Unsurprisingly, "smart beds" are pretty easy to hack

A woman sleeping happily in a dark room
(Image credit: Getty Images)

Smart beds (yes, they are a thing) can be hacked and used to gain access to a user’s entire home network, experts have warned.

As such, they are a (fairly big) security risk, as hackers could then deploy malware, steal sensitive data, and even learn when no one is home.

The discovery was recently made by one Dillan Mills, a computer engineer and web designer, who described how he tried to gain local network access to his Sleep Number bed in order not to strain the company’s servers with some of his plugins.

A security liability

The hunt for local access led him to discover that the bed’s hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub. While the tunnel was most likely designed for maintenance purposes, he surmises, “the idea that unknown users can directly connect to my internal home network is a scary thought,” he concluded.

“I will probably be disconnecting the hub from the external internet once I am satisfied with my internal network control script. It also makes me wonder how many other internet-connected appliances include a similar backdoor into the home network like this one has.”

Ultimately, Mills found a way to root the device and gain local network control over the bed. That means users can disconnect the gadget from their local Wi-Fi network and maintain the device via Bluetooth only, which will definitely improve its security posture.

Smart home devices give the promise of an improved quality of life. Beds, for example, can maintain mattress temperature to the sleeper’s liking, and track things like sleep patterns, breathing, and heart rate, to allow the users to better organize their sleeping schedule. However, they are a huge security liability, as every new smart home device added to the network potentially opens up a new door for hackers to move in.

Via Tom’s Hardware

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Eight Sleep Pod bed
Company that reportedly supplied DOGE and Elon Musk with sleeping solutions found to have huge vulnerability in its...beds??
China
Chinese hackers develop effective new hacking technique to go after business networks
No broadband network
Massive online data breach sees 2.7 billion records leaked - here's what we know
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Abstract image of cyber security in action.
TikTok’s American ownership rule ignores bigger IoT threat
Thousands of misconfigured building access systems have been leaked online
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices