Antivirus Firm McAfee Finds Security Vulnerability in Peloton Bikes

A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack

Peloton bike
Ezra Shaw | Getty Images

Software security company McAfee said it exposed a vulnerability in the Peloton Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders, NBC News reports.

McAfee said the problem stemmed from the Android attachment, noting attackers could access the bike through the port and install fake versions of popular apps like Netflix and Spotify, which could then fool users into entering their personal information.

A Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.

Peloton confirmed in a statement that engineers from McAfee alerted them to the problem "via our Coordinated Vulnerability Disclosure program" and said they were working with the security company to fix the issue. "Peloton also pushed a mandatory update to affected devices last week that addressed this vulnerability," the exercise equipment company added.

Read the full story on NBCNews.com here.

Peloton is recalling its Tread+ and Tread treadmill machines over safety concerns after a child died and several others suffered injuries from being pulled under the rear of the treadmill.
Contact Us