ST. LOUIS (KMOX) - The Peloton bike you bought to work out in the privacy of your home could be letting hackers in the door. Computer security company McAfee says it found a weakness in Peloton's software that could give unauthorized users full control of a bike's operating system.
In a blog post, Is Your Peloton Spinning up Malware, McAfee explains how their researchers hacked the bikes, gaining unfettered access. Ultimately, hackers could steal any account credentials entered on the bike's tablet and could even spy on the device and its rider with the bike's camera and microphone.
"With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet, " explains the McAfee blog post. "They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information."
The good news is that McAfee alerted Peloton.
Peloton says it has created a software patch. If you own a bike, Peloton says you need to install those updates before your feet touch the pedals again.