Modern Sleep Number beds are marvels, tracking your sleep, breathing, and heart rate and even maintaining the mattress temperature to your liking. One computer engineer has also figured out how toroot the bed’s control hubto allow local control. Along the way, he also made a discovery that may trouble you: a backdoor-like connection that allows Sleep Number to remotely connect to your bed’s hub at will without your knowledge.
Dillan Mills discovered all this after Sleep Number asked him to turn off aHomebridge pluginhe’d developed to deactivate some of the bed’s features and run smart home automation if its sensors detected nobody was laying on the mattress. Since the plugin had grown in popularity and polled Sleep Bed’s servers every five seconds, it significantly strained the company’s public servers.
So, Mills set out to find a way to access the bed locally and bypass Sleep Number’s servers altogether. Poking around inside the controller hub for his Sleep Number bed with aUART-TTY device, he eventually struck gold and was able to access the hub’s device console. Looking for a “backdoor” that would give local access to the hub without hooking up a UART reader, he found something else instead.
Sleep Number has a backdoor into the controller hub, allowing it to SSH into the hub. While Mills acknowledges that this is likely for maintenance purposes, the fact that it’s undocumented and secret is disconcerting. After all, it presents a point of entry to your home network that you have no control over and may not even know about. On top of that, the controller hub runs a version of Linux that dates back to 2018.
There is good news, though. Mills was able to root the device and wrote a tutorial to enable local network control over the bed. This way, you can disconnect the bed from your Wi-Fi network and use Bluetooth to control the settings and monitor the bed’s sensors and status.
The process does require some technical knowledge and some hardware. The tutorial is well-written, though, and the hardware you need is fairly inexpensive. You can choose to connect a USB-to-UART reader when you need to access the device console or permanently install aRaspberry Pi Pico Wto enable SSH access without opening the hub and connecting the reader.
Once you’ve rooted your bed’s hub, Mills’s tutorial walks you through creating a local network control and monitoring server. This is useful not only for taking control of your bed without connecting to Sleep Number’s server. It could also be the key to keeping your bed “smart” if Sleep Number folds or shuts down the servers, usually making the bed more than a “dumb” mattress.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Jeff Butts has been covering tech news for more than a decade, and his IT experience predates the internet. Yes, he remembers when 9600 baud was “fast.” He especially enjoys covering DIY and Maker topics, along with anything on the bleeding edge of technology.
