Security Flaw Discovered In Peloton EquipmentSecurity Flaw Discovered In Peloton Equipment
The vulnerability could give attackers remote root access to the bike's tablet, researchers report.
June 17, 2021

A vulnerability in the Peloton Bike+ could have allowed an attacker to remotely spy on users, McAfee's Advanced Threat Research (ATR) team found.
The bug, which has already been addressed through a mandatory patch issued to affected devices worldwide, could have given an attacker remote root access to the Peloton tablet. Researchers note a threat actor would have required physical access to the equipment in order to take advantage of the flaw.
"The hacker could install malicious software, intercept traffic and user's personal data, and even gain control of the Bike's camera and microphone over the internet," McAfee wrote in a blog post on the discovery.
This flaw was found in the Android Verified Boot (AVB) process. It could be exploited, for example, on Peloton equipment in a gym or a hotel and then used to spy on riders or harvest user credentials, McAfee researchers explained.
The security firm says Peloton confirmed the vulnerability is also present on Peloton Tread exercise equipment. McAfee informed Peloton about the vulnerability in March and the patch was tested and confirmed earlier this month.
McAfee says the discovery is a reminder to consumers that IoT fitness equipment and devices require the same level of security as any connected device, like a computer or a smartphone.
The report from McAfee can be read here.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023