"X-Force Discovers New Vulnerabilities in Smart Treadmill"

Due to the many features of Internet-connected gym machines, IBM X-Force Red researchers decided to explore their user data security and whether there was any risk to users' physical safety. The team researched smart treadmills from Precor, a leading fitness equipment brand with over 143,000 machines containing Internet-connected consoles. Using an exposed SSH key pair, the researchers gained root-level access to three console versions and showed that treadmill belts can be stopped remotely, which could harm users. In addition, a weak hashing algorithm revealed the root user account password. This article continues to discuss the IBM X-Force Red researchers' discovery of vulnerabilities in Precor smart treadmills.

SecurityIntelligence reports "X-Force Discovers New Vulnerabilities in Smart Treadmill"

Submitted by grigby1