"Peloton Bike+ Bug Gives Hackers Complete Control"

Researchers from McAfee's Advanced Threat Research (ATR) team discovered that the popular Peloton Bike+ and Peloton Tread exercise equipment contain a security vulnerability that could expose gym users to a wide variety of cyberattacks. According to the researchers, the bug (no CVE available) would allow a hacker to gain remote root access to the Peloton's "tablet." The tablet is the touch screen installed on the devices to deliver interactive and streaming content. From there, a diligent hacker could install malware, intercept traffic and user's personal data, and even control the Bike+ or Tread camera and microphone over the internet. McAfee noted that to exploit the vulnerability, an attacker would need either physical access to the workout machines or access during any point in the supply chain (from construction to delivery).

Threatpost reports: "Peloton Bike+ Bug Gives Hackers Complete Control"