Peloton Bug Could Give Hackers Control of Exercise Equipment | WHAT REALLY HAPPENED X-Frame-Options: SAMEORIGIN

Peloton Bug Could Give Hackers Control of Exercise Equipment

Threat Post reports that the popular Peloton Bike+ and Peloton Tread exercise equipment contain a security vulnerability that could expose gym users to a number of cyberattacks ranging from personal data theft to secret video recording.

According to research from McAfee’s Advanced Threat Research (ATR) team, the bug would allow a hacker to gain remote root access to the tablet installed on the Peloton devices. This tablet is the touch screen installed on the device to deliver streaming content including workout coaching and even allowing video calls using an integrated camera.

Once a hacker has gained root access, it is easy to install malware, intercept traffic and user’s personal data, and even control the camera and microphone of the tablet. Some attack scenarios include adding malicious apps disguised as normal services such as Netflix and Spotify to steal login credentials. Hackers could also record video or audio of users while they exercise, possibly intercepting phone calls and learning personal details.

However, an attacker would initially need physical access to the machines to gain root access, making gyms the primary place for real-world exploitation. Hackers would simply have to insert a USB key with a boot image file that would grant them remote root access into the device.