Peloton vulnerable to cyber attacks, McAfee research finds
Peloton, the popular exercise bikes, were found to be vulnerable to cyber attacks in the latest research from McAfee.
Peloton is a brand of electric bikes that combines high end exercise equipment with cutting-edge technology. Its products use wi fi to connect to a large tablet that interfaces with the components of the exercise device, and provides an easy way for physical activity enthusiasts to attend virtual workout classes over the internet several times a week.
Peloton has garnered attention recently around the privacy and security of its products. So McAfee decided to take a look for themselves and purchased a Peloton Bike+.
Researchers looked at the Android devices and uncovered a vulnerability that could allow an attacker with either physical access to the Bike+ or access during any point in the supply chain to gain to hack into the bike’s tablet, including the camera, microphone and personal data.
For the person using it there would be no indication the Bike+ has been tampered with, potentially putting Peloton’s 16.7 million users at risk.
The flaw was found in the Android Verified Boot (AVB) process. McAfee researchers were able to bypass the Android Verified Boot process, which normally verifies all code and data before booting. They were then able to get the device to boot bypassing this step.
This could potentially lead to the Android OS being compromised by an attacker who is physically present. Even worse, the attacker could boot up the Peloton with a modified credential to gain privileges, granting them access to the bike remotely.
As the attacker never has to unlock the device to boot it up, there would be no trace of their access on the device. This type of attack could also happen at any point from construction to warehouse to delivery, by installing a backdoor into the Android tablet without the user ever knowing.
Given the simplicity and criticality of the flaw, McAfee informed Peloton while auditing was ongoing. The vendor was sent full details, and shortly after, Peloton confirmed the issue and released a fix for it.
Further conversations between McAfee and Peloton confirmed that this vulnerability had also been present on the Peloton Tread exercise equipment.
Peloton’s Head of Global Information Security Adrian Stone, commented on the research: “This vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important.
"To keep our members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”
C. Light aim to detect Alzheimer's with AI and eye movements
C. Light Technologies, a neurotechnology and AI company based in Boston, has received funding for a pilot study that will assess changes in eye motion during the earliest stage of Alzheimer's, known as mild cognitive impairment.
C. Light Technologies has partnered with the UCSF Memory and Aging Center for this research. As new therapeutics for Alzheimer’s are introduced to the clinic, this UCSF technology has the potential to provide clinicians a better method to measure disease progression, and ultimately therapeutic efficacy, using C. Light’s novel retinal motion technology.
Eye motion has been used for decades to triage brain health, which is why doctors asks you to “follow my finger” when they want to assess whether you have concussion. In more than 30 years of research, studies have revealed that Alzheimer’s disease patients' eye movements are affected by the disease, though to date, these eye movements have only been measured on a larger scale.
C. Light’s research takes the eye movement tests to a microscopic level for earlier assessments. Clinicians can study and measure eye motion on a scale as small as 1/100th the size of a human hair, which can help them monitor a patient’s disease and treat it more effectively.
The tests are also easy to administer. Patients put their chin in a chinrest and focus on a target for 10 seconds. The test does not require eye dilation, and patients are permitted to blink. A very low-level laser light is shown through the pupil and reflects off the patient’s retina, while a sensitive camera records the cellular-level motion in a high-resolution video. This eye motion is then fed into C. Light’s advanced analytical platform.
“C. Light is creating an entirely new data stream about the status of brain health via the eye,” explains Dr. Christy K. Sheehy, co-founder of C. Light. “Our growing databases and accompanying AI can change the way we monitor and treat neurological disease for future generations. Ultimately, we’re working to increase the longevity and quality of life for our loved ones."
At the moment developing therapeutic treatments for the central nervous system is difficult, with success rates of only 8% to go from conception to market. One reason for this is the lack of tools to measure the progression of diseases that impact the nervous system.
Additionally clinical trials can take a decade to come to fruition because the methods used to assess drug efficacy are inefficient. C. Light believe they can change this.
“Before this year, it had been almost 20 years since an Alzheimer’s drug was brought to market" explains Sheehy. "Part of the reason for this very slow progress is that drug developers haven’t had viable biomarkers that they can use to effectively stratify patients and track disease on a fine scale. The ADDF’s investment will allow us to do that."
C. Light has received the investment from the Alzheimer’s Drug Discovery Foundation (ADDF) through its Diagnostics Accelerator, a collaborative research initiative supported by Bill Gates, the Dolby family, and Jeff Bezos among other donors.
C. Light recently completed its second and final seed round raising $500,000, including the ADDF investment, which brings their total seed funding to more than $3 million. Second round seed funders included: ADDF, the Wisconsin River Business Angels, Abraham Investments, LLC and others.
The ADDF’s Diagnostics Accelerator has made previous investments in more than two dozen world-class research programmes to explore blood, ocular, and genetic biomarkers, as well as technology-based biomarkers to identify the early, subtle changes that happen in people with Alzheimer’s.