Google Suspends Xiaomi’s Nest Integration After It Appears To Pick Up Strangers’ Camera Feeds

Google Suspends Xiaomi’s Nest Integration After It Appears To Pick Up Strangers’ Camera Feeds
Photo: Josh Edelson, Getty Images

Google has cut off access to its Nest Hub and Assistant for Xiaomi devices after a user was reportedly able to view still images from other camera owners upon linking his Xiaomi camera to his Google account. Android Police first reported on the incident after a Reddit user posted about the disturbing encounter.

“We’re aware of the issue and are in contact with Xiaomi to work on a fix,” a Google spokesperson told Gizmodo via email. “In the meantime, we’re disabling Xiaomi integrations on our devices.”

In his post, Reddit user Dio-V purported that his newly purchased Xiaomi Mijia 1080p Smart IP security camera began showing these images, presumed to be from other camera owners with Google-integrated devices, when he attempted to stream his camera’s footage to his Google Nest Hub. In the accompanying video, random still images of a sleeping baby in a crib, a porch, and a man seemingly asleep in a chair can clearly be seen, though a few of the images appear partly corrupted. It’s unclear exactly where they were taken or how long his camera was connected before his feed first began showing these stills.

In a Verge report, Dio-V—who’s based in the Netherlands—confirmed that Google has since contacted him about the post, though it has been radio silence from Xiaomi so far. Xiaomi also did not respond to Gizmodo’s request for comment.

When all you have to go on is a single Reddit post, it’s hard to verify whether this is some elaborate hoax or a legitimate security issue. However, Google’s swift response shows it’s not taking the report lightly, likely in an attempt to avoid the same kind of scrutiny Ring has attracted thanks to their blase response to several high-profile reports of camera hackings. Ring and its parent company, Amazon, are currently facing a class-action lawsuit regarding allegations of invasion of privacy, breach of contract, and just generally crap security standards that have led to bad actors having a field day hacking the company’s security devices.