Security researcher finds vulnerability in internet-connected bed, could allow access to all devices on network

Eight Sleep's Pod 4 Ultra Smart Bed
(Image credit: Eight Sleep)

Cybersecurity researcher Dylan Ayrey of Truffle Security has shared a detailed blog post highlighting his experience with Eight Sleep smart beds since his discovery of an exposed AWS key inside of its firmware, prompting him to deeply investigate its security issues and find ways to alleviate them. Besides the AWS key problem, he also discovered a backdoor allowing SSH (Secure Shell) backdoor access and full arbitrary code execution capabilities, making Eight Sleep beds a disastrously unsafe device to keep on a home network for not just bed surveillance concerns, but the security of all devices involved.

Back in December, Ayrey made a Tweet from his @InsecureNature account encouraging his followers to guess what appliance of his had the major AWS key security issue, and this was before he even started talking about the SSH backdoor allowing arbitrary code execution on the bed.

Fast forward to now, and Dylan Ayrey has released an extended blog with the help of Jake King highlighting the security flaws of the Eight Sleep and the steps he ended up taking to make them no longer an issue, particularly in the face of features that wounded up locked behind a subscription paywall and Internet access for a bed that had already cost $2,000 to start.

According to Dylan, he was perfectly happy to deal with most of these downsides but still wound up curious about what might be hiding inside the firmware of Eight Sleep's temperature-controlled smart bed. His discovery gave him a serious case of "cyber ick" and prompted him to substitute the Eight Sleep pod otherwise used to regulate temperature with a regular aquarium chiller instead, which seemingly heats and cools the bed in the exact same way while only costing about $150. This involved cutting one of the tubes routed to the Eight Sleep pod and connecting it to an aquarium cooler instead, but proved a remarkably simple solution, providing "all the temperature control of an Eight Sleep with none of the apps, subscriptions, Internet connectivity, backdoors, and security liabilities of an Eight Sleep".

But what exactly are those security liabilities? Besides the exposed AWS key, which is mainly bad for reasons related to account security (though likely not the user's own, in this case), the biggest issue is backdoor SSH (Secure Shell) access. It seems that any of Eight Sleep's engineers can use SSH to access a customer's bed, detect when it's in or out of use, and execute whatever arbitrary code they please. While this mostly just means bed control and bed monitoring functionality when you limit your view to the bed itself, it gets much spookier when you consider that the smart bed is connected to the rest of your home network and thus jeopardizes those devices, too.

Christopher Harper
Contributing Writer

Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.

  • BelowTheL1ne
    Vulnerabilities are starting to be like locked glass doors on houses. Lets all be honest if a hacker wants too bad enough he is getting on our home networks. Just like we are vulnerable because a glass locked door isnt stopping a robber. But we feel a false sense of security either way.
    Reply
  • ex_bubblehead
    There are too many of these things being found lately to be simply "ooops, my bad". The bad actors are actively engaged in trying to gain access to things they have no right or permission to access.
    Reply
  • EndIsNeigh
    EightSleep provided pods to DOGE... You need to have internet access to use the functions of the bed. Surely, the government wifi network the beds are connected to are separated from the rest of the network, right?
    Reply
  • Razzi16
    The biggest problem here is why an jnternet-connected bed even EXISTS in the first place.
    Reply
  • USAFRet
    A month ago, I bought a small humidifier.
    It required an account and phone app, simply to set the thing to On/Off on a schedule.

    No.

    There is NO reason for junk like this.
    Reply
  • SirStephenH
    The thing costs $2000 and it still has gaping security holes and paywalled features? What the hell are you paying for?
    Reply
  • USAFRet
    SirStephenH said:
    What the hell are you paying for?
    So you can brag to your similarly clueless friends about your "smart home".
    Reply
  • derekullo
    USAFRet said:
    So you can brag to your similarly clueless friends about your "smart home".
    Worst I have is a Nest thermostat with my work schedule preprogrammed into it.
    If I get off early I can quickly switch it to cool the house down by the time I get home.
    Reply
  • USAFRet
    derekullo said:
    Worst I have is a Nest thermostat with my work schedule preprogrammed into it.
    If I get off early I can quickly switch it to cool the house down by the time I get home.
    And far too many have smart bulbs, smart door locks, smart water heaters, washing machines, etc, etc, etc, etc.....
    Reply
  • SonoraTechnical
    hmmm,,
    I see a reboot of the film 'While You Were Sleeping' coming up... Sandra Bullick will reprise her character from 'The Net'....
    Reply