- High-Tech Eight Sleep Pods give Elon Musk and Doge Staff the opportunity to rest at work
- But a researcher found security errors including an AWS key and remote access
- Hackers could take advantage of beds to infiltrate the home network and connected devices
Whatever you think of Elon Musk and his role that goes up DOGE (Department of Government expenses), he is certainly not relaxed. According to CableThe divisive billionaire has reportedly worked for long hours (like his staff, who apparently puts 120 hours of weeks) and is so engaged in the reason for cutting costs, he has slept in the Doge headquarters in Eisenhower Executive Office building just down the road from the White House.
To help everyone with the inevitable fatigue, Musk has accepted a consignment of eight sleep pods. These smart beds offer sleeping, reading and custom positioning, snoring mitigation and comes with a node to keep the sleeping cool or cozy, depending on their preference. These beds appear to have been delivered FOC, but they are not cheap if you want to buy them – the top of the Range Cali King Pod 4 Ultra costs $ 5,000 and requires a monthly subscription of $ 17 or $ 25 – not a problem if you are of course a billionaire.
For such a large outlay, you would expect the beds to be sure to sleep in, but now a top security scientist has claimed that the belts have a worrying mistake.
An active AWS key
Dylan Ayry from Truffle Security revealed a great vulnerability in his smart bed and exposed critical security defects in eight sleep’s internet -connected mattress. The researcher says he found an active AWS key in the bed’s firmware that seemed to stream data directly to Amazon.
He digs deeper and also discovered a distant back door, as he says, gives eight leadings SSH access to each customer’s bed so they can run arbitrary code without supervision. He says employees can theoretically track sleep patterns, detect coating or even control bed functions externally.
In addition to personal privacy, security consequences extend to the entire home network. With unlimited SSH access, hackers or malicious insiders could turn through the bed to infiltrate smart refrigerators, laptops or other connected devices. Ayyy compared the level of access to Uber’s controversial “good mode”, a tool that the Ride-Hailing company was found to have abused to monitor users without consent.
The AWS key was revoked shortly after Ayrey reported it, so its exact purpose is unknown. “We can tell from the surrounding context that the key had writing access to Kenises, but beyond that it is unclear,” says Ayry. “What we know, though, is that an attacker could have used the key to send 5,000” set “requests per second in Kinesis and collected a $ 100,000 per month for eight sleep.”
Unhappy with what he found came with his own, safer alternative to the smart bed using an aquarium cooler, which he said gives the same temperature control with “none of the apps, subscriptions, internet connection, back doors and safety obligations in eight sleep”.
