The Issues With Peloton
With hardware and software issues, this modern and sleek home workout kit isn’t as smooth-running as the company had hoped.
Peloton Tread and Tread+, seemingly overpriced and obnoxiously large and heavy treadmills that gives you live classes (if you’re on east-coast time), pre-recorded classes and a leader board, has caused waves of controversy over the past few months. With many incidents from the multiple security flaws to the death of a child, Peloton is having to make recalls and produce updates almost religiously to ensure they basically aren’t sued. With hardware and software issues, this modern and sleek home workout kit isn’t as smooth-running as the company had hoped. The Tread was debuted in January 2018, after their original stationary bike was such a hit for so long. Let’s take a look at the short but fragile history of how things went so wrong.
Many people heard about the physical incidents that happened with the treadmill, but prior to this there was a flaw in the security system that researchers found to allow activity and personal profile details to be seen. Although this kind of data leak would be seen as quite minor in comparison to everything else that has gone wrong, the repercussions of this could have been unsurmountable, especially considering a lot of users would fill out their information properly, to get details about who’s in the leader board etc. Some of the accessible details that could be found were users’ gender, weight, city, workout stats including times and duration of workouts, and user’s birthdays. The security researchers were able to access this data on profiles that were set as public or as private, meaning the information was out there no matter what.
Luckily, none of this had lead to any consequences, although it did take a lot to get the attention of Peloton on this matter, around 90 days for them to respond, with the researchers trying multiple times to get them to respond in any kind of way, and eventually having to involve a media outlet, which finally caught their attention to solve the security issues.
The thing that caused a lot of backlash for the company was the 70 plus incidents that people had injured themselves on the Tread+, a larger, heavier and more gym-like treadmill, at least 29 of these incidents happening to children. Also seen on news and media outlets, was a fatal incident where a child of 6 passed away after being dragged under the treadmill whilst it was going. A more surprising and confusing issue with this is the company refused to accept and refuted warnings from the CPSC (U.S. Consumer Product Safety Commission) for a while, but eventually recalled 125,000 of the treadmills that were linked to the death and injuries that occurred. They issued full refunds for the $4,200 Tread+ and stopped selling them until they could work out such flaws. Along with this, Peloton’s stock had fallen a massive 14.6%, not much behind their first largest decline in a day when they started trading in 2019.
After the injuries, death and security flaws, they obviously had to think of another way to keep money coming in and treadmills going out, instead of just accepting they probably should just stop now. So the bright people at Peloton decided the best move would be to restrict use of the equipment altogether, unless a $39.99 per month fee is paid. A customer Brianna Wu on Twitter posted a screenshot of an email, claiming a new feature called “Tread Lock” will be enabled to “prevent unauthorised access” unless the fee is paid monthly. Hmm, that is one way to prevent users from getting injured! "Unfortunately, Tread Lock is not yet available without a Peloton Membership," explained the Peloton official in a statement to the website Mashable, “which means Tread+ owners without a subscription cannot access Just Run at this time." The “Just Run” setting allowed owners to user the equipment without a subscription and is now unavailable without the fee being paid. So they either have to spend the amount it would cost on a gym membership to use the bulky machinery, or allow it to collect dust and take up space.
If these weren’t enough, just one more thing to top it all off. All three of their hardware products; Tread, Tread+ and their stationary bike, Peloton Bike+, also have a lovely little security flaw, leaving them as a potential open source for hackers to gain access to users’ data, control of the camera and other operations that could completely breach someone’s privacy and leave them vulnerable. This was found by an independent investigation published by the security software company McAfee. Although the breach would need physical access, and plug in a device into the USB port and access the OS, it still means that it could only take seconds for someone to do this, and could prove dangerous for anyone at a gym or even more so in their own homes.
“When your operating system on your computer boots up, it should be checking that that’s the operating system that it expects,” Steve Povolny, head of advanced threat research at McAfee said in an interview. “In this case, the Android operating system here used by Peloton on their Bike+ is really just failing that expected check.”
Without the check, the security research team were able to load their own OS and take over complete control of the Bike+ from a remote setting. McAfee reported these concerns to Peloton through their Coordinated Vulnerability Disclosure program in march, which allows them to alert the vendor to the issues and offers 90 days for them to respond and attempt to resolve the issues at hand before they disclose it publicly. Peloton did push out a mandatory update to all affected machines in June after working with the McAfee team for three months, locking user’s out of their machines until the update was complete.
So, with all that is said and done, I believe Peloton and other companies may have learned a lot from this rollercoaster of experiences, if there is an issue fix it, and all hardware and software need full security checks!
Keep up-to-date with the latest tech industry insights, trends as well as information technologies, app development, and small business content with the Proteams Blog
Follow us on LinkedIn for updates on the latest tech news here