Eight Sleep: Difference between revisions

(One intermediate revision by one other user not shown)

Line 2:

{{InfoboxCompany

| Name = {{PAGENAME}}

| Type =

| Type =Private

| Founded =

| Founded =2014

| Industry =

| Industry =Mattresses

| Official Website =

| Official Website =https://eightsleep.com/

| Logo =

| Logo =Eight Sleep logo.png

}}Eight sleep ~~spies on customers, being able to detect when they~~'~~re sleeping, how many people are in the bed, and control remote features, while also allowing engineers to SSH into customers~~' ~~beds, giving them full access to the users~~' ~~network~~. ~~All while charging a subscription for this(that didn't exist back in the day)~~

}}'''[[wikipedia:Eight_Sleep|Eight sleep]]''' is an American company that develops mattresses with temperature control.

==Consumer impact summary==

~~{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):~~

* User Freedom

* User Privacy

* Business Model

* Market Control}}

$2

*'''Switch to subscription model:''' features previously advertised as free are now locked behind a subscription.

*'''Security concerns:''' connecting the mattress to the internet poses the entire network at risk.

==Incidents==

{{Placeholder box|If the company page is short enough and/or the incident is not deserving of its own page, add incidents below in sub-sections (including the points outlined in [[Consumer_Action_Taskforce:Sample/Incident/Help|the incident help page]]) without linking/creating an incident page.

If the ~~company has various incidents listed and~~/~~or this page is getting too long, create subsections linking~~ to ~~each incident while linking~~ to the ~~main article~~ and ~~including a short summary~~. ~~To link~~ to the ~~page use the "Hatnote" or "Main" templates~~.

===Switch to subscription model===

In February 2023, Eight Sleep started to require a paid subscription<ref>https://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/</ref> (with an annual cost ranging from $180 to $288) to access most of the mattress functionality, including sleep tracking, automatic temperature adjustments and scheduled temperature. Without subscribing the only way to adjust the temperature is manually.<ref>https://www.reddit.com/r/EightSleep/comments/1e2euan/8sleep_subscription_scam/</ref>

If the ~~company has numerous incidents then format them~~ in ~~a table (see [[Amazon]]). }}~~

===Security flaws===

Cyber security researcher Dylan Ayrey of Truffle Security uncovered critical security vulnerabilities in Eight Sleep smart beds. Ayrey began his research after discovering an open AWS key in the bed's firmware and went ahead to test its vulnerabilities.<ref>https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network</ref>

~~This is a list of all consumer protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].~~

====Key findings:====

==~~=Example incident one (''date'')===~~

~~{{Main|link to the main article}}~~

~~Short summary of the incident (could be the same as the summary preceding the article).~~

===~~Example incident two (''date'')~~===

~~...~~

~~==Products==~~

*'''AWS Key Exposure''': AWS key is an entry into the cloud that should not be seen. Unchecked, it can leave the door open for unauthorized individuals to have access to secret data, use cloud services illegitimately, or even put charges on the account of its owner. Here, the compromised key could then end up breaching account security, but arguably more of Eight Sleep's infrastructure than individuals.

~~{{Placeholder box|This~~ is ~~a list~~ of the ~~company~~'s ~~product lines~~ '''~~with articles on this wiki~~'''.

*'''SSH Backdoor''': Ayrey found a backdoor that allows SSH access or executes arbitrary code. This indicates that Eight Sleep engineers can access the bed remotely, monitor its usage, and even access other devices on the same home network.

* [[Example product line one]] (release date): ~~Short summary~~ of the ~~product's incidents~~.

* [[Example product line two]] (release date):}}

====Impact:====

Besides rendering the smart bed ineffective, the vulnerability also threatens the security of the entire home network.

==See also==

~~{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}~~

*[[Retroactively amended purchase]]

==References==

@@ Line 2: / Line 2: @@
 {{InfoboxCompany
 | Name = {{PAGENAME}}
-| Type =
+| Type =Private
-| Founded =
+| Founded =2014
-| Industry =
+| Industry =Mattresses
-| Official Website =
+| Official Website =https://eightsleep.com/
-| Logo =
+| Logo =Eight Sleep logo.png
-}}Eight sleep spies on customers, being able to detect when they're sleeping, how many people are in the bed, and control remote features, while also allowing engineers to SSH into customers' beds, giving them full access to the users' network. All while charging a subscription for this(that didn't exist back in the day)
+}}'''[[wikipedia:Eight_Sleep|Eight sleep]]''' is an American company that develops mattresses with temperature control.
 ==Consumer impact summary==
-{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):
-* User Freedom
-* User Privacy
-* Business Model
-* Market Control}}
-$2
+*'''Switch to subscription model:''' features previously advertised as free are now locked behind a subscription.
+*'''Security concerns:''' connecting the mattress to the internet poses the entire network at risk.
 ==Incidents==
-{{Placeholder box|If the company page is short enough and/or the incident is not deserving of its own page, add incidents below in sub-sections (including the points outlined in [[Consumer_Action_Taskforce:Sample/Incident/Help|the incident help page]]) without linking/creating an incident page.
-If the company has various incidents listed and/or this page is getting too long, create subsections linking to each incident while linking to the main article and including a short summary. To link to the page use the "Hatnote" or "Main" templates.
+===Switch to subscription model===
+In February 2023, Eight Sleep started to require a paid subscription<ref>https://www.eightsleep.com/blog/understanding-the-eight-sleep-membership/</ref> (with an annual cost ranging from $180 to $288) to access most of the mattress functionality, including sleep tracking, automatic temperature adjustments and scheduled temperature. Without subscribing the only way to adjust the temperature is manually.<ref>https://www.reddit.com/r/EightSleep/comments/1e2euan/8sleep_subscription_scam/</ref>
-If the company has numerous incidents then format them in a table (see [[Amazon]]). }}
+===Security flaws===
+Cyber security researcher Dylan Ayrey of Truffle Security uncovered critical security vulnerabilities in Eight Sleep smart beds. Ayrey began his research after discovering an open AWS key in the bed's firmware and went ahead to test its vulnerabilities.<ref>https://www.tomshardware.com/tech-industry/cyber-security/security-researcher-finds-vulnerability-in-internet-connected-bed-could-allow-access-to-all-devices-on-network</ref>
-This is a list of all consumer protection incidents this company is involved in. Any incidents not mentioned here can be found in the [[:Category:{{FULLPAGENAME}}|{{PAGENAME}} category]].
+====Key findings:====
-===Example incident one (''date'')===
-{{Main|link to the main article}}
-Short summary of the incident (could be the same as the summary preceding the article).
-===Example incident two (''date'')===
-...
-==Products==
+*'''AWS Key Exposure''': AWS key is an entry into the cloud that should not be seen. Unchecked, it can leave the door open for unauthorized individuals to have access to secret data, use cloud services illegitimately, or even put charges on the account of its owner. Here, the compromised key could then end up breaching account security, but arguably more of Eight Sleep's infrastructure than individuals.
-{{Placeholder box|This is a list of the company's product lines '''with articles on this wiki'''.
+*'''SSH Backdoor''': Ayrey found a backdoor that allows SSH access or executes arbitrary code. This indicates that Eight Sleep engineers can access the bed remotely, monitor its usage, and even access other devices on the same home network.
-* [[Example product line one]] (release date): Short summary of the product's incidents.
-* [[Example product line two]] (release date):}}
+====Impact:====
+Besides rendering the smart bed ineffective, the vulnerability also threatens the security of the entire home network.
 ==See also==
-{{Placeholder box|Link to relevant theme articles or companies with similar incidents.}}
+*[[Retroactively amended purchase]]
 ==References==