McAfee Reports Security Exploit in Peloton Bike+ GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

McAfee Reports Security Exploit in Peloton Bike+

Attackers could use the bike's USB port to install malware and steal information

By Rob Rich Rob Rich News Reporter College for Creative Studies Rob is a freelance tech reporter with experience writing for a variety of outlets, including IGN, Unwinnable, 148Apps, Gamezebo, Pocket Gamer, Fanbolt, Zam, and more. lifewire's editorial guidelines Updated on June 16, 2021 12:01PM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming McAfee has reported that a Peloton Bike+ security vulnerability with the Android attachment and USB drive could have allowed hackers to install malware in order to steal riders' information. According to a post on McAfee's blog, the team reported this issue to Peloton a few months ago and the companies began working together to develop a patch. The patch has since been tested, confirmed to be effective on June 4, and began rolling out last week. Typically, security researchers wait until vulnerabilities have been patched until announcing the issue. McAfee The exploit made it possible for hackers to use their own software loaded via USB thumb drive to manipulate the Peloton Bike+ operating system. They would be able to steal information, set up remote internet access, install fake apps to trick riders into providing personal information, and more. Bypassing the encryption on the bike's communications was also a possibility, making other cloud services and accessed databases vulnerable. Peloton The biggest risk posed by this exploit was to public-facing Pelotons, such as in a shared gym, where hackers would have easier access. However, private users also were vulnerable, as malicious parties could have access to the system throughout the bike's construction and distribution. The new patch does fix this problem, but McAfee warns that Peloton Tread equipment—which it did not include in its research—still could be manipulated. According to McAfee, the most important thing Peloton riders can do to protect their privacy and security is to keep their devices up to date. "Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability." They also recommend that users "turn on automatic software updates, so you do not have to update manually and always have the latest security patches. " Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Can a Smart TV Get a Virus? How to Encrypt Data on an Android or iOS Device How to Prevent Browser Hijacking How to Protect Your iPad From Malware and Viruses What Is Spyware? Plus, How to Protect Yourself Against It Can You Get a Virus on a Mac? What You Need to Know 5 MacBook Security Tips - Internet / Network Security How to Test Your Firewall My Phone Was Hacked. How Do I Fix It? Securing Your Home Network and PC After a Hack Microsoft Windows XP on New Computers A Brief History of Malware Browser Hijackers: What They Are and How to Protect Yourself From Them McAfee Review How to Remove That Microsoft Warning Alert 10 Things You Need to Do After Being Hacked Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies