Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Categories
Random page
Top Contributors
Recent changes
Contribute
Create a page
How to help
Wiki policy
Adapt videos to articles
Articles in need of work
Help
Frequently asked questions
Join the discord!
Help about MediaWiki
Consumer_Action_Taskforce
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Eight Sleep
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
Purge cache
General
What links here
Related changes
Special pages
Page information
Cargo data
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Incidents== ===Switch to subscription model=== In February 2023, Eight Sleep started to require a paid subscription<ref>https://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/</ref> (with an annual cost ranging from $180 to $288) to access most of the mattress functionality, including sleep tracking, automatic temperature adjustments and scheduled temperature. Without subscribing the only way to adjust the temperature is manually.<ref>https://www.reddit.com/r/EightSleep/comments/1e2euan/8sleep_subscription_scam/</ref> ===Security flaws=== Cyber security researcher Dylan Ayrey of Truffle Security uncovered critical security vulnerabilities in Eight Sleep smart beds. Ayrey began his research after discovering an open AWS key in the bed's firmware and went ahead to test its vulnerabilities.<ref>https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network</ref> ====Key findings:==== *'''AWS Key Exposure''': AWS key is an entry into the cloud that should not be seen. Unchecked, it can leave the door open for unauthorized individuals to have access to secret data, use cloud services illegitimately, or even put charges on the account of its owner. Here, the compromised key could then end up breaching account security, but arguably more of Eight Sleep's infrastructure than individuals. *'''SSH Backdoor''': Ayrey found a backdoor that allows SSH access or executes arbitrary code. This indicates that Eight Sleep engineers can access the bed remotely, monitor its usage, and even access other devices on the same home network. ====Impact:==== Besides rendering the smart bed ineffective, the vulnerability also threatens the security of the entire home network.
Summary:
Please note that all contributions to Consumer_Action_Taskforce are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (see
Consumer Action Taskforce:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:
Cancel
Editing help
(opens in new window)
