Software security company McAfee (NASDAQ:MCFE) said it has exposed a vulnerability in the Peloton (NASDAQ:PTON) Bike+ that allowed attackers to install malware through a USB port and potentially spy on riders.
The Advanced Threat Research Team at McAfee said the problem stemmed from the Android attachment that accompanies the Peloton stationary exercise Bike+. McAfee said attackers could access the bike through the port and install fake versions of popular apps like Netflix (NASDAQ:NFLX) and Spotify(NASDAQ:SPOT) , which could then fool users into entering their personal information.
Peloton Bike+ in a public, shared place, such as a hotel or a gym, would be especially vulnerable to the attack.
The research team said there are “interactive maps” online showing Peloton bikes and treadmills in the U.S., which can give attackers an easy way to find those in public spaces and eventually access users’ accounts. Hackers could then upload a “completely customized malicious image” that would eventually grant them access to a rider’s microphone, camera and apps, he said.
Peloton confirmed in a statement that engineers from McAfee alerted them to the problem "via our Coordinated Vulnerability Disclosure program" and said they were working with the security company to fix the issue.
Experts say any device that connects to the internet — like a TV, an appliance or even a toy — could be a way for hackers to get your personal data. Cybersecurity experts say you should turn on automatic software updates and consider security software for your home network.
PTON shares gave way 37 cents to $105.74, while shares in MCFE captured 26 cents to $28.41.
