Peloton bikes are vulnerable to malware attacks: report

More On:

peloton

Book describes how trendy fitness studios use cult-like tactics to attract followers

Peloton developing handheld gadget amid treadmill recall

Peloton slammed on social media for belated treadmill recall

Peloton recalls all treadmills after injuries, child’s death

Peloton bikes are vulnerable to malware attacks that could enable creeps to spy on riders through their webcams, according to a report.

Software security company McAfee said hackers could potentially spy on Peloton bikers by tricking them into installing “malicious apps disguised as Netflix and Spotify,” according to research the company released on Wednesday.

A hacker, according to the report, could enter a gym and insert a tiny USB key into the bikes that would give a criminal remote access to the rider’s personal information.

“An unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched,” according to the report.

Hackers could install these USBs anywhere in the supply chain, from construction to delivery, which would put consumers who own the pricey bikes at risk as well, McAfee says.

It’s not the first time Peloton has been seen as a security risk.

In January, president Biden was warned not to bring his favorite exercise bike to the White House, according to reports, because hackers might be able to view him and access information during his workouts.

Peloton’s own security and compliance page warns that “no matter how much effort we put into system security, there can still be vulnerabilities present.”

The latest security flaw impacts Android tablet users, the McAfee Advanced Threat Research group found. McAfee said it alerted Peloton to the problem several months ago.

Peloton did not immediately respond to The Post’s request for comment.

“McAfee reported a vulnerability to us that required direct, physical access to a Peloton Bike+ or Tread to exploit the issue,” Peloton said in a statement to NBC News. “Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability.”

The security concerns have surfaced following a massive product recall over safety last month after 70 customers reported injuries from using the treadmills and a child died.

The Consumer Product Safety Commission issued an “urgent” warning to parents to stop using the Tread+ because of the risk to young children. As part of its warning the CPSC provided a horrific video showing a toddler being sucked under the machine. 

Share this article:

Source: Read Full Article