Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Sa 06.07.2024 00:00:40 7.217 0 598.148 82,9 NerdCulture 4.2.10 1.000 Fr 05.07.2024 00:01:08 7.217 -1 597.685 82,8 NerdCulture 4.2.10 500 Do 04.07.2024 00:00:05 7.218 0 596.869 82,7 NerdCulture 4.2.9 500 Mi 03.07.2024 00:02:06 7.218 +2 596.470 82,6 NerdCulture 4.2.9 500 Di 02.07.2024 00:01:46 7.216 0 596.034 82,6 NerdCulture 4.2.9 500 Mo 01.07.2024 00:01:27 7.216 0 595.653 82,5 NerdCulture 4.2.9 500 So 30.06.2024 00:01:08 7.216 0 595.129 82,5 NerdCulture 4.2.9 500 Sa 29.06.2024 00:01:19 7.216 0 594.555 82,4 NerdCulture 4.2.9 500 Fr 28.06.2024 00:01:14 7.216 0 602.563 83,5 NerdCulture 4.2.9 500 Do 27.06.2024 00:01:15 7.216 0 602.291 83,5 NerdCulture 4.2.9 500
Olly đź‘ľ (@Olly42) · 01/2024 · Tröts: 225 · Folger: 23
Sa 06.07.2024 14:34
Engineer hacks his Sleep Number Bed, reveals potential Backdoor & Security vulnerability.
Modern Sleep Number beds are marvels, tracking your sleep, breathing, and heart rate and even maintaining the mattress temperature to your liking. One computer engineer has also figured out how to root the bed’s control hub to allow local control.
https://dillan.org/articles/how-to-get-root-access-to-your-sleep-number-bed
#sleep #number #bed #root #control #hud #it #tech #technology #engineering #news
Along the way, he also made a discovery that may trouble you: a backdoor-like connection that allows Sleep Number to remotely connect to your bed’s hub at will without your knowledge.
![J16 header on Sleep Number controller hub used to obtain UART access to device
[ImageSource:
Dillan Mills]
So, Mills set out to find a way to access the bed locally and bypass Sleep Number’s servers altogether. Poking around inside the controller hub for his Sleep Number bed with a UART-TTY device, he eventually struck gold and was able to access the hub’s device console. Looking for a “backdoor” that would give local access to the hub without hooking up a UART reader, he found something else instead.](https://nerdculture.de/system/media_attachments/files/112/739/527/613/052/084/small/8e29dd5601846803.png "J16 header on Sleep Number controller hub used to obtain UART access to device
[ImageSource:
Dillan Mills]
So, Mills set out to find a way to access the bed locally and bypass Sleep Number’s servers altogether. Poking around inside the controller hub for his Sleep Number bed with a UART-TTY device, he eventually struck gold and was able to access the hub’s device console. Looking for a “backdoor” that would give local access to the hub without hooking up a UART reader, he found something else instead.")
J16 header on Sleep Number controller hub used to obtain UART access to device [ImageSource: Dillan Mills] So, Mills set out to find a way to access the bed locally and bypass Sleep Number’s servers altogether. Poking around inside the controller hub for his Sleep Number bed with a UART-TTY device, he eventually struck gold and was able to access the hub’s device console. Looking for a “backdoor” that would give local access to the hub without hooking up a UART reader, he found something else instead.
Sleep Number has a backdoor into the controller hub, allowing it to SSH into the hub. While Mills acknowledges that this is likely for maintenance purposes, the fact that it’s undocumented and totally secret is disconcerting. After all, it presents a point of entry to your home network that you have no control over and may not even know about. On top of that, the controller hub runs a version of Linux that dates back to 2018.
[Öffentlich] Antw.: 0 Wtrl.: 3 Fav.: 0 · via Metatext