WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

256

Archive: https://archive.today/ZXH2K

From the post:

>I have been interested in exploring the possibility of local network access on my Sleep Number bed for a few years. A while back I created a homebridge plugin for the platform that would let me control some of the settings of the bed through HomeKit or some automations. The "bed presence" value, which indicated whether somebody was in bed or not, was especially nice for running automations such as turning off all the lights or locking the door. However, after running the plugin for a couple years and growing the user base large enough, I received a friendly phone call from corporate Sleep Number asking me to kindly disable the plugin.

Archive: https://archive.today/ZXH2K From the post: >>I have been interested in exploring the possibility of local network access on my Sleep Number bed for a few years. A while back I created a homebridge plugin for the platform that would let me control some of the settings of the bed through HomeKit or some automations. The "bed presence" value, which indicated whether somebody was in bed or not, was especially nice for running automations such as turning off all the lights or locking the door. However, after running the plugin for a couple years and growing the user base large enough, I received a friendly phone call from corporate Sleep Number asking me to kindly disable the plugin.

(post is archived)

[–] 2 pts

LOL. I love shit like this. You see, corporate engineers are regular engineers and do what engineers do: leave bread crumbs for other engineers to find. I admit that I do this. I certainly don't want to cause problems for the corporation so I'm careful with back doors.

[–] 1 pt

"The hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub that their developers can use to connect to the hub and do maintenance when needed. The idea that unknown users can directly connect to my internal home network is a scary thought, so I will probably be disconnecting the hub from the external internet once I am satisfied with my internal network control script. It also makes me wonder how many other internet-connected appliances include a similar backdoor into the home network like this one has."

[–] 1 pt

I would assume that if your device uses "cloud" or "app" anything that it has some sort of method like this. It probably also uses a port about 1024 even if it's SSH so it gets around the typical firewalls which would also be why it opens a reverse shell. Its for firewall traversal. I understand the concept and reason for it but it also is a backdoor into your entire network.

[–] 1 pt

Gives me pause on anything that tries to talk to my router

[–] 1 pt

What I did find was a "convenient" backdoor that Sleep Number can use to SSH back into the hub (and my internal home network as a result).

All consumer-facing devices have a backdoor like this. I try not to buy devices that can't be operated without access to external networks or (((cloud))) services.

Cool article. I don't have a sleep number, but if I did...

[–] 1 pt

Yeah, you can basically just assume any kind of internet connected device that you buy that has a "cloud" or "app" element is backdooring your network. It is a good reason to vlan things and have isolated SSID's for devices like that if you have them as well as blocking as much inbound/outbound as you can.

[–] 0 pt

This is great info! However, I would like to get the (FUNC):bed_vibrate to work without always having to put quarters in the slot!