top | item 43131910

(no title)

    - They can know when you sleep
    - They can detect when there are 2 people sleeping in the bed instead of 1
    - They can know when it’s night, and no people are in the bed

I'm probably naive, but I'm failing to see how any of this is exclusive to having remote SSH access to the bed. Who's to say this isn't already happening with other binaries in the firmware? Maybe they're already phoning home?

    [...]that bypasses all forms of formal code review process.

How does the author know if anything else in the firmware goes under any kind of code review process?

It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.

discuss

zemvpferreira|1 year ago

I think what he's trying to emphasise is the idea that anyone who's part of the engineering team could spy on you, without anyone else knowing. It's bad enough that the company has this data, sure, but there's at least an assumption that it will be secured and penalties can be enforced if not. Some random engineering being able to look into your life intimately by themselves is a completely different level of violation.

lilyball|1 year ago

It is in fact already sending this data to their servers, because it doubles as a sleep tracker and everything goes through their servers. I really wish there was an option to do local-only connectivity, but very few internet-enabled products these days actually care about supporting a local-only mode, and I suspect the number of products that do would be even smaller if HomeKit didn't mandate it (sadly, temperature-controlled beds are not a HomeKit product category).