PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Bug Let Xiaomi Security Cameras Access Images From Other Cameras

The problem occurs when a Google Nest Hub tries to access an integrated Xiaomi Mi Home Security Camera. Under poor network conditions, the Nest Hub will display still images from other people's cameras. But Xiaomi says the problem is 'extremely rare.'

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Home security cameras from Chinese vendor Xiaomi suffer from an alarming bug that can let them pull still images from other customers' cameras with a Google Nest Hub smart display device.

The vulnerability prompted Google and Xiaomi to temporarily pull the plug on the security camera integration between the cameras and the smart displays until the root cause is fixed.

The problem came to light on Thursday when a Reddit user posted video and screenshots of what happens when his Google Nest Hub accesses a Xiaomi Mi Home Security camera he registered with the device. The Nest Hub will show black-and-white still images seemingly taken from other Xiaomi home security cameras connected to the internet.

When I load the Xiaomi camera in my Google home hub I get stills from other people's homes!! from r/googlehome

(The Nest Hub was previously known as the Google Home Hub.)

Although the images are grainy and partially scrambled, they still reveal what appears to be the interior of people's homes. One image even showed a baby lying in a crib. The problem caused Google to quickly shut down the integration with Xiaomi cameras, as first reported by Android Police. "We're aware of the issue and are in contact with Xiaomi to work on a fix," a Google spokesperson said.

Xiaomi is blaming the problem on a Dec. 26 "cache update" it rolled out to improve camera streaming quality. The company went on to say the bug occurs in "extremely rare conditions" when a Google Nest Hub is operating under poor network conditions.

Neither company has elaborated on the problem. But Xiaomi's statement suggests the company's security cameras will take a snapshot and store the image in the device's cache when the internet is slow. But for some reason, those same images leaking on Google's cloud network.

"We have also found 1,044 users were with such integrations and only a few with extremely poor network conditions might be affected. This issue will not happen if the camera is linked to the Xiaomi's Mi Home app," the Chinese vendor added.

The spying bug was found as concerns about home security cameras have been grabbing headlines. Last month, hackers broke into internet-connected cameras from Ring by guessing customers' weak passwords. This allowed the hackers to spy on and harass customers by using the cameras' alarm and voice functions.

In response, Ring has been advising device owners use strong passwords and consider activating two-factor authentication. Nevertheless, the problems underscore the risks posed by internet-connected security cameras. If you buy a camera, be aware of what you're getting into, and think twice about where you place it.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio