IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

President Biden’s Peloton raises cyber security concerns

Spies could use its camera and microphone to eavesdrop on confidential conversations

Peloton bike's wheels with a person's feet on the pedals

President Biden's fitness regime may be derailed by cyber security concerns, as reports indicate his Peloton bike could be a risk.

According to a Popular Mechanics report, Max Kilger, director of the data analytics program and associate professor in practice at the University of Texas at San Antonio, said spies could use the bike’s microphone and camera to eavesdrop on confidential discussions.

"Because you're connected to the internet, even though there are firewalls and intrusion detection software ... those things can be gotten around if you’re really good and skilled,” he said. "If you really want that Peloton to be secure, you yank out the camera, you yank out the microphone, and you yank out the networking equipment ... and you basically have a boring bike.”

Garrett Graff, director of the cyber security initiative at the Aspen Institute, told the New York Times: “The threat is real, but it is presumably a manageable risk given enough thought and preparation.”

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Tim Mackey, principal security strategist at the Synopsys CyRC (Cybersecurity Research Centre), told IT Pro we should assume all IoT devices have hardware that allows them to access information beyond their function. 

“That might be a microphone that the designers added in anticipation of a future feature, logging of Bluetooth targets for possible pairing, or interactions with third-party services,” he said.

According to Mackey, while this isn’t an overarching threat for most home users, IoT devices deployed in sensitive areas, like the White House or Congressional residences, should be inspected for any latent hardware and undergo a firmware analysis. 

“This can help to determine whether it has any unpatched security issues, but also to determine if it has any embedded phone home mechanisms or interacts with third-party APIs in an undisclosed manner," Mackey said.

"Since many IoT devices have some form of over the air (OTA) update mechanism for their firmware, understanding the conditions under which that update occurs, what data is sent with a request, and what the updated firmware’s security risks might be are all part of operating any network containing IoT devices.

"Such risks only increase when there are high-profile users of the IoT device where the user might be a target for a well-funded attacker."

Featured Resources

ZTNA vs on-premises VPN

How ZTNA wins the network security game

Free Download

The global use of collaboration solutions in hybrid working environments

How companies manage security risks

Free Download

How to build a cyber-resilient business ready to innovate and thrive

Outperform your peers in your successful business outcomes

Free Download

Accelerating your IT transformation

How Cloudflare is innovating for CIOs to start 2023

Watch now

Recommended

Three innovative technologies to address UPS challenges at the edge
Whitepaper

Three innovative technologies to address UPS challenges at the edge

7 Feb 2023
IRS mistakenly publishes 112,000 taxpayer records for the second time
data breaches

IRS mistakenly publishes 112,000 taxpayer records for the second time

19 Dec 2022
US begins seizure of 48 DDoS-for-hire services following global investigation
distributed denial of service (DDOS)

US begins seizure of 48 DDoS-for-hire services following global investigation

15 Dec 2022
US seizes millions in stolen COVID relief funds by China-backed hackers
Policy & legislation

US seizes millions in stolen COVID relief funds by China-backed hackers

6 Dec 2022

Most Popular

Tech pioneers call for six-month pause of "out-of-control" AI development
artificial intelligence (AI)

Tech pioneers call for six-month pause of "out-of-control" AI development

29 Mar 2023
Getting the best value from your remote support software
Advertisement Feature

Getting the best value from your remote support software

13 Mar 2023
3CX CEO confirms supply chain malware attack
malware

3CX CEO confirms supply chain malware attack

30 Mar 2023