



Peloton users have been warned of new security threats related to Bike + touchscreens that could be controlled by hackers.

In a report released Wednesday, cybersecurity firm McAfee discovered a vulnerability that could allow hackers to access Peloton’s bike screen and use a microphone and camera to spy on riders. However, this threat only affects $ 2,495 bikes used in public spaces such as hotels and gyms, as hackers need to physically access the screen using a USB drive that contains malicious code. There is a possibility.

According to McAfee’s Advanced Threat Research team, hackers can remotely and carefully control the exercise bike screen and interfere with the operating system. This means that a hacker could install an app like Netflix or Spotify, for example, to steal a user’s login information. Perhaps even more disturbing, the cybersecurity team was able to spy on users through the cameras and microphones commonly used for video chats with other users.

“As a result, when unsuspecting gym attendants try Peloton Bike +, they risk putting their personal data at risk and unknowingly seeing training,” the report said. I will. Hackers also warned that the spyware could be configured at any time, including during the supply chain and delivery process, without the owner’s knowledge.

Devices connected to the Internet are all vulnerable to hacking, including bicycles, computers, and even refrigerators. Cyber ​​attacks are gaining more and more public attention, and prominent companies such as McDonald’s, Microsoft, and Electronic Arts have announced recent security breaches.

McAfee said it looked at Peloton’s software with a “critical eye” to find vulnerabilities and warn users. The two companies worked together to “responsibly develop and publish patches.”

Earlier this month, Peloton released a mandatory software update to users that fixes the issue. Due to the different types of touch screens used, the security risk does not affect the low cost Peloton Bike.

According to McAfee, this is an important reminder for users of all connected devices to activate automatic software updates to protect their devices from the latest attacks.

“We are always aware of software updates from device manufacturers, especially because software updates do not always advertise their availability,” said a McAfee researcher. “Visit their website regularly and don’t miss any news that could affect you.”

This report presents the second Peloton security concern in two months. In May, a fitness company released a security update that seals leaks that reveal personal account information such as a user’s age, city, and weight. The news of the bug was released the same day Peloton recalled the treadmill after a child died while the machine was running and others were injured.

