Is Joe Biden’s Peloton a cybersecurity risk? Don’t sweat about it

Graham Cluley
@gcluley

Joe Biden is now the President of the United States of America, and what are the papers talking about?

His internet-connected Peloton exercise bike.

The concern doesn’t appear to be that some Blofeld-type villain might remotely hijack the device and sign the septuagenrian up for a heart-exerting powerzone ride whilst blaring out hits from “The Greatest Showman.”

Instead, the primary worry appears to be that Peloton exercise bikes come with a built-in camera and microphone. No, I don’t understand why anyone sweating buckets and gasping for breath as they complete their spin class would want to (or even be able to) have a video chat with their fellow riders, but apparently it’s possible.

But it’s also a privacy threat that’s not impossible to fix. Just like you can cover the webcam of your laptop with a sticky note or some gaffa tape, you can do the same with the camera on your Peloton exercise bike.

Microphones are a little trickier to physically disable. Unlike your laptop, there’s no 3.5mm jack on a Peloton bike for an external device, meaning you can’t plug it with an adapter to trick the device into thinking there is an alternative microphone plugged in.

You could, I suppose, identify where the microphone is and “bandage” it up with tape and wadding to muffle any recordings it might potentially make – but that’s hardly ideal.

My guess is that President Biden may be able to get the same treatment that apparently was meted out for former first lady Michelle Obama.

According to a 2017 report in The Verge, she was given a specially-modified Peloton bike that had the video camera and microphone feature disabled, and presumably didn’t find it ruined her workouts in any way.

Peloton doesn’t appear to be comfortable commenting on whether it will give President Biden a specially-modified bike, but it’s hard to imagine that they would be resistant to helping him out – given the kudos and attention the brand gets through the endorsement of the USA’s commander in chief.

Sign up to our newsletter
Security news, advice, and tips.

But that doesn’t mean that Peloton is keeping entirely schtum about Biden’s love of their bike. The company couldn’t resist posting a tweet upon the arrival of a President who was keener on exercise than his predecessor.

Peloton, by the way, recognises that its products are unlikely to be bug-free, and encourages researchers to contact them directly and follow the principles of responsible disclosure if they find a vulnerability in its exercise devices.

Is President Biden’s Peloton the most important cybersecurity issue facing the United States today? No. It doesn’t really feel like something breaking into a sweat about.

Is it the most fun to talk about? Yes, and that’s why so many newspapers have written some many column inches about it in the last few days.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.