Modern Sleep Number beds are marvels, tracking your sleep, breathing, and heart rate, and even maintaining the mattress temperature to your liking. One computer engineer has also figured out how to root the bed’s control hub to allow local control. Along the way, he also made a discovery that may trouble you: a backdoor-like connection that allows Sleep Number to remotely connect to your bed’s hub at will without your knowledge.
Dillan Mills discovered all of this after Sleep Number asked him to disable a Homebridge plugin he’d developed to disable some of the bed’s features and run smart home automations if its sensors detected nobody was laying on the mattress. Since the plugin had grown in popularity and was polling Sleep Bed’s servers every five seconds, it was creating a noticeable strain on the company’s public servers.
So, Mills set out to find a way to access the bed locally and bypass Sleep Number’s servers altogether. Poking around inside the controller hub for his Sleep Number bed with a UART-TTY device, he eventually struck gold and was able to access the hub’s device console. Looking for a “backdoor” that would give local access to the hub without hooking up a UART reader, he found something else instead.
Sleep Number has a backdoor into the controller hub, allowing it to SSH into the hub. While Mills acknowledges that this is likely for maintenance purposes, the fact that it’s undocumented and totally secret is disconcerting. After all, it presents a point of entry to your home network that you have no control over and may not even know about. On top of that, the controller hub runs a version of Linux that dates back to 2018.
There is good news, though. Mills was able to root the device and wrote a tutorial to enable local network control over the bed. This way, you can disconnect the bed from your Wi-Fi network and use Bluetooth to control the settings and monitor the bed’s sensors and status.
The process does require a bit of technical knowledge and some hardware. The tutorial is well-written, though, and the hardware you need is fairly inexpensive. You can choose to connect a USB-to-UART reader when you need to access the device console, or permanently install a Raspberry Pi Pico W to enable SSH access without opening the hub and connecting the reader.
Once you’ve rooted your bed’s hub, Mills’s tutorial walks you through creating a local network control and monitoring server. This is useful not only for taking control of your bed without connecting to Sleep Number’s server. It could also be the key to keep your bed “smart” if Sleep Number ever folds or otherwise shuts down the servers normally making the bed more than a “dumb” mattress.