Thursday, June 13, 2024
HomeBusinessMcAfee finds security vulnerability in Peloton products

McAfee finds security vulnerability in Peloton products


Related stories

5 Reasons AI Will Revolutionize Investment

If you’re an investor in the stock market, you...

Advantages of Financial Advisory Services in Retirement Planning

Planning for retirement can be both exciting and daunting....

Uncovering the Mysteries of Mount Hayes: A Expedition

History and Exploration of Mount Hayes Mount Hayes...

What are Electrical Control Panels and Why Do You Need One?

Our lives are fueled by electricity. From the moment...

Tammy Slaton Shares New Video, Flaunts Incredible Weight Loss

Tammy Slaton is clearly very proud of the progress...


Cari Gundee rides her Peloton exercise bike at her home on April 06, 2020 in San Anselmo, California.

Ezra Shaw | Getty Images

Software security company McAfee said it exposed a vulnerability in the Peloton Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders.

The Advanced Threat Research Team at McAfee said the problem stemmed from the Android attachment that accompanies the Peloton stationary exercise Bike+. McAfee said attackers could access the bike through the port and install fake versions of popular apps like Netflix and Spotify, which could then fool users into entering their personal information.

A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.

“The flaw was that Peloton actually failed to validate that the operating system loaded,” said Steve Povolny, head of the threat research team. “And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam.”

Povolny said there are “interactive maps” online showing Peloton bikes and treadmills in the U.S., which can give attackers an easy way to find those in public spaces and eventually access users’ accounts. Hackers could then upload a “completely customized malicious image” that would eventually grant them access to a rider’s microphone, camera and apps, he said.

“Not only could you spy on riders but, maybe more importantly, their surroundings, sensitive information,” Povolny said.

Peloton confirmed in a statement that engineers from McAfee alerted them to the problem “via our Coordinated Vulnerability Disclosure program” and said they were working with the security company to fix the issue. McAfee said it disclosed the vulnerability to Peloton about three months ago and heard back from the company within a couple of weeks.

See also  Extending Shelf Life With Vacuum Packaging: Pros and Cons

“McAfee reported a vulnerability to us that required direct, physical access to a Peloton Bike+ or Tread to exploit the issue,” the exercise equipment company said in a statement. “Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability.”

Experts say any device that connects to the internet — like a TV, an appliance or even a toy — could be a way for hackers to get your personal data. Cybersecurity experts say you should turn on automatic software updates and consider security software for your home network.

Peloton recalled its Tread+ and Tread treadmills early last month, citing safety concerns that arose after numerous people were injured and a child died. The Consumer Product Safety Commission, or CPSC, had urged parents to stop using the Tread+ in an “urgent warning” it issued April 17.

“CPSC staff believes the Peloton Tread+ poses serious risks to children for abrasions, fractures, and death,” a CPSC statement read. “In light of multiple reports of children becoming entrapped, pinned, and pulled under the rear roller of the product, CPSC urges consumers with children at home to stop using the product immediately.”

Peloton initially rebuked the CPSC’s statement, saying its advice to all parents was “inaccurate and misleading.” The company later apologized for not having immediately followed the agency’s advice.

After the recall of nearly 125,000 treadmills on May 5, Peloton updated its software to require users to enter a code to restart the belt if it has been left unmoving for up to 45 seconds.


Source link

Bellie Brown
Bellie Brown
Hi my lovely readers, I am Bellie brown editor and writer of I write blogs on various niches such as business, technology, lifestyle., health, entertainment, etc as well as manage the daily reports of the website. I am very addicted to my work which makes me keen on reading and writing on the very latest and trending topics. One can check my more writings by visiting

Latest stories