The Xiaomi Xiaofang WiFi Cube Camera is extremely popular. The reason for this is probably the excellent price to value ratio. The webcam/camera is very cheap compared to all the high-end functionalities that you get. Numerous shops have an expected restock due to its massive popularity. But there is a catch; software engineers found some shocking activity on the webcam.
We all know that everything comes with a price and therefore the two software engineers had some concerns. The XiaoFang camera looked almost identical to the notably more expensive SPOT ISC5 webcam (ISmartAlarm) which is popular in the US (Find it on Amazon).
For that reason, the two engineers asked themselves the following two questions:
- What is the relation between the SPOT ISC5 webcam and the Xiaomi XiaoFang Wifi Camera
- Is the Xiaofang webcam secure?
Introducing the XiaoFang WiFi Camera
First, a small introduction about the Xiaomi XiaoFang WiFi Camera. After placing and powering the cube webcam, you can use the Mi Home app (Android and IOS7.0+) to control and install the webcam as desired. The Xiaofang is 50 x 50 x 56mm and only weighs 100 gram. Due to its excellent specifications, the webcam can be used for multiple purposes. It sends high resolution 1080P frames through WiFi (802.11 2.4 Ghz b/g/n), towards your desired device.
You can use the cube webcam as a baby/pet monitor, security camera, mobile sound detector, or use it for online video meetings. A great additional feature is that the camera activates and records itself when hearing a smoke or CO alarm. The infrared and night vision make it possible to watch and record during the dark hours.
The webcam is portable, and with its magnetic base you can place or hang it everywhere. Even brother and sister webcams can be combined to check an entire setting. And the best thing is that you can easily connect it with a power bank and use a MicroSD card (up to 64GB) to save the data.
So, overall a very decent tool. There is probably not a better deal out there. But that is before we answered our central questions. Why does it look so much on a US webcam? And is it secure?
Hacking the Xiaomi Xiaofang
After opening the Xiaofang webcam, they connected the webcam, through a serial console, directly to a PC where they gained superuser access. After going through the files, it became apparent that this firmware is almost similar as the expected SPOT ISC5 webcam. The funny thing is that the American price is three times higher than the Chinese webcam.
The Xiaomi XiaoFang has a Chinese interface, which is of course not that handy for international users. But after the hack, they were able to activate the English interface quickly. That is the good part. But after some further investigation, they found a continuously active Chinese cloud app connection, which is quite shocking since you don’t know who is watching and what will happen with your recorded data!
English Image for the Xiaomi Xiaofang
At this moment the two software engineers prepared an image which you can install. The image will give you the control over the webcam, and if the hacks are applied successfully, the following features are available:
- The data partition can be extended to use all the space available, in case you installed a pre-created sd-card image.
- You can switch the network mode to WiFi Client or HotSpot mode, completely disable the cloud apps and have an RTSP server running in 15 seconds after applying power.
- You can place any binaries, scripts, etc. you need in the data folder on the SD card. The device only has limited space available on internal flash, so you don’t risk running out of space.
- A busybox build is provided with many applets available such as telnetd, ftpd, netcat.
- A dropbear build is provided with support for SSH/SFTP. Use sshfs to access all data on the SD card remotely.
- Scripts placed in data/etc/scripts will be automatically executed after the device boots.
Xiaomi Xiaofang Github Project
They placed their results on Github, #fang-hacks, and created a custom image which enables users to update their Xiaofang with a clean English interface and with new features! The Github project becomes more and more a community project. Which is an outstanding result!
Stay up to date and check #fanghacks on irc.freenodet.net where you can join the general discussion, or check their Github website https://github.com/samtap/fang-hacks.
Find the Best Price for the Xiaomi Xiaofang
If you are not afraid for the Chinese Big Brother, or like to hack the webcam. You can find the best price on the button below.
Do you have additional features which might be handy for everyone? Please comment and help the community further!