A security vulnerability has been discovered in Peloton Bike+ models. The said issue lets hackers install malware and potentially spy riders through their camera and microphones.
Hackers could also access the owners' personal data installed on the bike, like their apps used and account details. Peloton released a mandatory software update to fix the issue. However, it is important to check the device manually and take extra steps to keep yourself protected from the latest attacks.
Early last month, Peloton reportedly had issues with data leaks. Their systems and services are not properly encrypted and ended up exposing User IDs, Instructor IDs, Group Membership, Location, Workout Stats, Gender, Age and other similar details to malicious hackers.
While that issue was resolved, a new security threat was reported by McAfee
Hackers Spy on You Using Peloton Bike Camera
McAfee discovered the vulnerability and reported it on Wednesday. It said that hackers could quickly gain access to the Peloton Bike+ screen, microphone and camera to completely manipulate the Peloton Bike+ system. It then offered a quick demonstration of the hacking situation in a YouTube video.
As shown, a hacker could easily and remotely control the Peloton Bike+. It could record videos through your camera, go through your personal files and steal them remotely without your knowledge.
However, the hacking attempt requires the hacker to first physically access the screen using a USB drive containing the malicious code. After that, the hacker unplugs their device and immediately gains access to the Peloton Bike+.
Peloton Bike+, with the highest risk of being hacked, is the stationary bikes open to public spaces--including gyms and hotels. For the time being, it is better to avoid using these public devices and centralize your workout routine at home.
Read also: Student Loan Forgiveness 2021: How to Apply for Borrower Defense After Massive Loan Cancellation
How to Install Update Now to Fix
MSN reported that McAfee worked with the Peloton software to develop and fix the security risk. Moreover, the company said it has also pushed a "mandatory update" to address the issue.
Fortunately, the security risk does not affect the lower-priced Peloton Bike because it uses a different system and touchscreen. Instead, this security risk is found specifically on Peloton Bike+ that costs $2,495.
For homeowners with a Peloton Bike+, keep yourself safe by staying on top of the security software updates! You could also visit the Peloton website regularly to monitor the latest news and patches for the Peloton bike.
It is recommended that you activate the "automatic software updates" for your Peloton Bike plus and any other connected device to keep yourself protected from the latest attacks.
To keep yourself and your Peloton Bike private, avoid letting strangers use your hardware device and never let them plug into your Peloton Bike. As mentioned, a new update might soon come in to fix this recent security risk. If you spot any suspicious indicators, like messages or apps on your Peloton bike that you never remembered installing, email your findings to their address vulnerability.disclosure@onepeloton.com.