Jun 23, 2020

Startup Spotlight: Headspace’s digital health platform

mental health
meditation
wellness
Startup
William Smith
2 min
Santa Monica, California-based Headspace offers a mindfulness and mental health-oriented app
Santa Monica, California-based Headspace offers a mindfulness and mental health-oriented app...

Santa Monica, California-based Headspace offers a mindfulness and mental health-oriented app.

The company emphasises its scientific approach to validation the benefits of mindfulness and meditation, having conducted over 70 clinical research studies with organisations such as Carnegie Mellon, University of California San Francisco and Stanford University.

Headspace offers consumers content tailored to different needs such as stress, anxiety, sleep and focus. The company has also launched initiatives targeted at business instead, such as Headspace Health, which it says is aimed at integrating mindfulness into healthcare.

Since its foundation in 2010, the company has raised $215.9mn across nine funding rounds. Earlier this year, the company’s Series C saw the company raise $53mn from lead investor blisce/, alongside Waverly Capital, Times Bridge, The Chernin Group, Spectrum Equity, Counterpart Advisors and Advancit Capital. Alongside that equity was a further $40mn in debt capital from Pacific Western Bank.

In a press release, the company’s CEO and co-founder Richard Pierson said: “Headspace has shown millions of people the power of using mindfulness to mitigate stress, anxiety, and other everyday issues, while continuing to advance the field through clinically-validated research.

“As we think about the next ten years and beyond, we are focused on harnessing this power and applying it to other areas of our members’ lives to help them create healthy routines that last a lifetime – whether that is through our Headspace consumer app, the work we currently do with hundreds of employers, or with healthcare providers as we look to deliver better access. We are excited to work with leading global investors who share our vision to improve the health and happiness of the world.”

Recognising the toll the ongoing COVID-19 pandemic is taking on the mental health of many, the company is offering a free year of its Headspace Plus subscription to the unemployed.
 

Share article

Jun 17, 2021

Peloton vulnerable to cyber attacks, McAfee research finds

cyberattack
fitness
Cybersecurity
verification
2 min
​​​​​​​Software security experts McAfee discovered exercise bikes by Peloton are vulnerable to cyber attacks, which the company have since resolved 

Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee. 

Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.

Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.

The problem

Researchers looked at the Android devices and uncovered a vulnerability  that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data. 

For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.  

The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step. 

This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely. 

As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing. 

The solution

Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details,  and shortly after, Peloton confirmed the issue and released a fix for it. 

Further conversations between McAfee and  Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment. 

Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.

"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Share article