President Joe Biden reportedly wishes to bring his Peloton bike to his White House office. Experts warn this may end up in serious security scrutiny.
If you haven’t heard the buzz about it yet, Peloton is an Internet-connected stationary bicycle that allows you to attend live classes online, work out together with your friends, and participate in the Peloton community.
Tim Mackey, a principal security strategist at Synopsys CyRC, a cybersecurity research center, says we should assume all IoT devices have hardware that allows them to access information beyond their function and therefore should be inspected and undergo a firmware analysis.
“This can help to determine whether it has any unpatched security issues, but also to determine if it has any embedded phone home mechanisms or interacts with third-party APIs in an undisclosed manner,” Mackey said.
Sadly, this will not be enough. Any computer or computerized device, no matter how secure, in theory, can be hacked. Similarly, there is no such thing as a safe application, any app is a target. It is especially true about all IoT devices that are increasingly all around us.
Peloton stationary bikes come equipped with internet-connected cameras and microphones.
Max Kilger, director of the data analytics program and associate professor at the University of Texas at San Antonio, believes spies could use the President’s bike’s microphone and camera to eavesdrop on confidential discussions. “Because you’re connected to the Internet, even though there are firewalls and intrusion detection software… those things can be gotten around if you’re really good and skilled,” Max Kilger told Popular Mechanics.
The risk only increases if the user of the IoT device is a high-profile figure since there is a higher chance they might be a target. Any good hacker can remotely turn on microphones and cameras and eavesdrop on conversations. The Russian and Chinese did just that on Trump’s phones.
NSA might be able to help secure President Biden’s Peloton: NSA often customizes devices by removing features. President Barack Obama complained his BlackBerry device was “no fun” because it had so few features. Biden’s Peloton may have a similar fate, but then it would just be an extravagantly expensive stationary bike.
But this is a wider problem than even the security of the Presidential Office.
Members of Congress, governors, and mayors, police officers, judges, directors of government organizations, nuclear power plant operators, and echelons of officials – all are targets. All of these people already have smartphones, tablets, and computers and many have Internet-connected cars and appliances. All of them present a potential security risk and are potential national security targets. And the NSA will not customize any of these Internet-connected devices.
We need better IoT cybersecurity standards for devices of all kinds and regulations like the Guidance for federal agencies, recently published by NIST. And we need transparency laws that ensure all of us, from the president to a regular citizen, can get sufficient information about devices so that we can make our own security decisions.