Modern Sleep Number beds are known for their advanced features, such as tracking sleep patterns and adjusting mattress temperature. However, a computer engineer recently discovered a potential security vulnerability in these high-tech beds.
Dillan Mills, the engineer in question, found a backdoor-like connection that allows Sleep Number to remotely access the bed’s control hub without the user’s knowledge. This discovery came to light when Sleep Number requested Mills to disable a plugin he had developed for the bed, which was causing strain on the company’s servers.
To bypass Sleep Number’s servers and gain local control over the bed, Mills delved into the controller hub using a UART-TTY device. In his exploration, he stumbled upon a backdoor that enables SSH access to the hub, potentially opening a gateway for unauthorized remote access.
While it is speculated that Sleep Number may use this backdoor for maintenance purposes, the fact that it is undisclosed raises concerns about privacy and security. Moreover, the controller hub’s operating system runs on a version of Linux dating back to 2018, further highlighting potential security risks.
Despite the unsettling discovery, Mills managed to root the device and devised a tutorial for users to take control of their bed’s network connectivity. By disconnecting the bed from Wi-Fi and utilizing Bluetooth for monitoring and control, users can mitigate the risk of unauthorized access.
Although the process requires some technical expertise and specific hardware, the tutorial provided by Mills offers a comprehensive guide for users to secure their Sleep Number beds. Whether using a USB-to-UART reader or a Raspberry Pi Pico W for SSH access, users can enhance the security of their smart beds.