Smart beds (yes, they exist) can be hacked and used to gain access to a user's entire home network, experts have warned.
As such, they are a (pretty big) security risk, as hackers could deploy malware, steal sensitive data, and even know when no one is home.
The discovery was recently made by Dillan Mills, a computer engineer and web designer, who described how he tried to gain access to the local network of his Sleep Number bed so as not to overload the company's servers with some of its plugins.
A security liability
The search for local access led him to discover that the bed hub communicates with Sleep Number's servers by opening an SSH tunnel and providing a reverse tunnel back to the hub. While the tunnel was likely designed for maintenance purposes, he assumes that “the idea that unknown users can connect directly to my internal home network is a terrifying thought,” he concluded.
“I will probably disconnect the hub from the external network once I am satisfied with my internal network control script. I also wonder how many other Internet-connected devices include a similar backdoor to the one this one has on the home network.”
Finally, Mills found a way to root the device and gain control of the local network over the bed. That means users can disconnect the device from their local Wi-Fi network and keep the device only via Bluetooth, which will definitely improve its security.
Smart home devices promise a better quality of life. Beds, for example, can keep the mattress temperature to the user's liking and track things like sleep patterns, breathing, and heart rate, so users can better organize their sleep schedule. However, they come with a huge security drawback, as each new smart home device added to the network potentially opens a new door for hackers to access.
Through Tom's Hardware Store
More from TechRadar Pro
- This smart mattress uses AI to adjust your sleep settings and warn users about potential health issues.
- Here is a list of the best firewalls available today
- These are the best endpoint protection tools right now