Thursday, September 12, 2024
HomeBusinessMcAfee finds security vulnerability in Peloton products

McAfee finds security vulnerability in Peloton products

Date:

Related stories

Dimple Malhan- Personal and Professional life!!

Famous Vlogger recognised for Dimple's Kitchen YouTube channel. She...

Innovative Living at Parktown Residences: A Collaborative Masterpiece

UOL Group, CapitaLand, and SingLand—three of Singapore's largest real...

The Role of Technology in Design-Build Construction: Transforming the Future of the Industry

Design-build construction is increasingly becoming the preferred method for...

Why It’s So Hard to Focus at Work? Top Reasons and Self-Help Tips

Does your mind constantly wander during work hours, making...

Lightweight Tablets & E-Readers for Easy Carrying in Your Bag During Monsoon

Go for these lightweight tablet & e-reader companions this...

[ad_1]

Cari Gundee rides her Peloton exercise bike at her home on April 06, 2020 in San Anselmo, California.

Ezra Shaw | Getty Images

Software security company McAfee said it exposed a vulnerability in the Peloton Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders.

The Advanced Threat Research Team at McAfee said the problem stemmed from the Android attachment that accompanies the Peloton stationary exercise Bike+. McAfee said attackers could access the bike through the port and install fake versions of popular apps like Netflix and Spotify, which could then fool users into entering their personal information.

A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.

“The flaw was that Peloton actually failed to validate that the operating system loaded,” said Steve Povolny, head of the threat research team. “And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam.”

Povolny said there are “interactive maps” online showing Peloton bikes and treadmills in the U.S., which can give attackers an easy way to find those in public spaces and eventually access users’ accounts. Hackers could then upload a “completely customized malicious image” that would eventually grant them access to a rider’s microphone, camera and apps, he said.

“Not only could you spy on riders but, maybe more importantly, their surroundings, sensitive information,” Povolny said.

Peloton confirmed in a statement that engineers from McAfee alerted them to the problem “via our Coordinated Vulnerability Disclosure program” and said they were working with the security company to fix the issue. McAfee said it disclosed the vulnerability to Peloton about three months ago and heard back from the company within a couple of weeks.

See also  El Salvador buys 400 bitcoin ahead of law making it legal currency

“McAfee reported a vulnerability to us that required direct, physical access to a Peloton Bike+ or Tread to exploit the issue,” the exercise equipment company said in a statement. “Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability.”

Experts say any device that connects to the internet — like a TV, an appliance or even a toy — could be a way for hackers to get your personal data. Cybersecurity experts say you should turn on automatic software updates and consider security software for your home network.

Peloton recalled its Tread+ and Tread treadmills early last month, citing safety concerns that arose after numerous people were injured and a child died. The Consumer Product Safety Commission, or CPSC, had urged parents to stop using the Tread+ in an “urgent warning” it issued April 17.

“CPSC staff believes the Peloton Tread+ poses serious risks to children for abrasions, fractures, and death,” a CPSC statement read. “In light of multiple reports of children becoming entrapped, pinned, and pulled under the rear roller of the product, CPSC urges consumers with children at home to stop using the product immediately.”

Peloton initially rebuked the CPSC’s statement, saying its advice to all parents was “inaccurate and misleading.” The company later apologized for not having immediately followed the agency’s advice.

After the recall of nearly 125,000 treadmills on May 5, Peloton updated its software to require users to enter a code to restart the belt if it has been left unmoving for up to 45 seconds.

[ad_2]

Source link

Disclaimer: For more interesting articles visit Business Times.

See also  Plant And Equipment Insurance : How To Forfeit Business From Future Damages
Bellie Brown
Bellie Brownhttps://businesstimes.org
Hi my lovely readers, I am Bellie brown editor and writer of Businesstimes.org. I write blogs on various niches such as business, technology, lifestyle., health, entertainment, etc as well as manage the daily reports of the website. I am very addicted to my work which makes me keen on reading and writing on the very latest and trending topics. One can check my more writings by visiting Cleartips.net

Latest stories