{"id":122800,"date":"2021-06-15T21:01:05","date_gmt":"2021-06-16T04:01:05","guid":{"rendered":"\/blogs\/?p=122800"},"modified":"2024-01-31T06:01:51","modified_gmt":"2024-01-31T14:01:51","slug":"is-your-peloton-spinning-up-malware","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/","title":{"rendered":"Is Your Peloton Spinning Up Malware?"},"content":{"rendered":"<p><em>[Disclaimer: The <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/threat-center\/advanced-threat-research\/disclosure.html\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee ATR team disclosed<\/a> this vulnerability\u00a0to Peloton and promptly started working together to\u00a0responsibly\u00a0develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]<\/em><\/p>\n<p><span data-contrast=\"auto\">Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code that grants them remote root access. Since the attacker doesn\u2019t need to\u00a0factory\u00a0unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton\u2019s operating system and\u00a0now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet.\u00a0They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks.\u00a0They can enable\u00a0the bike\u2019s camera and microphone\u00a0to spy on the device and whoever is using it.\u00a0To make matters worse, they\u00a0can also\u00a0decrypt the bike\u2019s encrypted communications with\u00a0the various cloud services and databases it\u00a0accesses, potentially intercepting all kinds of sensitive information.\u00a0As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">That\u2019s a potential risk that you no longer\u00a0have to worry about thanks to\u00a0<\/span><span data-contrast=\"none\">McAfee\u2019s\u00a0Advanced Threat Research (ATR) team<\/span><span data-contrast=\"auto\">. The ATR team recently\u00a0<a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/a-new-program-for-your-peloton-whether-you-like-it-or-not\/\">disclosed a vulnerability<\/a> (<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-33887\">CVE-2021-3387<\/a>) in the Peloton Bike+,\u00a0which\u00a0would\u00a0allow\u00a0a hacker\u00a0with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote\u00a0root\u00a0access to the Peloton\u2019s tablet. The hacker could\u00a0install malicious software,\u00a0intercept traffic and user\u2019s personal data,\u00a0and even\u00a0gain control of\u00a0the Bike\u2019s\u00a0camera\u00a0and\u00a0microphone\u00a0over the internet.<\/span><span data-ccp-props=\"{}\"> Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.<\/span><\/p>\n<p><span data-contrast=\"auto\">As a result of COVID-19, many consumers\u00a0have\u00a0looked for in-home exercise solutions,\u00a0sending the\u00a0demand for Peloton products\u00a0soaring.\u00a0The number of Peloton\u00a0users\u00a0grew 22% between September and the end of December 2020, with\u00a0<\/span><a href=\"https:\/\/backlinko.com\/peloton-users\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-contrast=\"none\">over 4.4 million members<\/span><\/a><span data-contrast=\"auto\">\u00a0on the platform at year\u2019s end.\u00a0By combining luxury exercise equipment with high-end technology, Peloton presents an appealing\u00a0solution\u00a0to those looking to stay in shape with a variety of classes, all from a few taps of a tablet.\u00a0Even though in-home fitness\u00a0products such as Peloton\u00a0promise\u00a0unprecedented convenience,\u00a0many\u00a0consumers\u00a0do not realize the risks that\u00a0<\/span><a href=\"https:\/\/www.mcafee.com\/blogs\/consumer\/mobile-and-iot-security\/how-to-keep-you-fitness-iot-devices-secured\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-contrast=\"none\">IoT fitness devices<\/span><\/a><span data-contrast=\"auto\">\u00a0pose\u00a0to\u00a0their online security.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Under the Hood of the Peloton Bike+ <\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have\u202fembedded\u202fsystems\u202fcomplete with firmware, software, and operating systems. As\u00a0a\u00a0result, they are\u00a0susceptible to the same kind of vulnerabilities,\u00a0and their security should be approached with a similar level of scrutiny.\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Following\u00a0the consumer trend in increasing\u00a0IoT fitness\u00a0devices, McAfee ATR\u00a0began\u00a0poring over the Peloton\u2019s various systems with a critical eye,\u00a0looking for potential risks consumers might not be thinking about. It was\u00a0during this\u00a0exploratory\u00a0process that the team\u00a0discovered that the\u00a0Bike\u2019s\u00a0system was not verifying that the device\u2019s bootloader\u00a0was\u00a0unlocked before attempting to boot a custom image. This means that the\u00a0bike\u00a0allowed researchers to load a file that wasn\u2019t meant for the Peloton hardware\u00a0\u2014\u00a0a command that\u00a0should normally be denied on a locked device such as this one.\u00a0Their first attempt\u00a0only loaded a blank screen,\u00a0so\u00a0the team continued to search for ways to\u00a0install\u00a0a valid, but customized\u00a0boot image, which would start the bike successfully\u00a0with increased privileges.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify.\u00a0With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team\u00a0had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers.\u00a0The Verified Boot process on the\u00a0Bike\u00a0failed to identify that\u00a0the\u00a0researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external\u00a0modifications\u00a0or clues that the device had been compromised.\u00a0In reality,\u00a0ATR had\u00a0gained complete control of the\u00a0Bike\u2019s\u00a0Android operating system.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Tips For Staying Secure While Staying Fit<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">The\u00a0<\/span><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/threat-center\/advanced-threat-research\/disclosure.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-contrast=\"none\">McAfee ATR team disclosed<\/span><\/a><span data-contrast=\"auto\"> this vulnerability\u00a0to Peloton and promptly started working together to\u00a0responsibly\u00a0<\/span><span data-contrast=\"none\">develop and issue a patch within the disclosure window<\/span><span data-contrast=\"auto\">.\u00a0The patch was tested and confirmed effective on June 4, 2021. The\u00a0discovery serves as an important\u00a0reminder to practice caution when using fitness IoT\u00a0devices, and it is important that consumers keep these tips in mind to stay\u00a0secure while staying fit:\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h4><b><span data-contrast=\"auto\">1. Update, update, update!<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may\u00a0affect\u00a0you. Additionally, make sure to update\u00a0mobile\u00a0apps\u00a0that pair with\u00a0your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h4><b><span data-contrast=\"auto\">2.