by Chris Ciaccia and Sam Baker at The Daily Mail
After Peloton riders’ private data was exposed by a software bug earlier this year, researchers have found some of the tech company’s products are vulnerable to malware, letting hackers spy on unsuspecting riders.
Cybersecurity firm McAfee said cybercriminals could trick Bike+ users into logging into nefarious apps disguised to look like Netflix or Spotify with their credentials, and spy on them through their webcams.
It can be done by inserting a USB key at any time (in the gym, somewhere in the supply chain) with a boot file image containing the dangerous code and allowing criminals remote access to the Bike+, Peloton’s $2,495 bike.
‘They can enable the bike’s camera and microphone to spy on the device and whoever is using it,’ McAfee wrote in the report.
‘To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information.’
‘As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.’
In addition, the vulnerability is also present on Peloton Tread, McAfee added.
Shares of Peloton were higher in early Thursday trading, up 2.1 percent to $107.17.
McAfee said it has spoken to Peloton and disclosed the vulnerability and the two companies worked together ‘to responsibly develop and issue a patch.’…
Continue Reading