How to Get Root Access to Your Sleep Number Bed

Pretty wild. I used to have one of these beds, but it was before everything got "smart". It had two corded controller's hooked up to the pump. The controller displays the number and had up/down arrow buttons to adjust.

No internet required. No Linux powered microcontroller required. My bed couldn't get hacked. I slept in comfort.

>The hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub that their developers can use to connect to the hub and do maintenance when needed.

Kinda interested just to see what the parameters of this are like. Is it using PubkeyAuth or just password? Is it tunnelling home via ip or dns?

If everything is just right, I can imagine the setup for the most hilarious DNS hijack in human history.

In the immortal words of Homer Simpson. Bed goes up. Bed goes down.

Why does a bed need to run Linux? Why?

Of all the possible timelines, we live in the dumbest. What was wrong with a plain old bed without 1GB of RAM and a full OS running on it?! It is the same everywhere. Finding a washing machine that was not WiFi-connected was a chore and I dread doing it again in ten years.

As a person who's broken into O(1000) "smart" devices (for fun and for profit both), I do not want them in my house, and avoiding them is getting harder due to insanity like this linux-running bed! Please make it stop!

Funny part to me is that I fully assumed that this was a post about hacking Eight Sleep beds by someone who didn't want to explicitly name the company, presumably for vague legal reasons.

Then I got to a picture of an apparently real "Number Sleep Hub" and my mind was blown. WTF are we in a timeline so weird that there are two companies making water cooled beds, one is called Eight Sleep and the other is Sleep Number? It's like the RNG for this instance had a bad seed.

There's a similar method to get into an Eight Sleep Pod 3 [0]. This requires less extra hardware though since some models come with a MicroSD card that you can modify. The method used in TFA might be a good way to get root on Pods without the card. That being said, I just learned that while Eight Sleep does sign their firmware updates, they also send you the private key used to sign the update in the same package.

[0]: https://github.com/bobobo1618/ninesleep

I'm interested if anyone has pulled the same thing with eight sleep. Not having access to control my bed's temperature because my internet is out bothers me deeply.

OK, not buying Sleep Number.

I slept on inflatable mattresses for years, until the company making them started outsourcing to China and the seams on the internal baffles broke on two mattresses.

> r: Following this guide will require modifying internal files on your Sleep Number hub. This will void your warranty

People, stop spreading this BS.

Just like those stickers that say "warranty void if removed" are not legally enforceable, nothing "automatically" invalidates your product's warranty except misuse or poor maintenance.

If your Smart Bed stops working, you having poked around in the controller does not relieve the manufacturer from their warranty obligations (including implied warranty.) The onus is on them to prove that you damaged it, subjected it to "unreasonable" use, or did not properly maintain it.

You fry the bed's brain trying to hook up a JTAG when you accidentally bridge 5V to a 3.3V logic circuit? That's on you.

The controller fails because the power supply blows? The fact that you installed a JTAG header, googly eyes, and painted it pink is irrelevant. They need to fix your shit.

Even if you modify the firmware, it's on them to prove your modifications caused the failure.

Would you expect to have your laptop's warranty invalidated because you use it to game (which generates lot of heat)? Of course not. How about if you install Firefox? Or install Linux? Again, of course not. So why do you think the rules change just because a device is "dumber"?

Next, ransomware. "Pay us $1000 or you won't be able to sleep in your bed for the next month".

Here are some facts for you

* sleep number beds have sensors in them that detect heart rate

* they do this by detecting pressure differences in the air mattress

* these are effectively microphones, right? and quite sensitive

Thats a brand new sentence

If you want to peek into consumer or any electronics.. probe with a signal analyzer for the usual suspects: RS-232 (TTL-levels, CMOS-levels, and serial-levels), JTAG, SPI, and I2C.

First, probe header pins and test points (rows of pads not meant for components) before probing around other components.

PSA: If you're designing a PCB for hand-testing, save money by eliminating connectors with tag connect plug of nails. They're also compatible with automated board testing.

This bed has 1 GB of RAM. I used to play FIFA and Max Payne on a PC that had only 256 MB.

Cool, but I liked this bed-related hack better https://techcrunch.com/2009/12/12/newlywed-sex-tweets/

I have an analog bed. No root access necessary for sleeping.

Best add 'solder' to your shopping list unless you already have some, or the new iron you buy comes with a starter amount.

With climate change and our general impact on environment worsening each year, our relationship with technology is starting to be like a big elephant in the room. Do people really think a sustainable and equitable society is possible while having microprocessors and telecommunication devices in beds ?

This kind of luxury will always be reserved to the wealthiest in society, and its availability dependent on the relentless exploitation of land and human beings.

I don't have to do any hacks to use my Lidl mattress. It just works. Am I doing something wrong here?

Buried lede: “What I did find was a "convenient" backdoor that Sleep Number can use to SSH back into the hub (and my internal home network as a result).”

Wait, this is about an actual bed -- you know, the kind that you sleep on -- that runs an SSH server on Linux?

W. T. F. !?

Anyone else getting cloudfare blocked on TFA?