Experts warn that smart beds (yes, they exist) can be hacked and used to gain access to a user’s entire home network.
They therefore pose a (fairly large) security risk, because hackers can install malware, steal confidential data and even find out when no one is at home.
The discovery was recently made by a Dillan millsa computer technician and web designer, who described how he tried to access the local network of his Sleep Number bed to avoid burdening the company’s servers with some of his plugins.
A safety liability
The hunt for local access led him to discover that the bedside hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub. While the tunnel is likely designed for maintenance purposes, he suspects that “the idea of unknown users being able to connect directly to my internal home network is a terrifying thought,” he concluded.
“I will probably disconnect the hub from the external internet once I am satisfied with my internal network control script. It also makes me wonder how many other internet-connected devices have a similar backdoor into their home network as this one.”
Eventually, Mills found a way to root the device and gain local network control over the bed. That means users can disconnect the gadget from their local Wi-Fi network and maintain the device solely via Bluetooth, which will certainly improve its security posture.
Smart home devices promise to improve the quality of life. For example, beds can regulate the temperature of the mattress to the sleeper’s liking and track things like sleep patterns, breathing and heart rate, allowing users to better organize their sleep schedule. However, they pose a major security risk, as every new smart home device added to the network potentially opens a new door for hackers to break in.
Through Tom’s Hardware
More from Ny Breaking
- This smart mattress uses AI to adjust your sleeping position and alert users to potential health problems
- Here is a list of the best firewalls today
- These are the best endpoint security tools right now