A Potential Security Breach in Peloton Bikes Allows Hackers to Spy on Riders

For many, it seems like out of nowhere, the Peloton family of devices and workout routines effectively took over the home workout community. With sleek, modern equipment that promises an accessible entry into exercise and real results to boot, it's clear why droves of people are flocking to Peloton.

However, for as much Peloton has contributed to the home workout space, it hasn't been wholly devoid of problems. Case-in-point: the security risks that the company is now speaking about to better inform their users and future customers. So, what are these risks, and should you second-guess buying a Peloton now? Keep reading to find out.

The Advanced Threat Research Team at McAfee discovered a pretty harrowing software flaw in Peloton Plus bikes that actually allows would-be hackers to spy on riders while they work out. Indeed, the company claims that there is a software vulnerability in the equipment that leaves the opportunity for spy malware to be installed on any bike.

The concern over malware being implemented lies first and foremost in shared spaces, where the same Peloton is used by many different people throughout the day.

"The flaw was that Peloton actually failed to validate that the operating system loaded," explained Steve Povolny, who is the head of the team at McAfee that made this shocking announcement, per NBC. "And ultimately what that means then is they can install malicious software. They can create Trojan horses and give themselves back doors into the bike and even access the webcam."

This issue is exacerbated by Peloton's nationwide interactive map of shared bikes, which could give hackers the opportunity to scope out their prey and steal valuable information from specific people.

Luckily, McAfee has alerted Peloton to this issue and the two companies are working currently to bolster the bike's security as much as possible.

Peloton released a statement on the issue once they began their joint investigation into it with McAfee. "McAfee reported a vulnerability to us that required direct, physical access to a Peloton Bike Plus or Tread to exploit the issue. Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability."

So it seems for now that the issue at hand has been addressed, but this isn't the first time Peloton bike security has come into question.

Back in January 2021, an odd headline emerged regarding President Biden's usage of a Peloton bike and how the White House wasn't exactly for it. Their reasoning?

The Peloton's built-in microphone and camera could be hacked, much like the new report published by McAfee claims. It's unclear if the president actually kept his Peloton (with some added security features) or if he was made to let it go, but that issue brought the conversation regarding Peloton security into the national spotlight.