Image: Peloton Bike+. Source: Peloton Interactive
Cyber security company McAfee Corp (Nasaq: MCFE) said it has detected a vulnerability in Peloton Interactive Inc’s (Nasdaq: PTON) stationary exercise bicycles that enables hackers to access the equipment’s screen and potentially spy on riders through its microphone and camera.
In a report released Wednesday, McAfee said the threat most likely affects Peloton Bike+ in public, shared locations, such as hotels or gyms, because an attacker needs to physically access the screen using a USB drive containing a malicious code.
"As a result, unsuspecting gym-goers taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched," the report said.
It also warned the hacker could configure this spyware at any point, including during the supply chain or delivery process, without the owner knowing.
According to NBC News, McAfee engineers alerted Peloton of the problem in March, and the two companies worked to develop a security patch to resolve the issue.
The exercise equipment company also told NBC News it “pushed a mandatory update to affected devices last week that address this vulnerability.”
McAfee’s report marks the second security issue for Peloton in two months.
In May, the fitness firm issued an update after security company Pen Test Partners found that hackers can snoop on Peloton riders and learn their gender, age, location and workout stats.
News of that bug came on the same day that Peloton recalled its treadmill after a child died and over 70 people were injured while the machine was operating.
Source: Equities News