Monday, March 4, 2024
HomeBusinessMcAfee finds security vulnerability in Peloton products

McAfee finds security vulnerability in Peloton products


Related stories

What Is Predictive Analysis And Its Role In A Winning Marketing Strategy

If you’re in marketing, there’s a good chance you’ve...

Understanding the Duration of Botox

Botox is widely diagnosed in medical and beauty circles...

How to get free leads for my business

It doesn't matter whether you are a scaling startup...

The Business Of Living Longer: Longevity Supplements On The Rise

Humans have always sought ways to extend their lease...

Cari Gundee rides her Peloton exercise bike at her home on April 06, 2020 in San Anselmo, California.

Ezra Shaw | Getty Images

Software security company McAfee said it exposed a vulnerability in the Peloton Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders.

The Advanced Threat Research Team at McAfee said the problem stemmed from the Android attachment that accompanies the Peloton stationary exercise Bike+. McAfee said attackers could access the bike through the port and install fake versions of popular apps like Netflix and Spotify, which could then fool users into entering their personal information.

A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.

“The flaw was that Peloton actually failed to validate that the operating system loaded,” said Steve Povolny, head of the threat research team. “And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam.”

Povolny said there are “interactive maps” online showing Peloton bikes and treadmills in the U.S., which can give attackers an easy way to find those in public spaces and eventually access users’ accounts. Hackers could then upload a “completely customized malicious image” that would eventually grant them access to a rider’s microphone, camera and apps, he said.

“Not only could you spy on riders but, maybe more importantly, their surroundings, sensitive information,” Povolny said.

Peloton confirmed in a statement that engineers from McAfee alerted them to the problem “via our Coordinated Vulnerability Disclosure program” and said they were working with the security company to fix the issue. McAfee said it disclosed the vulnerability to Peloton about three months ago and heard back from the company within a couple of weeks.

See also  How much does a crane cost?

“McAfee reported a vulnerability to us that required direct, physical access to a Peloton Bike+ or Tread to exploit the issue,” the exercise equipment company said in a statement. “Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability.”

Experts say any device that connects to the internet — like a TV, an appliance or even a toy — could be a way for hackers to get your personal data. Cybersecurity experts say you should turn on automatic software updates and consider security software for your home network.

Peloton recalled its Tread+ and Tread treadmills early last month, citing safety concerns that arose after numerous people were injured and a child died. The Consumer Product Safety Commission, or CPSC, had urged parents to stop using the Tread+ in an “urgent warning” it issued April 17.

“CPSC staff believes the Peloton Tread+ poses serious risks to children for abrasions, fractures, and death,” a CPSC statement read. “In light of multiple reports of children becoming entrapped, pinned, and pulled under the rear roller of the product, CPSC urges consumers with children at home to stop using the product immediately.”

Peloton initially rebuked the CPSC’s statement, saying its advice to all parents was “inaccurate and misleading.” The company later apologized for not having immediately followed the agency’s advice.

After the recall of nearly 125,000 treadmills on May 5, Peloton updated its software to require users to enter a code to restart the belt if it has been left unmoving for up to 45 seconds.

Source link

Bellie Brown
Bellie Brown
Hi my lovely readers, I am Bellie brown editor and writer of I write blogs on various niches such as business, technology, lifestyle., health, entertainment, etc as well as manage the daily reports of the website. I am very addicted to my work which makes me keen on reading and writing on the very latest and trending topics. One can check my more writings by visiting

Latest stories