Joe Biden’s proverbial suitcase is filled to the brim as he prepares for his big move to the White House next week. But he likely won’t be able to lug along one item to 1600 Pennsylvania Avenue: his family’s Peloton bike.
Most at-home stationary bikes have an internet-connected camera onboard, so there’s a chance the president-elect’s Peloton will be subject to major security scrutiny, experts say.
“Because you’re connected to the internet, even though there are firewalls and intrusion detection software … those things can be gotten around if you’re really good and skilled,” Max Kilger, Ph.D., director of the Data Analytics Program and Associate Professor in Practice at the University of Texas at San Antonio, tells Popular Mechanics.
Kilger believes the Secret Service will have to take measures to protect Biden’s Peloton from outside threats. “If you really want that Peloton to be secure, you yank out the camera, you yank out the microphone, and you yank out the networking equipment … and you basically have a boring bike,” Kilger says. “You lose the shiny object and the attractiveness.”
There’s some precedent for Biden’s security detail stripping the bike of its risky features, or even tapping Peloton to build a custom model for the president-elect. In an April 2017 review in The Verge, Lauren Goode said “one person close to the company” told her Michelle Obama has a modified Peloton without a camera or microphone.
A Peloton spokesperson told Popular Mechanics it doesn’t comment on individuals, so the company declined an interview request.
But Peloton does realize its machines are prone to risks. On a security and compliance page on the company’s website, Peloton says “no matter how much effort we put into system security, there can still be vulnerabilities present.” The post goes on to ask security researchers to help disclose new threats, and outlines a process for doing so.
The microphone and camera on a Peloton bike are both technically controlled by Peloton software and the operating system on your connected device, says Kilger. Peloton has a custom operating system built on top of Android’s own system, he says, and the bike itself has networking equipment inside to allow it to access your home WiFi network or a hard-wired connection, like Ethernet.
That allows the bike to communicate with your Apple Watch or Fitbit, which are internet-of-things (IoT) devices that contain microphones. If a hacker found a way to infect Biden’s Peloton, then it’s theoretically possible they could hop from the bike to the watch and vice versa, Kilger explains. If either device is compromised in this scenario, a bad actor could access the network on which each device runs.
“Interestingly enough, there are a number of hacking communities for various IoT devices, including the Peloton,” Kilger says. “For example, they’ve hacked it to be able to show Netflix shows on the screen, which you really aren’t supposed to be able to do, but they’ve managed it. So someone could actually attack that Peloton bike, install malware, and reach out to other places in the White House.”
Even if Biden can’t get his hands on a custom Peloton bike, the Secret Service can take precautions to help the president-elect safely break a sweat. They could set up the bike in a special gym area and prohibit classified discussions from being held in that room, or the Bidens could use a hardwired connection for the Peloton that’s separate from the rest of the White House network, Kilger says.
But this isn’t just a presidential problem, he warns—you should also consider the cyber risks of your own exercise equipment. Just look at this recent Reddit post, where several users say they didn’t even realize their Peloton had a camera and microphone onboard:
Whether it’s a smart lightbulb or a Peloton, a cybercriminal can use an automated bot or another form of search software to identify your IoT devices that contain a vulnerability and hack into them. From there, the bad actors can install malware that looks at your whole network, making it easy to jump over to your laptop. They could install keylogger software and get your banking passwords next. Game over.
The risks are even higher with cameras, but fortunately, you have some workarounds, like purchasing a webcam cover and sticking it over your camera. While microphones are trickier, for most devices, you should be able to access your sensor permissions from the settings menu. Apple has even added a new feature in iOS 14 that shows an orange or green dot at the top of the screen when your camera or mic are engaged.
So will Biden get to spin in the Oval Office? Time will tell. As for outgoing President Donald Trump, when he moved into the White House, he brought a $50,000 room-sized golf simulator that was outfitted with sensors, cameras, and an internet connection. It’s safe to assume his team secured the device—just like you should.
Source: Read Full Article