Peloton Bike+ Bug Gives Hackers Complete Control
#1
Information 
Quote:The popular Peloton Bike+ and Peloton Tread exercise equipment contain a security vulnerability that could expose gym users to a wide variety of cyberattacks, from credential theft to surreptitious video recordings.
 
According to research from McAfee’s Advanced Threat Research (ATR) team, the bug (no CVE available) would allow a hacker to gain remote root access to the Peloton’s “tablet.” The tablet is the touch screen installed on the devices to deliver interactive and streaming content, such as the motivational workout coaching that will be familiar to anyone watching TV commercials during the pandemic.
 
From there, a diligent hacker could install malware, intercept traffic and user’s personal data, and even control the Bike+ or Tread camera and microphone over the internet.
 
Some of the attack scenarios include adding malicious apps disguised as Netflix and Spotify designed to harvest login credentials for them to harvest for other cyberattacks. Or, someone could record people’s workouts for personal use, or to be put up for sale on the darker corners of the internet.
 
Nuisance attacks are possible too, like replacing content with attacker-controlled videos, or even bricking the tablets entirely. And, attackers could decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive business and customer information.
 
There’s a catch though: An attacker would need either physical access to the workout machines or access during any point in the supply chain (from construction to delivery), McAfee noted – which means that gyms are the likeliest place for real-world exploitation.

Read more: Peloton Bike+ Bug Gives Hackers Complete Control | Threatpost
[-] The following 2 users say Thank You to silversurfer for this post:
  • harlan4096, Mohammad.Poorya
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>