Leisure > Gear

A Security Vulnerability Was Just Discovered on Peloton Bikes

Thankfully, this malware/privacy issue seems to have a quick and easy fix

By Kirk Miller
June 17, 2021 12:40 pm
A detail of Brody Longo strapping his foot into his Peloton exercise bike pedal before he works out on April 16, 2021 in Brick, New Jersey
Some Peloton bike models have a security flaw that require a software fix
Michael Loccisano/Getty Images

A security flaw could allow malware to be installed on some Peloton bikes, according to NBC News.

The software security firm McAfee discovered the security flaw on the Peloton Bike+ models, where a USB port could allow bad actors to install fake versions of popular apps like Spotify and Netflix, which would then be able to ask for personal information from users. They would also be able to access a rider’s mic and camera.

While this is unlikely to happen at home, in a public space like a gym this could present problems. And it’s pretty easy to find those public Peloton bikes online, according to the McAfee team.

“The flaw was that Peloton actually failed to validate that the operating system loaded,” said Steve Povolny, head of the McAfee threat research team. “And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam.”

As Peloton noted on their site yesterday, the company works with external security researchers issue on issues like these, and this particular security flaw was reported months ago and fixed. As they wrote: “McAfee’s Advanced Threat Research … uncovered a security issue where an attacker with physical access to a Peloton Bike+ or a Peloton Tread could ultimately take control of the device. The issue reported to us by McAfee requires that an attacker be able to connect directly to one of the USB ports on the tablet on the Bike+ or the Tread. They would then be able to modify the software on the device, and could then install malware or access data that is communicated between the device and our services. Like with any connected device in the home, if an attacker is able to gain physical access to it, the need for additional physical controls and safeguards becomes increasingly important.”

A screen with a mandatory Peloton software update
You’ll have to update your Peloton software to fix this security issue
Peloton

The company does note that this fix requires a mandatory software update.

It’s been a rough year for Peloton, which has already recalled Tread+ treadmills after one child death and 70 incidents. Not to mention that the bikes might be crushing your private parts.

More Like This

peloton pelvic floor
Is Too Much Time on the Peloton Literally Crushing Your Private Parts?
peloton treadmill
What the Hell Is Going on With Peloton’s Deadly Treadmills?
peloton to road cycling
How to Make the Leap From Peloton to Big-Boy Road Cycling

Leisure > Gear
Wellness
Kirk Miller is InsideHook's Senior Lifestyle Editor (and longest-serving resident). He writes a lot about whisk(e)y, cocktails, consumer goods and artificial intelligence.

Most Popular

Wilyer Abreu, Jarren Duran and Rob Refsnyder of the Boston Red Sox.
The Red Sox Are a $4.5 Billion Franchise With a $10 Million Lineup
woman in a giant glass wearing a tutu throwing confetti, men playing instruments in suits
Where to Catch New York City’s Best Jazz Shows
The Ford Mustang Mach-E GT SUV on display at the Los Angeles Auto Show in Los Angeles, California on November 17, 2021.
Did Ford’s Mustang Mach-E Gamble Pay Off?
Ex-Michigan Wolverines Jim Harbaugh and J.J. McCarthy.
Jim Harbaugh Is Still Using J.J. McCarthy to Help Him Win
A collage of images of Patagonia clothing, synthetic microfibers, microplastics, laundry and bodies of water. Our story looks at Patagonia's microplastics problem.
Patagonia’s Major Microplastic Problem
Robot hand on keyboard
Scientists Are Looking For Ways to Make AI Less Racist

Win the Ultimate Formula 1® Crypto.com Miami Grand Prix Experience

Want the F1 experience of a lifetime? Here’s your chance to win tickets to see Turn 18 Grandstand, one of Ultimate Formula 1® Crypto.com Miami Grand Prix’s most premier grandstands!

More Wellness, Right This Way

Two men, one a Republican and one a Democrat, sitting at a coffee shop in an illustration. We spoke with two men, one a Trump voter and one a Biden voter, about how they became friends despite political differences.

One’s a Conservative, One’s a Liberal. Here’s Their Secret to Friendship.

A yoga class at the East Bank Club, one of the best gyms in Chicago

The 15 Best Gyms in Chicago 

C.J. Stroud warms up by passing a basketball to his trainer.

Why Do Athletes Warm Up With Equipment From Other Sports?

An illustration of two tennis players fist-bumping. We discuss why tennis friends are so great for your longevity.

The Mighty Fellowship of Tennis Partners

Explore More Wellness

Keep Reading

An illustration of three young men after a soccer match next to the words "I Love You." We discuss the difficulty straight men still have expressing their love for their male friends.

Three Words Straight Guys Still Can’t Say to Each Other

A whiskey thief pouring bourbon from a barrel into a Glencairn at Bardstown Bourbon Company

For Whiskey Geeks, “Sourced” Is No Longer a Dirty Word 

Regardless of what kind of traveler you are, California has a park for you.

Which California National Park Is for You?

people dancing in a nightclub, orange dim lighting

The Best Bars in Dallas’s Bishop Arts District