Talos Intelligence

On October 31st, Talos Intelligence published several articles on vulnerabilities discovered in YI Home Camera.

Over the latest several months, Talos intelligence team has closely worked with YI Technology’s development team, explained the vulnerabilities, discussed solution, patiently waited the dev team to release a firmware, and kindly verified all the fixes, and generously waited almost two months to disclose the vulnerabilities publicly, after we released the firmware.

Thank you Talos Intelligence team. We are forever in debt to you.


2018-06-13 – Vendor disclosure
2018-09-03 – Vendor submitted build to Talos for testing
2018-09-05 – Talos confirmed issue patched
2018-10-22 – Vendor released new firmware
2018-10-31 – Public release

Motion Detection Explained

Motion Detection

YI Home Camera can do many great things. Motion detection is a feature that many people rely on. When the camera detects movement (motion) in the front of the camera, the system will send a push notification to the user’s mobile phone, alerting the user that something has happened. In the meantime, the camera captures a picture, and 6s motion video to the cloud for safe record. User can look at view the alert picture and videos from the YI Home Camera alert tab. Those alerts (along with the pictures/videos) are stored in the cloud for 7 days and deleted automatically after that.

Motion detection algorithm

The camera determines that there are movements in the video, by comparing the adjacent video frames. If there are significant changed between those frames, a motion is detected.

Why 6s for the video length

This is a compromise for the alert notification delay. The longer we choose for the video, the longer the delay will be for the user to receive the notification. 6s seems a good compromise, that the alert won’t be delayed for long, while user can still see what happened.

Advanced motion detection features

More advanced motion detection features are available to different camera models, depending on the camera’s processing capabilities. Examples including, but not limited to: Detection Zone, motion sensitivity, human detection, baby crying detection.

Today, the detection zone feature, is only available to non-rotating cameras. The justification was, for rotating cameras, the viewing angle is moving around, thus the detection zone is not well defined.

Alert Reporting algorithm

One of frequently asked questions is, when does the camera reports a moving event?

Obviously, if the camera reports every movements detection, user will be notified too many times, thus consider it abusive. To avoid this, the system introduces two parameters to control when to report a motion.

The first parameter is called motion block grace period threshold.

Continuous movements are considered as a moving block. A moving block is counted as one reportable event. The system will only report once, for the whole block.

The window between the end time of the last moving block, and the start time of the next moving block, is the motion block grace period.

If the motion block grace period is longer than a pre-defined threshold, the new moving block is considered as report candidate.

The motion block grace period threshold, is set at 60s by default. It is configurable by the server.

The second parameter is called motion report minimum interval.

A report candidate will be reported, only if last report happened before the motion report minimum internal ago.

The internal is set to 10minutes by default and is configurable by the server.

Let’s use a few examples to illustrate the algorithms above.

Say, at 8:00:00am, the camera detected movement, and reported the event to the user. The movement stopped at 8:01:00am.

The second movement is detected at 8:01:30am and stopped at 8:02:00am.

The motion block grace period is 30s (between 8:01:00am and 8:01:30), which is less than the 60s threshold. This moving block is not considered as report candidate, thus will not be reported.

The third movement is detected at 8:05:00am, lasted for 30s. The grace period is 3minutes (8:02:00am to 8:05:00am), which is longer than 60s. This is a report candidate.

However, this event will not be reported. The last event report happened at 8:00:00am. This report candidate happened only 5 minutes later (8:00:00am to 8:05:00am), which is less than the 10 minutes internal.

The fourth movement is detected at 8:15:00am, lasted for 30s. This is a report candidate and will be reported.

Reaching YI Services

From time to time, we have received reports that some parts of the YI Home App’s functionalities do not work. For example, can not register, can not generate the QR code, etc.

We did a lot investigation. We found a few root causes.

  1. Sometimes, the App could not resolve our services’ DNS name.
  2. On other occasions, the https connection to our services is terminated unexpected.

If you have experienced problems in YI Home App, please open a browser, and visit one of the following sites. If you have trouble reaching them, it may be a good time to talk to your local ISP.

For Asian countries, please visit https://api.xiaoyi.com.tw
For North America countries, please visit https://api.us.xiaoyi.com
For European countries, please visit https://api.eu.xiaoyi.com
For other countries, please visit one of above.

Pairing YI Home Camera

In order to use a wireless home camera such as YI home camera or YI dome camera the first thing you need to do is to pair (bind) it with your YI account created on your YI Home App.


Paring (binding) is a process to establish a trusted relationship between the camera and your account in YI Home App so that only you can use the camera. It is a very important security process so we don’t want the process to have any security weakness even tiny one. In industry, there are multiple technologies to pair a wireless camera. By far YI’s QR code pairing technology (patent pending) is one of the most security one and YI has been using it for almost 3 years and no security issue was found or reported.


In QR code pairing, YI camera needs to scan a QR code displayed by YI Home app on your smartphone to establish trusted relationship. The idea is very similar to Amazon Go check in process. When you enter Amazon Go store you need to let a camera in store entrance to scan a QR code displayed by Amazon Go App on your smartphone. After scanning, the goods you buy from the store will be charged to your Amazon account instead of other customers’ accounts and the goods other customers buy from the store will be charged to their accounts instead of yours.


In most cases, the QR code scan is as simple as showing the QR code in the smartphone to the camera. But in certain situation you might run into some challenges. For example, if you are using a very small or very large smartphone or you have a very long Wi-Fi router name or password the QR code scan might not work well or take long time to finish. In this article we will discuss the best practice of the YI camera pairing especially the QR code scan.