\u202fDo your research\u202f<\/span><\/b><span data-contrast=\"auto\">\u202f<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation\u00a0for providing\u00a0secure\u00a0products?\u202fAlso, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect. <\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h4><b><span data-contrast=\"auto\">3. Consider an\u202fidentity\u202ftheft\u202fprotection solution<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h4>\n<p><span data-contrast=\"auto\">Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as\u00a0the one included in\u202f<\/span><a href=\"https:\/\/www.mcafee.com\/en-us\/antivirus\/mcafee-total-protection.html\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-contrast=\"none\">McAfee\u202fTotal Protection<\/span><\/a><span data-contrast=\"auto\">. This\u00a0software\u00a0allows users to take a proactive approach to protecting\u00a0their identities with personal and financial monitoring, as well as\u00a0recovery tools.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">Minimize Security Risks <\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">If you are one of the 4.4 million Peloton members or use other IoT\u00a0fitness\u00a0devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data,\u00a0<\/span><a href=\"https:\/\/www.mcafee.com\/blogs\/consumer\/take-it-personally-ten-tips-for-protecting-your-personally-identifiable-information-pii\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span data-contrast=\"none\">incorporate cybersecurity best practices<\/span><\/a><span data-contrast=\"auto\">\u00a0into your everyday life so you can confidently\u00a0enjoy\u00a0your IoT devices.<\/span><\/p>\n<h2><strong>Collaboration with Peloton<\/strong><\/h2>\n<p>As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, <a href=\"https:\/\/www.onepeloton.com\/press\/articles\/peloton-security-community\" target=\"_blank\" rel=\"noopener noreferrer\">Peloton&#8217;s Head of Global Information Security<\/a>, shared that &#8220;this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.&#8221;<\/p>\n<p>Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton\u00a0<a href=\"https:\/\/support.onepeloton.com\/hc\/en-us\/articles\/4402287359380-How-Do-I-Verify-That-I-Have-The-Latest-System-Updates-\" target=\"_blank\" rel=\"noopener noreferrer\">support site<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[Disclaimer: The McAfee ATR team disclosed this vulnerability\u00a0to Peloton and promptly started working together to\u00a0responsibly\u00a0develop and issue a patch within&#8230;<\/p>\n","protected":false},"author":674,"featured_media":126236,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[10661,1838],"tags":[9958,9964,180,9979,9961],"coauthors":[3973],"class_list":["post-122800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-security","category-mobile-security","tag-connected-fitness","tag-iot-fitness","tag-malware","tag-peloton","tag-peloton-bike"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Is Your Peloton Spinning Up Malware? | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Is Your Peloton Spinning Up Malware? | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-16T04:01:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-31T14:01:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Is Your Peloton Spinning Up Malware?\",\"datePublished\":\"2021-06-16T04:01:05+00:00\",\"dateModified\":\"2024-01-31T14:01:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\"},\"wordCount\":1330,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg\",\"keywords\":[\"Connected Fitness\",\"iot fitness\",\"malware\",\"Peloton\",\"Peloton Bike+\"],\"articleSection\":[\"Internet Security\",\"Mobile Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\",\"name\":\"Is Your Peloton Spinning Up Malware? | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg\",\"datePublished\":\"2021-06-16T04:01:05+00:00\",\"dateModified\":\"2024-01-31T14:01:51+00:00\",\"description\":\"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg\",\"width\":300,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Internet Security\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/internet-security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Is Your Peloton Spinning Up Malware?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Is Your Peloton Spinning Up Malware? | McAfee Blog","description":"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Is Your Peloton Spinning Up Malware? | McAfee Blog","og_description":"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code","og_url":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2021-06-16T04:01:05+00:00","article_modified_time":"2024-01-31T14:01:51+00:00","og_image":[{"width":300,"height":200,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg","type":"image\/jpeg"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Is Your Peloton Spinning Up Malware?","datePublished":"2021-06-16T04:01:05+00:00","dateModified":"2024-01-31T14:01:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/"},"wordCount":1330,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg","keywords":["Connected Fitness","iot fitness","malware","Peloton","Peloton Bike+"],"articleSection":["Internet Security","Mobile Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/","url":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/","name":"Is Your Peloton Spinning Up Malware? | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg","datePublished":"2021-06-16T04:01:05+00:00","dateModified":"2024-01-31T14:01:51+00:00","description":"Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert\u00a0a tiny USB key with a\u00a0boot image file\u00a0containing\u00a0malicious code","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/06\/300x200_Peloton.jpg","width":300,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/mobile-security\/is-your-peloton-spinning-up-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Internet Security","item":"https:\/\/www.mcafee.com\/blogs\/internet-security\/"},{"@type":"ListItem","position":3,"name":"Is Your Peloton Spinning Up Malware?"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/122800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=122800"}],"version-history":[{"count":1,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/122800\/revisions"}],"predecessor-version":[{"id":181692,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/122800\/revisions\/181692"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/126236"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=122800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=122800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=122800"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=122800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}