A new analysis of the software used on the Peloton Treadmill has shown that the device may be prone to certain security risks.
A blog post from Check Point revealed that the vulnerabilities found within the Peloton product could pose a significant threat to users’ databases and uncover private data.
The problem seems to stem from the device’s operating system, with the Peloton Treadmill running Android 10 after being updated from Android 9 a few months ago.
Currently, Android 13 is the most recent version of the Android operating system, leaving the treadmill open to a potential 1,100 or more vulnerabilities from last year until now.
Further, if a Peloton Treadmill was the target of a malicious attacker, USB debugging could be enabled, which would grant the attacker access to the device’s shell. This could also lead to the leak of all installed packages and apps on the device.
Apps can be fetched from the device directly for other malicious purposes as well.
Select applications on the treadmill thankfully feature rooting detection security measures to prevent such breaches from happening, although experienced attackers may be able to bypass these measures.
Check Point was able to sideload a mobile remote access tool to the device, which gave them total control over the treadmills functionality, including photos, accessing geolocation, abusing the network stack and more.
If that wasn’t bad enough, full access to the device’s local area network was revealed, leading to the possibility of further security breaches.
Peloton has been informed of the recent findings and has stated that they “meet expected security measures for Android-based devices.”
Image credit: Shutterstock
Source: Check Point