1.         Please do the pairing in a room which is sufficiently illuminated. Please avoid very dark room or direct sunshine environments.

2.         Please adjust the brightness of the smartphone’s screen to the brightest level.

3.         Download YI Home App from Google Play store or Apple App store. Install and register an account by following the instruction on the App. Please make sure you select the correct region such as ‘North American’ if you bought the YI camera in the United State. Incorrect region selection will cause pairing to fail.

4.         On the top right corner of the App’s main page, there is a ‘+’ button, click it to enter App’s pairing mode.

 15.         You will see an array of YI home and dome cameras, click the model you have and try to pair.


6.         Now plugin the USB power cable to your YI camera. If you have a new YI camera, it will be in pairing mode after power up. If you want to pair a used YI camera or want to repair your YI camera, please reset the camera to make the camera entering pairing mode. When the camera is in pairing mode, the color of the LED light is yellow.

7.         It will take one or two minutes for the camera to power up. After powering up, the YI camera will say ‘Waiting to connect’.


8.         On the App, click ‘Next’ you will see the ‘Connect to Wi-Fi’ page. Type in the name and password of the Wi-Fi router you want your YI camera to connect to. Please use 2.4GHz Wi-Fi band because the YI Home Camera only supports 2.4GHz for better signal penetration. Please double check you typed in correct name and password. Any mismatch even a signal digital or extra space will cause Wi-Fi connection failure. Please also note that the Wi-Fi name and password will NOT be sent to YI service. They stay in your smartphone and your YI camera so you don’t need to worry about leaking of you Wi-Fi router password.


9.         Click ‘Connect to Wi-Fi’ at the bottom of the page and you will be in QR code page.


10.     Now make sure your camera is in upright position. It means the lens of the camera faces a direction which is perfectly horizontal. If you are pairing a YI dome camera you might need to adjust the lens direction because the lens could face a direction upward or downward initially.

11.     Tap the QR code on the screen to make it full screen.


12.     Now place the smartphone about 35 centimeters (14 inches) away in front of the YI camera. If you are using a pad such as Apple iPad or Android Pad, you might need to place the pad even further such as 50 centimeters (20 inches) away. Please make sure the smartphone is also in upright position like the YI camera and the center of the QR code on the screen of the smartphone faces the center of lens of the YI camera directly. You might need to adjust the height of the YI camera or the smartphone to achieve that. This is very important if you have very small smartphone, very large smartphone, very long Wi-Fi name or very long Wi-Fi password.

 713.     Now slowly move the smartphone toward the YI camera until the distance is 5 centimeters. During the move, please continue to keep the center of the QR code facing the center of the lens of the YI cameras directly. Depending on the size of your smartphone, you will hear YI camera saying ‘QR code scan is successful’ and the color of the LED light on the YI camera turns to blue. For most smartphones such as Apple iPhone 7 and Google Pixel the scan should succeed when the smartphone is between 20 centimeters and 10 centimeters away from the YI camera. If you follow instruction above but still experience QR code scan issue, please use a smartphone with regular size and change the Wi-Fi router name and password to shorter length and redo the pairing. Please note you can pair the YI camera in one smartphone but use it in the other smartphone if you have multiple smartphones.

14.     Once you hear ‘QR code scan is successful’, the YI camera will use the Wi-Fi information embedded in the QR code to connect to your Wi-Fi router and then connect to the YI services. If both connections are successful, you will hear the YI camera saying ‘Pairing is successful’ and the camera will show up in your YI Home App. You could see failure this step if the Wi-Fi name and password are incorrect or your Wi-Fi router is not connected to the internet. If that happens, please use correct password, fix the Wi-Fi router connectivity issues and redo the pairing process. 

Once you paired the YI camera you can use your YI Home App to change the settings of the YI camera, watch live streaming, watch recording and receive motion alerts. You can do it comfortably because the YI camera pairing is very secure. 

If you experience any issue with the YI camera or YI home app please feel free to contact our technical support at support@yitechnology.com.

Login Notifications

Starting from version 2.22, on both iOS and Android mobile app, we start to push login notifications to your mobile app. If your account is logged in from another place, you will receive a push notification, with message like following:

“Your account was logged in from samsung(SM-G930U). Please make sure it was you.”

Sometimes, you may see “Unknown device” in the description. This is actually login from PC client. We will update the description in a future update.

Login notification

Pairing YI Home Camera with 5G Wi-Fi

For background on 2.4G and 5G Wi-Fi, please read this article.

As we discussed earlier, YI Home App uses QR code to deliver the Wi-Fi information to the camera.

Pairing the camera with Wi-Fi turns out to be the most difficult part of YI Home camera user experience. Among the pairing failures, a big part of the problem, is due to 5G Wi-Fi used.

Current YI Home Camera models do not support 5G Wi-Fi. The picture below shows what user will see when she chooses a 5G Wi-Fi network.


Many latest routers in the market now support dual band Wi-Fi (both 2.4G and 5G). By default, it will provide two different SSIDs, one for 2.4G, one for 5G.

Some routers support a feature called “smart config“, when enabled, will only provide one SSID. Depending on the client, it offers the optimal frequency for the client.

This creates some confusion for YI Home Camera users. When connected to such router, the App may detect that it is using 5G Wi-Fi, and ask the user to switch to a 2.4G Wi-Fi.

When this happens, if you are sure that the router behind the SSID supports both 2.4G and 5G Wi-Fi, please click “Connect to Wi-Fi”. Chances are the camera can connect successfully through the 2.4G Wi-Fi.