Google revokes Xiaomi Nest access after privacy scare

Google has suspended Xiaomi’s Nest ecosystem access after a customer reported seeing still images from the feeds of other users on their Nest Hub.

Reddit user Dio-V explained on the Xiaomi subreddit that his/her Nest Hub device displayed the images when asked to access the connected Xiaomi Mijia smart camera. The images in question appeared only briefly, and were often partially obscured by file corruption. That said, it’s still pretty easy to make out objects and people:

Other images show a man napping in a chair, a baby in a crib and the front porch of a house. Many of the images wear the same Xiaomi branding and accompanying timestamp, which Reddit user Dio-V took to mean that these were stills from cameras across the globe. Dio-V lives in the Netherlands.

For its part, Google was quick to respond, contacting Dio-V and temporarily deactivating Xiaomi’s Nest ecosystem privileges. The firm also issued a statement (via Gizmodo) that reads: “We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices.” So far, Xiaomi hasn’t followed suit.

The temporary suspension affects all Xiaomi products, including all Mi Home devices, meaning users may experience a loss of functionality while Google and Xiaomi work on a fix. Reddit user dirtyid suggested that the issue may have been caused by buffers on streaming servers that aren’t being correctly cleared between user sessions; what this means is that Xiaomi Mijia owners like Dio-V are seeing a few frames of another user’s stream before their own session begins.

In any event, this is clearly a privacy concern that Google is keen to knock on the head. With Ring and Amazon currently under fire for reported camera hackings, and Google itself having only recently resolved a pre-owned Nest exploit that allowed previous owners to access their old device’s camera, it’s not hard to see why.