Resource Center

Google Removes Xiaomi From Nest Hub After Security Leak

Jan 20, 2020 8:00:00 AM

Back in May 2019, Google and Nest unified to improve data privacy. This merger created the Google Nest Hub, which allows users to integrate and view footage from their Nest camera devices and other third-party connected devices. Most recently, Xiaomi and its connected security camera, the Xiaomi Mijia 1080p Smart IP Camera, are under hot water.

The Issue

In a post from “Dio-V” on Reddit, the user said when he tried to view footage from his Xiaomi Mijia camera on the Google Nest Hub, he was instead met with various clips of random footage, including pictures of strangers’ houses.

Since the Reddit post caught traffic, the China-based company Xiaomi jumped on the issue. “Our team has since acted immediately to solve the issue and it is now fixed,” a spokesperson told Threatpost. “The issue was caused by a cache update on December 26, 2019, which was designed to improve camera streaming quality.”

The glitch was a result of poor network conditions, and “only happened in extremely rare conditions.” Xiaomi reported that at least 1,044 users had such network conditions, but only a few out of the thousand might have been affected.

What Xiaomi and Google Plan to Do

Xiaomi worked to recover from the security concern by saying, “Xiaomi has always prioritized our users’ privacy and information security. We are aware there was an issue of receiving stills while connecting Mi [Mijia] Home Security Camera Basic 1080p on Google Home [Nest] hub.” The company issued an apology, but that didn’t stop Google from stepping in on the matter.

Google released a media statement of its own saying it’s shutting down Xiaomi device access to its Google Nest Hub until the issue is resolved. “We’re aware of the issue and are in contact with Xiaomi to work on a fix,” Google reported. “In the meantime, we’re disabling Xiaomi integrations on our devices.”

The Risk of DIY Security Cameras

Xiaomi is not the first DIY security camera company to raise concern from the public. Ring has seen several occasions where hackers hijacked and stalked users through devices, and Nest camera users have undergone similar experiences, where one user even experienced a false North Korean missile attack warning.

With such concern directed towards their ability to protect users, companies are trying to make efforts with security protocols, such as implementing two-factor authentication. Two-factor authentication can make any account more secure, preventing up to 80% of data breaches, according to cybersecurity firm Symantec. After Google conducted another study, researchers found that something as simple as adding a recovery phone number will block up to 100% of automated bot attacks that create stolen password lists (stolen passwords played a major role in the recent Ring breaches aforementioned).

While DIY security may have some limits, its accessibility often draws people in. Many devices rely on WiFi connection, and alerts are sent to the user’s cell phone. This can be a downfall when WiFi is not immediately available or a user does not have their phone on hand.


To avoid these issues, consider professional monitoring. Professional monitoring allows for a user’s home to be under continual watch, and systems are often set up with redundant power abilities to withstand tampering. To find out what works for your specific needs, reach out to AvantGuard to learn more about protecting your property and data.

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: