- High-tech Eight Sleep pods allow Elon Musk and DOGE staff to rest at work
- But a researcher found security flaws, including an AWS key and remote access
- Hackers could exploit the beds to infiltrate home networks and connected devices
Whatever you think about Elon Musk, and his role heading up DOGE (Department of Government Expenses), he’s certainly not slacking off. According to Wired, the divisive billionaire has reportedly been working long hours (as have his staff who are apparently putting in 120-hour weeks) and is so committed to the cause of cutting costs, he’s been sleeping in the DOGE headquarters at the Eisenhower Executive Office Building, just down the road from the White House.
To help everyone with the inevitable fatigue, Musk has accepted a consignment of Eight Sleep pods. These smart beds offer sleeping, reading and custom positioning, snoring mitigation, and come with a hub to keep the sleeper cool or cosy, depending on their preference. These beds appear to have been supplied FOC, but they aren't cheap if you want to buy them – the top of the range Cali King Pod 4 Ultra costs $5,000 and requires a monthly subscription of $17 or $25 – not a problem if you’re a billionaire of course.
For such a big outlay you’d expect the beds to be safe to sleep in, but now, a top security researcher has claimed the pods have a worrying flaw.
An active AWS key
Dylan Ayrey of Truffle Security uncovered a major vulnerability in his smart bed, exposing critical security flaws in Eight Sleep's internet-connected mattress. The researcher says he found an active AWS key within the bed’s firmware that seemed to be streaming data directly to Amazon.
Digging deeper, he also discovered a remote backdoor that he says gives Eight Sleep engineers SSH access to every customer’s bed, allowing them to run arbitrary code without oversight. He says employees could theoretically track sleep patterns, detect occupancy, or even control bed functions remotely.
Beyond personal privacy, the security implications extend to entire home networks. With unrestricted SSH access, hackers or malicious insiders could pivot through the bed to infiltrate smart fridges, laptops, or other connected devices. Ayrey compared the access level to Uber’s controversial "God Mode," a tool the ride-hailing company was found to have misused to monitor users without consent.
The AWS key was revoked shortly after Ayrey reported it, so its exact purpose isn’t known. “We can tell from the surrounding context that the key had write access to Kenises, but beyond that, it’s unclear,” Ayrey says. “What we do know though, is an attacker could have used that key to send 5,000 `PUT` requests per second into Kinesis and racked up a $100,000 per month bill for Eight Sleep.”
Unhappy with what he found, Ayrey came up with his own, safer, alternative to the smart bed using an aquarium chiller, which he said provides the same temperature control with “none of the apps, subscriptions, internet connectivity, backdoors, and security liabilities of an Eight Sleep”.
You might also like
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
