My smart sleep mask broadcasts users' brainwaves to an open MQTT broker
A Kickstarter sleep mask is broadcasting strangers' private neural data live.
Deep Dive
A security researcher discovered a Kickstarter smart sleep mask broadcasts users' raw EEG brainwave data, respiration, and movement to an open MQTT broker. Using AI to reverse-engineer the app, they found hardcoded credentials granting access to live feeds from about 25 active devices. The flaw allows anyone to subscribe to and record strangers' sleep data, including REM cycles, and even send electrical stimulation commands back to the masks.
Why It Matters
This exposes a massive IoT privacy failure where intimate biometric data is completely unprotected and accessible.