Skip to content
Hackers can spy on Peloton bike and treadmill users

Peloton says it fixed a security flaw in the fitness equipment maker’s stationary bike and treadmill products that potentially allowed hackers to spy on users and even control their exercise devices.

Security software company McAfee has identified the vulnerability, warning that someone with physical access to Peloton’s Bike + and Tread + products could take control of devices through a USB port on the interactive tablet mounted on machines used to broadcast messages. live workouts.

Peloton acknowledged the weakness in a press release Thursday, explaining that an attacker could “modify the software on the device, then install malware or access data that is communicated between the device and our services.”

Peloton has released a mandatory software update that protects users from being hacked and urged its members to log into their tablets to download the patch.

“After the update, your device will be protected against the vulnerability reported by McAfee,” Peloton said in the release.

McAfee researchers kept the issue private until Peloton was able to deploy a fix, according to the equipment company.

Specifically, hackers could insert a USB drive containing malicious code into a Peloton machine and gain remote access without the user’s knowledge. They could use that access to install malicious apps designed to look like Netflix or Spotify in order to steal user credentials, McAfee wrote in a blog post on its website.

Additionally, “They can allow the bike’s camera and microphone to spy on the device and anyone who uses it,” according to the cybersecurity company.

Federal Authorities Warn Parents: Stop Using Peloton Tread +


An interactive map from a third-party website that shows where the Peloton machines are located in the world can also be exploited by bad actors.

But it’s the high-tech bells and whistles in the gear – the very features that make Peloton’s $ 2,495 + bikes and treads appealing to customers – that pose the greatest security threats. Exercise devices also have a camera and microphone through which attackers can spy on devices and users, or monitor the spaces they occupy.

Peloton also came under scrutiny earlier this year after a child died in an accident involving its Tread + treadmill, prompting the company to issue a warning on its use. Customers were also frustrated with the months shipping delays during the pandemic, which fueled demand for home workout alternatives.


Source link