Researchers at software security company McAfee discovered a vulnerability in the Peloton Bike+ that could enable attackers to install malware in the system through a USB port.
The flaw, which the researchers said was associated with the Android attachment accompanying the Bike+, could allow attackers to access its webcam and spy on riders and their surroundings.
It also could allow them to install fake versions of popular apps like Netflix and Spotify, and capture riders' personal information.
McAfee's Steve Povolny said, "The flaw was that Peloton actually failed to validate that the operating system loaded. And ultimately what that means then is they can install malicious software, they can create Trojan horses and give themselves back doors into the bike, and even access the webcam."
Peloton confirmed it was working with McAfee to fix the issue, adding that it recently pushed a mandatory update to affected devices to address the vulnerability.
From NBC News
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found