Peloton fitness freaks are not content with following the defined workout regimen, and they are inclined to watch Netflix, sports, or trending news while they workout.
This discontent has led some fitness trainees to hack the exercise software iFit used in their fitness bikes and treadmills from Peloton and NordicTrack.
iFit includes preinstalled workout classes and running routes and doesn’t allow the trainee to watch videos from other apps or external sources. Even Peloton’s terms of service prohibit the installation of other apps.
However, the fitness machine owners are bypassing the iFit software to install a third-party browser and sideload external apps like Netflix and YouTube. All they need is a simple trick.
Tap the touchscreen 10 times, wait for 7 seconds, then tap 10 more times. Boom!! The NordicTrack machine lets you into the underlying Android Operating System. This so-called “Privilege Mode” or “God Mode” gives the trainee complete control over the fitness machine.
Also Read: GoDaddy Suffers Security Breach: 1.2 Million WordPress Users’ Data Exposed!
After accessing privilege mode, the trainees could sideload external apps and use a built-in browser to access anything and everything online.
According to NordicTrack, the privilege mode is not a customer feature. However, the simple trick to access privilege mode isn’t exactly a secret. iFit’s support pages and multiple unofficial guides explain how to unlock it. The privilege mode is designed to allow the customer service team to remotely access and troubleshoot a machine when it is malfunctioning.
“The privilege mode was never designed as a consumer-facing functionality. Rather, it was designed to allow the company’s customer service team to remotely access the products to troubleshoot, update, reset, or repair our software,” said a spokesperson for NordicTrack and iFit.
In light of the breaches, Peloton and NordicTrack have started automatically updating their smart fitness equipment to block access to privilege mode.
Also Read: Microsoft Exchange Hack: Attackers Send Spams as Replies to Existing Email Chains!
“The block on privilege mode was automatically installed because we believe it enhances security and safety while using fitness equipment that has multiple moving parts,” the spokesperson added.
“As there is no way of knowing what kind of changes or errors a consumer could introduce into the software, there is no way of knowing what specific issues accessing privilege mode might cause. Therefore, to maintain security, safety, and machine functionality, we have restricted access to privilege mode,” reiterated the spokesperson.
“The company has never marketed its products as being able to access other apps, the spokesperson adds.”
This incident has put the company in the crosshairs of the right-to-repair debate. Since recent years, consumers are increasingly demanding companies to allow them to repair their own devices or pay for an independent outfit to do so.
Though NordicTrack boasts its support for right-to-repair laws, it believes that restricting access to its OS is critical for safety as its equipment has moving parts.
“Someone unlocking a treadmill in a commercial gym could potentially expose people to settings they are unfamiliar with. If we ascertain that a product owner has found a workaround to access privilege mode, the product warranty may be void,” said the spokesperson.
These incidents go on to underscore how important it is to build robust OS and protect them with security software which don’t collapse with the touch of a few buttons.
Also Read: Robinhood’s Hack Worsens: Threat Actor Pilfers 4,400 Phone Numbers!
This is where StealthLabs comes in. We not only tailor unique security solutions based on the client needs but we also identify gaping holes which are potential for embarrassment. Be it a budding enterprise or a Fortune 500 organization, we have the expertise enough to fortify the defense strategies against threats, be them major or minor.
More News:
- DeFi Firm Cream Finance Suffers Crypto Hack,
- Robinhood Suffers Yet Another Massive Breach
- 80% of Organizations Plan to Adopt Zero-Trust Security Strategy!
- 95% of Ransomware Attacks Target Windows Devices
- Microsoft Blames Russia for Most Cyberattacks
- Microsoft Suffers Yet Another Breach!
- REvil’s Faux Pas Thwarts Massive Ransomware Attack