TZUTC: -0500   
   MSGID: 270.consprcy@1:2320/105 2c29be3a   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
    [In this case "home network" would mean US government network. -- Mike]   
      
   Company that reportedly supplied DOGE and Elon Musk with sleeping solutions   
   found to have huge vulnerability in its...beds??   
      
   Date:   
   Sat, 01 Mar 2025 18:33:00 +0000   
      
   Description:   
   Eight Sleep reportedly supplied smart beds for Elon Musk and workers at DOGE,   
   but its tech was found to have worrying vulnerabilities.   
      
   FULL STORY   
   ======================================================================   
    - High-tech Eight Sleep pods allow Elon Musk and DOGE staff to rest at work   
    - But a researcher found security flaws, including an AWS key and remote   
   access   
    - Hackers could exploit the beds to infiltrate home networks and connected   
   devices    
      
   Whatever you think about Elon Musk, and his role heading up DOGE (Department   
   of Government Expenses), hes certainly not slacking off. According to Wired ,   
   the divisive billionaire has reportedly been working long hours (as have his   
   staff who are apparently putting in 120-hour weeks) and is so committed to    
   the cause of cutting costs, hes been sleeping in the DOGE headquarters at the   
   Eisenhower Executive Office Building, just down the road from the White    
   House.    
      
   To help everyone with the inevitable fatigue, Musk has accepted a consignment   
   of Eight Sleep pods. These smart beds offer sleeping, reading and custom   
   positioning, snoring mitigation, and come with a hub to keep the sleeper cool   
   or cosy, depending on their preference. These beds appear to have been   
   supplied FOC, but they aren't cheap if you want to buy them  the top of the   
   range Cali King Pod 4 Ultra costs $5,000 and requires a monthly subscription   
   of $17 or $25  not a problem if youre a billionaire of course.    
      
   For such a big outlay youd expect the beds to be safe to sleep in, but now, a   
   top security researcher has claimed the pods have a worrying flaw.   
      
   An active AWS key   
      
   Dylan Ayrey of Truffle Security uncovered a major vulnerability in his smart   
   bed, exposing critical security flaws in Eight Sleep's internet-connected   
   mattress. The researcher says he found an active AWS key within the beds   
   firmware that seemed to be streaming data directly to Amazon.    
      
   Digging deeper, he also discovered a remote backdoor that he says gives Eight   
   Sleep engineers SSH access to every customers bed, allowing them to run   
   arbitrary code without oversight. He says employees could theoretically track   
   sleep patterns, detect occupancy, or even control bed functions remotely.    
      
   Beyond personal privacy, the security implications extend to entire home   
   networks. With unrestricted SSH access, hackers or malicious insiders could   
   pivot through the bed to infiltrate smart fridges, laptops, or other    
   connected devices. Ayrey compared the access level to Ubers controversial    
   "God Mode," a tool the ride-hailing company was found to have misused to   
   monitor users without consent.    
      
   The AWS key was revoked shortly after Ayrey reported it, so its exact purpose   
   isnt known. We can tell from the surrounding context that the key had write   
   access to Kenises, but beyond that, its unclear, Ayrey says. What we do know   
   though, is an attacker could have used that key to send 5,000 `PUT` requests   
   per second into Kinesis and racked up a $100,000 per month bill for Eight   
   Sleep.    
      
   Unhappy with what he found, Ayrey came up with his own, safer, alternative to   
   the smart bed using an aquarium chiller, which he said provides the same   
   temperature control with none of the apps, subscriptions, internet   
   connectivity, backdoors, and security liabilities of an Eight Sleep.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/company-that-reportedly-supplied-doge-and-elon-m   
   usk-with-sleeping-solutions-found-to-have-huge-vulnerability-in-its-beds   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426