从我的床上移除杰夫·贝索斯 ◆ 松露安全公司

发布于 2025-02-24

Eight Sleep: An IoT device for temperature-controlled beds. Costs $2,000, stops working without internet, has basic features behind a $19/mo subscription, and only controlled via mobile app. It offers features like setting the bed to any temperature but has a backdoor issue.
- Backdoor Details: Engineers can remotely SSH into every customer's bed and run arbitrary code bypassing code review. Evidence shows SSH exposed remotely to a far host, and the public key suggests private key access to the entire engineering team. This gives them access to bed data like when one sleeps, detects multiple people in bed, etc., and also access to other home network devices.
AWS Key: Found in the Eight Sleep, streaming data directly into Amazon. Key could be dangerous or used for mischief like racking up a huge AWS bill. As soon as reported, Eight Sleep revoked the key.
Aquarium Chiller: An alternative to Eight Sleep for temperature control. Costs $150, simple to install by unplugging rubber tubing from Eight Sleep cover and plugging it in. Uses thermoelectric devices to regulate temperature and provides similar functionality as Eight Sleep without apps, subscriptions, internet connectivity, backdoors, or security liabilities. There are other projects like Free Sleep to remove internet connectivity from Eight Sleep.
Conclusion: Eight Sleep has raised significant funds but has security issues. The author prefers the aquarium chiller for its simplicity and lack of security risks, and will be sleeping well with it tonight.

阅读 11