During this talk we will discuss the tips, tools and techniques needed to identify and reverse engineer the command and control protocols required to remotely manipulate an industry leading “smart bed”. Starting with identifying the location of two roque access points, the talk will discuss how to capture wireless frames and dissect them in Wireshark. After determining the protocol, the talk will demonstrate a custom Python tool for controlling multiple beds simultaneously. Additionally, the talk will deep dive into identifying the attack surface of the bed’s administrative interface, as well as describing privacy issues with the software.