No, your Peloton exercise bike isn't likely to get hacked

What you need to know about the recent stories regarding Peloton's security

Peloton bike
(Image credit: Peloton)

If you've seen stories surrounding hackers and Peloton bikes over the last week, we're here to hopefully stop your head from spinning.

A new report released by McAfee flagged a "flaw" the cybersecurity company's team had uncovered in Peloton's software that left users potentially to attacks. The report found that it was theoretically possible for hackers to use the bike's screen to watch and listen to riders via its camera and microphone, and install bogus apps onto the machine which might then prompt users to enter their personal details.

The report stated: "As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched."

However, it's important to note that the report was specifically referring to the Pelton+ bike, the brand's advanced $2,495 machine that is more typically found in gyms and hotels - and not the standard Pelton bike (which has a spot on our list of the best exercise bikes).

What's more, in order to cause any mischief, the report indicated that potential hackers would need direct access to the machine.

Happily, the flaw was addressed in conjunction with Peloton before the information was publicly released, with the report clarifying: "The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021."

Peloton has an impressive following of dedicated fitness fans who love the spin-class-at-home feel. There are 14 spinning classes streamed live every day, plus an archive of past ones you can revisit, conducted by Peloton trainers. While you can view all the action via an impressive high-def 22-inch touchscreen. 

High-profile fans of the bike include President Joe Biden, who has rather unique experience of security issues and Peloton: in January he was told that he couldn't take his bike with him to the White House. Despite using the bike every day, he was told that the bike's group exercise class functionality would have to be modified or removed before he took it into his new home, as the screens, microphone and camera were too easily hackable. 

Meanwhile, McAfee used this week's report as an opportunity to issue a warning to all tech-savvy fitness fanatics. A spokesperson said: "Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you."

Don't have a Peloton? Read our guide for the best fitness apps for alternative home workout options.

Sarah Finley

Sarah is a freelance journalist who writes about fitness and wellbeing for the BBC, Woman&Home and Tech Radar. During lockdown she found her love of running outside again and now attempts to run around 50 miles a month. When it comes to other fitness, she loves a sweaty cardio session – although since she’s been working out from home she’s sure her downstairs neighbors aren’t too happy about it. She also loves to challenge herself - and has signed up to do hiking holidays, intense bootcamps and last year she went on her dream activity holiday: paddle boarding around deserted islands in Croatia. On her rest days, she loves to recover with a simple yoga flow session – the perfect antidote to her active fitness schedule.