McAfee: Peloton Bike+ Security Flaw Could Let Hackers Spy On Riders

Posted by admin on

Software security firm McAfee discovered a security flaw in the Android operating system powering Peloton Bike+ that could potentially give hackers the ability to spy on riders or steal their personal data, McAfee said in a press release.

Sam Quinn and Mark Bereza, both security researchers at the Advanced Threat Research Team at McAfee, said that a flaw was discovered in the Android Verified Boot (AVB) process, stemming from the Android attachment.

Peloton “... has garnered attention recently regarding concerns surrounding the privacy and security of its products. So, we decided to take a look for ourselves and purchased a Pelton Bike+,” according to the release. 

If a threat actor compromised a Peloton Bike+ in a public place like a gym or hotel, they could potentially install malware that harvests the accounts of everyone who uses the bike.

Peloton Head of Global Information Security Adrian Stone said in a press release that the company addressed the issue after being alerted to it by McAfee’s team. A mandatory software update was distributed that fixes the issue, he said.

“Like with any connected device in the home, if an attacker is able to gain physical access to it, the need for additional physical controls and safeguards becomes increasingly important,” Stone added. 

Peloton recalled its Tread+ and Tread treadmills over safety concerns after a child died and people were injured, Peloton said in a press release on May 5.

The Consumer Product Safety Commission issued an “urgent warning” on April 17 that parents should stop using the Tread+.

Peloton said it was “shocked and devastated” when learning in March that a child died and another got a brain injury on the treadmill. The information was reported to CPSC within 24 hours, the company said.

The June edition of PYMNTS Digital Security Playbook: Building Trust And Loyalty Online, a collaboration with Sift, showed that consumers are concerned about trust when it comes to connected devices and using mobile wallets for payments when shopping. Establishing digital trust with customers is critical to long term engagement.