Unsurprisingly, "smart beds" are pretty easy to hack

A woman sleeping happily in a dark room
(Image credit: Getty Images)

Smart beds (yes, they are a thing) can be hacked and used to gain access to a user’s entire home network, experts have warned.

As such, they are a (fairly big) security risk, as hackers could then deploy malware, steal sensitive data, and even learn when no one is home.

The discovery was recently made by one Dillan Mills, a computer engineer and web designer, who described how he tried to gain local network access to his Sleep Number bed in order not to strain the company’s servers with some of his plugins.

A security liability

The hunt for local access led him to discover that the bed’s hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub. While the tunnel was most likely designed for maintenance purposes, he surmises, “the idea that unknown users can directly connect to my internal home network is a scary thought,” he concluded.

“I will probably be disconnecting the hub from the external internet once I am satisfied with my internal network control script. It also makes me wonder how many other internet-connected appliances include a similar backdoor into the home network like this one has.”

Ultimately, Mills found a way to root the device and gain local network control over the bed. That means users can disconnect the gadget from their local Wi-Fi network and maintain the device via Bluetooth only, which will definitely improve its security posture.

Smart home devices give the promise of an improved quality of life. Beds, for example, can maintain mattress temperature to the sleeper’s liking, and track things like sleep patterns, breathing, and heart rate, to allow the users to better organize their sleeping schedule. However, they are a huge security liability, as every new smart home device added to the network potentially opens up a new door for hackers to move in.

Via Tom’s Hardware

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.