A new development regarding Peloton will have users thinking twice before mounting the workout machine. Users of Peloton’s Bike+ have been warned of a security threat which could allow hackers to control the touchscreen, steal information and even watch the user.
Cybersecurity company McAfee announced its discovery of a flaw that grants cybercriminals the ability to access the bike screen. The set-up could take place as early as the supply chain or delivery process.
The hacker could remotely control the screen and tamper with the operating system. Once compromised, the hacker could install a fake app and trick users into providing their log-in information. As if that wasn’t enough, they could also watch a user via the camera or the microphone.
According to CNN Business, customers who own a Peloton Bike may be able to exhale as the issue most likely only affects the $2,945 bikes used in public spaces. The cheaper bikes utilize a different style of touchscreen and public areas are susceptible because the hacker needs to physically access the screen using a USB drive with a malicious code.
This hiccup adds to Peloton’s ongoing issues over the past few months. In May, it released a security update that sealed a leak that was revealing personal account information. The same day news broke about the bug, Peloton recalled its treadmill after a child death and other injuries.
McAfee and Peloton combined efforts and created a mandatory software update to resolve the security issue.
McAfee researchers urged customers to, "Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability.”