A cybersecurity expert discovered a critical flaw in his connected mattress. Fortunately, he found a solution right away, but it is as surprising as it is radical.
What object is not connected these days? Almost everything can benefit from Internet access, from refrigerators to kitchen robots, light bulbs and speakers. Having a connected mattress is therefore not a surprise, it has been around for several years.
While some have a usefulness, let's say, situational, most mainly offer precise temperature control or even automatic adjustment of the mattress's inclination. The goal is always the same: improving the quality of sleep.
The Eight Sleep is one of them. As its name suggests, its promise is to guarantee you an average of 8 hours of sleep, a duration generally accepted as optimal. To achieve this, you have to make concessions.
First, spending around 3,000 euros depending on the model chosen, then adding a subscription to the mobile application that allows you to control it, and finally accepting that without the Internet, the mattress does not work. Dylan Ayrey, a cybersecurity expert, was ready to make the effort, until he discovered a security flaw critical.
To prevent his connected mattress from being hacked, this expert finds a surprising solution
At the end of 2024, Ayrey discovered that the mattress firmware contains an unencrypted AWS key. To put it simply, recovering it allows a hacker to do a lot of things without your knowledge. But that's not all. He also found a “backdoor” type flaw allowing any engineer at Eight Sleep to access a customer's bed, to know when they are using it, or even to launch code execution remotely. The problem is that it's not limited to the mattress, but to all devices connected to the same Internet network.
Read also – Even connected mattresses can be hacked, we can no longer sleep peacefully
How did Dylan Ayrey react? By replacing the Pod, the device used to manage the mattress temperature, with... an aquarium thermostat. The process, in addition to being quite simple, is reversible. Thanks to she, “you get all the temperature control of an Eight Sleep without the app, subscription, internet connectivity, backdoors and security issues […]”. An amazing solution detailed on the expert's blog.
0 Comments