Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug

Peleton Patches Vulnerability In Camera That Allowed Spying on Riders (cnn.com) 20

McAfee has discovered a vulnerability "that allows hackers to access Peloton's bike screen," reports CNN, "and potentially spy on riders using its microphone and camera."

"However, the threat most likely affects only the $2,495 bike used in public spaces, such as in hotels or gyms, because the hacker needs to physically access the screen using a USB drive containing a malicious code." According to McAfee's Advanced Threat Research team, a hacker can discreetly control the stationary bike's screen remotely and interfere with its operating system. That means hackers could, for example, install apps that look like Netflix or Spotify and steal the users' log-in information. Perhaps more alarmingly, the cybersecurity team was able spy on users via the camera and microphone, which is normally used for video chats with other users.

"As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched," the report said. It also warned the hacker could configure this spyware at any point, including during the supply chain or delivery process, without the owner knowing... Peloton released a mandatory software update that fixes the issue to users earlier this month.

The security risk doesn't affect the lower-priced Peloton Bike because it uses a different type of touchscreen....

This report marks the second security concern for Peloton in two months. In May, the fitness firm released a security update that sealed a leak that was revealing personal account information, such as a user's age, city and weight.

This discussion has been archived. No new comments can be posted.

Peleton Patches Vulnerability In Camera That Allowed Spying on Riders

Comments Filter:
  • Three, actually (Score:2, Informative)

    by quonset ( 4839537 )

    This report marks the second security concern for Peloton in two months.

    In April, the U.S. Consumer Product Safety Commission issued a warning about the Tread+ treadmill [go.com]. A child was pulled under the belt and killed while the parent was on the treadmill, and so far at least 39 other incidents have been reported where both children and pets have been injured around this particular treadmill.

    • Granted, there's probably a lot of equipment that kills babies. But it could be one of the fewer models that doubles as an Orwellian telescreen.

      Sure, better design could alleviate both of these problems. (Unless the remote access thing becomes "feature not bug", which it will, if it's not already.) Even better to avoid these problems altogether by either not getting such a machine, or keeping it locked in an exercise room where the kiddos can't get to it and it can't see anything other than jiggling jellybe

  • by AndyKron ( 937105 ) on Saturday June 19, 2021 @12:21PM (#61501742)
    On to the next security bug...
  • to a computer and they can install code that is malicious. Is this entirely unexpected ? If it were totally locked down then would we not be seeing complaints that nasty Peloton was preventing owners from customising the machine, that the owners did not really own it, etc.

    I do not have one of these ... is there a login mechanism that could be used, or a superuser login ?

  • They had to demand a custom version of the software/firmware from Peloton so Michelle Obama could have one of those in the White House. I guess it was justified.

  • by Tablizer ( 95088 ) on Saturday June 19, 2021 @06:04PM (#61502356) Journal

    ...bike need a camera?

    • Group rides with friends. Personally, I’ve never used it. Although, if you snuck into my house and installed some malicious malware onto my peloton, you’d certainly be able to watch me get sweaty while wearing a tshirt and shorts. I can live with that risk vector, whether or not it’s been patched now.
    • The tele-social workout is basically their whole offering.

      Also this hack seems kind of ho-hum. If somebody has physical access to the space it would be so much easier to just put their own spy cam wherever in the room, and get a better view.

      • by Tablizer ( 95088 )

        I wonder what percent actually use that feature. Our exercycle also has a camera, and it's not a Peleton. I even put tape over the camera a half year ago, but somebody peeled it off.

        • I mean, what percent of stationary bike owners even use the pedals within the last year?

          But, Coronavirus was fantastic for them, with clubs shut down.

    • Well, the camera and connectivity and group experience is the only thing that separates peloton from other excercise bikes, so, while I understand the question, it is also kind of like saying, of Tesla, "why does a car need to be electric?"

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...