Eight Sleep is a sleep tech company that makes IoT devices to warm or cool a bed to aid sleep.
Its smart mattresses require a monthly subscription to afford key features, such as temperature adjustment.
Researchers found that the smart mattress retained all its functionalities when its WiFi was disabled, meaning the IoT capabilities weren’t necessary for the bed to function.
They also discovered that the firmware for the IoT capabilities could be easily accessed and hacked, allowing an attacker to access the sleeper’s home network.
In addition, the company behind the mattress has the ability to monitor sleepers’ habits through its “sleep tracking” features.
However, the researcher who discovered the vulnerabilities said they may be useful for those building a similar product for private use.
