Xiaomi fixes camera bug that displays images from others’ homes

Security camera feeds were being sent to the wrong people.

Rapeepong Puttakumwong/Moment/Getty Images

The bug in Xiaomi security cameras that presented users with images of strangers’ homes on the screens of their Nest hubs has been resolved, according to the company. Google had disabled support for Xiaomi cameras on its Nest line of products in response to the issue.

“We now confirm that we have fully resolved the root cause of this issue, and Xiaomi’s Google integration service has resumed from 16, January,” Xiaomi said in a statement to 9to5Google. “Users can now use Xiaomi’s Mi security camera services via Nest devices.”

Creepy — The bug first came to light after a user on Reddit reported that, when he tried to stream footage from his Xiaomi security camera to this Google Nest Hub, the still images that appeared on screen seemed to be from strangers’ homes, including images of things like an enclosed porch and a baby sleeping in its crib. It’s still unclear what the technical reason was for this worrying bug, and Xiaomi didn’t offer any clarity besides to say they will "take even stronger measures to prevent such incidents in the future."

Smart home products need to get more secure — The issue highlighted ongoing concerns about the level of security offered by new smart home gadgets, which have access to the most sensitive and intimate areas of our lives. There’s great convenience to monitoring your home from a distance, but the stakes for protecting that information is also higher than it may be for keeping your Facebook account private. We all engage in extremely private activities when we know we’re safe in our homes, and as we’re seeing the security slip-ups that happen all too oft online can now happen there too.

Amazon has been sued by users of its Ring doorbell cameras following reports that bad actors were able to gain remote access to the devices and snoop on unsuspecting victims in their own homes — the company responded by blaming users, saying they should have enabled two-factor authentication. The truth is that Amazon should make these measures default or else less tech-savvy users might not use them. It’s no longer acceptable to make it opt-in.