Engineer finds his smart sleep mask can read other people's brainwaves due to poor software security — superpower granted via poor-quality software with hardcoded high-level credentials

An engineer discovered that his smart sleep mask could read other people's brainwaves due to poor software security, granting him access to EEG data and controls of other users. The engineer reverse-engineered the mask's Bluetooth protocol and Android application, finding hardcoded access credentials shared across all copies of the app. By creating a web app to control the mask, he could access real-time EEG readings from multiple users and potentially trigger electrical impulses on other masks. Despite informing the company of the security flaw, the incident highlights the low standards of software development in some tech products.