A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking.
Peloton Bike+ Bug Gives Hackers Complete Control
-
An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.
https://threatpost.com/peloton-bike-bug-hackers-control/166960/
-
@cerberus wow. Not even a simple validation of a checksum at boot ? Come on Peloton. This is a pretty poor oversight and security 101.