Cisco and Xiaomi Security Risks

We’re three days in to 2020 and two significant developments have hit the fine folks at Cisco and Xiaomi. Liam Tung over at ZDNet has reported on some critical severity vulnerabilities which exist within Cisco’s Data Center Network Manager (DCNM) solution. The recommendation to either patch or remove the product should not be taken lightly.

Paul Thurrott’s summary of the events which led Google to disconnect Xiaomi devices from the Google Home/Google Assistant platform highlights the risks involved in providing inherent trust for products where configurations or standard operations cannot be cemented from the end user perspective. Although Xiaomi is a well-regarded brand within the markets that it directly services, there’s something amiss with the configuration of the cameras or the underlying, non-Google cloud services that support these devices.

The anti-Google fanboys will be quick to attack the organization that didn’t produce the devices in question. We can see this kneejerk and uninformed type of response the comments section of Paul’s site.

Google did not produce the Xiaomi-made camera nor does Google run Xiaomi’s associated infrastructure which supports the devices in question. If the issue was with a Nest Camera or a Nest Hello doorbell, the targeting would be correct. However, this was not the case. Something something glass houses, something something stones. You get the drift.

Upon learning of this anomaly, Google did the right thing with respect to removing the capability of Xiaomi products to interface with Google Assistant. Once the errata has been properly rectified, Google maintains the option to reinstate this vendor’s products within the ecosystem.