How to Get Root Access to Your Sleep Number Bed - Dillan Mills | Poal: Say what you want.

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2024 Poal.co

1.2K

• (+6/-0)

How to Get Root Access to Your Sleep Number Bed - Dillan Mills (dillan.org)

Archive: https://archive.today/ZXH2K

From the post:

>I have been interested in exploring the possibility of local network access on my Sleep Number bed for a few years. A while back I created a homebridge plugin for the platform that would let me control some of the settings of the bed through HomeKit or some automations. The "bed presence" value, which indicated whether somebody was in bed or not, was especially nice for running automations such as turning off all the lights or locking the door. However, after running the plugin for a couple years and growing the user base large enough, I received a friendly phone call from corporate Sleep Number asking me to kindly disable the plugin.

Archive: https://archive.today/ZXH2K From the post: >>I have been interested in exploring the possibility of local network access on my Sleep Number bed for a few years. A while back I created a homebridge plugin for the platform that would let me control some of the settings of the bed through HomeKit or some automations. The "bed presence" value, which indicated whether somebody was in bed or not, was especially nice for running automations such as turning off all the lights or locking the door. However, after running the plugin for a couple years and growing the user base large enough, I received a friendly phone call from corporate Sleep Number asking me to kindly disable the plugin.

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (7).

[–] • 1 pt

"The hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub that their developers can use to connect to the hub and do maintenance when needed. The idea that unknown users can directly connect to my internal home network is a scary thought, so I will probably be disconnecting the hub from the external internet once I am satisfied with my internal network control script. It also makes me wonder how many other internet-connected appliances include a similar backdoor into the home network like this one has."

link

[–] • 1 pt

I would assume that if your device uses "cloud" or "app" anything that it has some sort of method like this. It probably also uses a port about 1024 even if it's SSH so it gets around the typical firewalls which would also be why it opens a reverse shell. Its for firewall traversal. I understand the concept and reason for it but it also is a backdoor into your entire network.

parent
link

[–] • 1 pt

Gives me pause on anything that tries to talk to my router

parent
link