Peloton

Hacked While Exercising? Peloton Users Were Vulnerable

Loading content…

Where there’s a hacker, there’s a way. Peloton owners have been in danger of being hacked by bad actors.

Cybersecurity company McAfee recently revealed a vulnerability that allows hackers to gain remote access to electronic exercise bikes. What’s that mean for you? Let’s take a closer look.

McAfee Discovers a Peloton Problem

Peloton bikes have been making waves for their advanced technology and digital user interfaces. Each exercise bike comes equipped with an Android tablet.

Yesterday, McAfee writers revealed that the company found a flaw in the Android Verified Boot (AVB) process that leaves Peloton owners vulnerable.

The report revealed that hackers could remotely access Peloton products and tap into the microphones and cameras. Hackers can also add apps that look like Spotify or Netflix but are just phishing disguises to get users to give away their login information.

McAfee made a video detailing the situation:

The report stated that bikes could be affected at any point, from construction to the warehouse to delivery.

McAfee notified Peloton of the vulnerability in March.

Peloton’s Head of Global Information Security, Adrian Stone, responded:

This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.

Peloton Has Problems Outside of Getting Hacked

This vulnerability is just the latest of a slew of bad news for Peloton. Its treadmill rollout did not go as planned. The company recalled some of its treadmills after receiving reports of over 70 injuries and the death of a 6-year-old. These objects and people were being pulled under the machines.

The company’s CEO John Foley pushed back against the federal government’s call for a recall. He later obliged.

Around the same time, a different security company discovered that hackers could access sensitive information from Peloton users, including:

  • User IDs
  • Instructor IDs
  • Group membership
  • Location
  • Workout stats
  • Gender and age
  • If they are in the studio or not
Peloton
Peloton users get the bad news. | Source: Twitter

Despite these issues, the firm had an excellent pandemic where it increased revenue exponentially.

If you own a Peloton, be sure to freshen up your knowledge of cybersecurity hygiene and familiarize yourself with phishing attempts.

And if you think you’ve been hacked, don’t hesitate to reach out to us today.

Featured image by Maridav from Shutterstock.com

AGI Amazon Antivirus Apple bitcoin blackmail China Colonial Pipeline Cybercrime cybersecurity DarkSide Dark Web Deepfake Deepnude Facebook fireeye Google Hackers Impersonation Instagram iPhone Joe Biden malware Meta Microsoft pegasus phishing Playstation Porn ransomware Revenge porn Russia sim swap small business Snapchat solarwinds TikTok Twitter two-factor authentication yango YouTube

Grant Employees Free Security Help

At Hacked.com, we specialize in securing and recovering accounts like Facebook, Instagram, and LinkedIn. We also assist individuals in removing harmful online content, such as images, videos, and fake profiles.

We offer two annual cybersecurity webinars to help employees stay ahead of personal security threats. Our webinars are updated yearly and include:

  • Exclusive security toolkits
  • Free recovery assistance for any employee who attends a webinar