leaks. The waning days of 2019 saw a class action lawsuit filed against the company, as well as its parent Amazon.

There are some basic security steps that anyone using an IoT device can adhere to, like making sure any purchased camera has two-factor authentication as an option. There are a number of smart cameras on the market, but there’s no accounting for mishaps like those that befell the Redditor in The Netherlands.

Related Tags