Profile picture
, 15 tweets, 7 min read Read on Twitter
Some of you might be aware; I have been on a 4 year quest to build a smarthome. I am using and sometimes hacking existing solutions in most cases. I found some glaring lapses of security and privacy. A thread on @Xiaomi/@XiaomiIndia #security #privacy #iot @internetofshit
First up; my favourite robot which keeps my home clean. The Roborock S55 uses SLAM technology with cameras & sensors to generate a model of the house. It cleans really well & it leaks even better as it doesn't use HTTPS to communicate. It misses its home and keeps calling back!
Next up; one of the cheapest smart cameras in the market. The Xiaomi XiaoFang WiFi camera does 1080p video and costs less than Rs. 1200. I have many around the house for security purposes. It is a great oxymoron as its a security device with no security.
It too does not have HTTPS and sends data too often. Not only that, it will use its own DNS servers to communicate with its masters in China.
Talking about cameras; let's have a look at what Mi India offers. The Mi 360 camera is arguably one of the best security cameras around. The AI person detector isn't great yet but still miles ahead of others.
It is; however; in constant communication with multiple destinations round the clock even when there is no activity. And when there is activity, it notifies not only me but its digital overlords too!
Mi's Air Purifier took India by a storm. The product delivers rock-solid performance in cleaning air at an affordable price. Unfortunately, it too opens up communication channels to multiple destinations just like the other products.
Now, the most expensive Mi product I own; the Mi TV 4 55. A slim 55 inch TV which has a terrible UI but amazing picture and looks amazing on the wall. It was promised an update which would fix many of the problems it has and also become smarter.
Unfortunately, it never receive that update. (@XiaomiIndia ; Kya hua tera wadaa?). But then, because it is not smarter and therefore it communicates less with the rest of the world.
How do I know that? Because I have its latest version too! 😬
The Mi TV 4 Pro 55 is better in terms of app compatibility as it supports Google Play store. And because it's smarter it talks to multiple domains and that too very often.
With so much of data being sent unencrypted to unknown destinations and China, we need to rethink and implement data/privacy laws.

If you think most of such data will be useless, please read how Strava's location history revealed US Army bases. #NationalSecurity
I feel; we should demand more from the companies we love and admire. So, @XiaomiIndia when and how are you going to fix this? You can't be selling security products while compromising security. cc: @manukumarjain
@Xiaomi, until you fix these we will have to resort to hacking your products just like you guys got your start hacking Android to make MIUI. I was an early user there and am an early user with this now.

github.com/EliasKotlyar/X…
I did not dig deeper into packet inspection as I was lazy, hopefully I will be bored again soon to get to that too. 🤪

I used only one tool for this. Shoutout to @Princeton_IoT and the people behind it; love and hugs! 👏👏👏
If you think this is scary, you would want to check what some of the smaller brands like Besder are doing.
(TLDR; bending their knee).

I'll write/tweet/brag about them soon.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Troy SK
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!