- The eight high -tech sleep pods allow Elon Musk staff and Doges to rest at work
- But a researcher has found security defects, including an AWS key and remote access
- Pirates could use beds to infiltrate domestic networks and connected devices
Whatever you think of Elon Musk and his role in Doge (Department of Government Expenses), he certainly does not relax. According to CableThe billionaire of division would have worked for long hours (just like his staff who apparently carried out weeks of 120 hours) and is so attached to the cause of the reduction costs, he slept at the Doge seat in the executive building of Eisenhower, just at the bottom of the White House.
To help everyone in inevitable fatigue, Musk has accepted a shipment of eight sleep pods. These intelligent beds offer sleep, reading and personalized positioning, attenuation snoring and are delivered with a hub to keep the sleeper cool or comfortable, depending on their preference. These beds seem to have been provided focused, but they are not cheap if you want to buy them – the top of the Cali King Pod 4 Ultra range costs $ 5,000 and requires a monthly subscription of $ 17 or $ 25 – not a problem if you are a billionaire of course.
For such a large expenditure, you expect the beds to be safe to sleep, but now a security researcher said that the pods had a disturbing defect.
An AWS Active key
Dylan Ayrey of truffles safety has revealed a major vulnerability in his smart bed, exposing critical security defects in eight mattresses to the Internet of Sleep. The researcher says that he found an AWS key active in the firmware of the bed which seemed to broadcast data directly in Amazon.
By digging more deeply, he also discovered a remote stolen door which, according to him, gives eight sleep engineers an SSH access to each client’s bed, which allows them to execute unattended arbitrary code. He says that employees could theoretically follow sleep habits, detect occupation or even control the bed functions remotely.
Beyond personal confidentiality, security implications extend to whole domestic networks. With SSH without restrictions, pirates or malicious initiates could rotate in the bed to infiltrate intelligent refrigerators, laptops or other connected devices. Ayrey compared the level of access to the controversial “Fashion” of Uber, a tool that the carpooling company has proven to have used poorly to monitor users without consent.
The AWS key was revoked shortly after Ayrey reported it, so his exact objective is not known. “We can say in the surrounding context that the key had access to Kenises, but beyond that, it is not clear,” explains Ayrey. “What we know, however, is that an attacker could have used this key to send 5,000” installation “requests per second to Kinesis and accumulated a $ 100,000 a month ticket for eight people.”
Unknown to what he found, Ayrey proposed his, safer, alternative to the smart bed using an aquarium cooling, which, according to him, provides the same temperature control with “none of the applications, subscriptions, internet connectivity, waste and safety liabilities of an eight sleep”.
