Could a rogue engineer inject whatever code they want into an app update? Possibly yes, but 1) that code will get shipped to every phone at the same time, 2) that code has to do its thing without anyone noticing, which is tricky at scale (this is how malware gets discovered), and 3) there’s an audit trail so that engineer will be exposed to legal risk.
The difference here is that with Eight Sleep, an engineer can remotely access the customer device in real time and poke around the network the bed is connected to, and there may be no audit logs. They can exfiltrate sensitive data with much less effort and less legal risk than with an app update.
physicles|1 year ago
Could a rogue engineer inject whatever code they want into an app update? Possibly yes, but 1) that code will get shipped to every phone at the same time, 2) that code has to do its thing without anyone noticing, which is tricky at scale (this is how malware gets discovered), and 3) there’s an audit trail so that engineer will be exposed to legal risk.
The difference here is that with Eight Sleep, an engineer can remotely access the customer device in real time and poke around the network the bed is connected to, and there may be no audit logs. They can exfiltrate sensitive data with much less effort and less legal risk than with an app update.