May 17, 2020

Johnson & Johnson agrees to release clinical trial data

2 min
Johnson & Johnson agrees to release clinical trial data.jpg
Written by Alyssa Clark Following suit with a number of other major U.S. drug manufactures like GlaxoSmithKline and Medtronic, Johnson & Johnson h...

Written by Alyssa Clark


Following suit with a number of other major U.S. drug manufactures like GlaxoSmithKline and Medtronic, Johnson & Johnson has finally agreed to allowing its clinical trial research data to go public— such a big step for such a private organization. Feeling the pressure to conform and roll over with the other big names within the pharma industry, apparently J & J felt it was time to spread the truth and let researchers evaluate their clinical trial data. No longer will the FDA be the sole party allowed to tap into the behind the scenes work of pharma giants, but the public will have access to the raw data produced by these billion dollar powerhouses.

With Johnson & Johnson hard at work at up-and-coming drugs for both blood thinners and prostate cancer, it seems interesting that the organization would choose now to jump on board with this trend, but no better time than the present, right?

The company is currently undergoing trials on its highly-anticipated blood thinner Xarelto and its prostate cancer pill Zytiga, as well as further research and development being invested in its artificial hips and knees orthopedics division as well. Harlan Krumholz of Yale University has reported on J&Js openness, seeing that he is assigned to oversee the process of releasing the data to researchers, “You want to know about Listerene trials? They’ll have it.”

“We really wanted a broad approach to contributing to advancing medical science through all of our products that touch patients in different ways,” says Joanne Waldstreicher, MD, Chief Medical Officer, Johnson & Johnson. “Responsible sharing of clinical trial data advances science and medicine and is part of Johnson & Johnson’s commitment to the doctors, nurses, patients, mothers, and fathers and all others who use our products,” said Paul Stoffels, MD, J&J’s chief scientific officer, in a prepared statement.

Although there is expected to be a bit of a learning process for those at Johnson & Johnson, as well as for those who are responsible for collecting and sharing the data, the change is highly-anticipated and welcomed. The process will entail: The Yale School of Medicine’s Open Data Access Project to review requests from physicians and J&J products. This will start with products from the drug division, and will expand to include devices and consumer products as well. If and when the YODA approves the request from the physicians, anonymized data will be provided to the requesting party and it will allow researchers to re-analyze or re-conduct studies in accordance with the new data. 

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article