At-home physical fitness gear and other connected health devices position growing privacy and security threats, states Ondrej Krehel, CEO and founder of cybersecurity and digital forensics firm LIFARS.
For example, if linked fitness equipment is utilized during workout in military or police facilities, fitness information about the performance of the group and other information might potentially be accessible to adversaries, he states.
” Many of these locations are trying to limit or keep away from IoT gadgets” due to the fact that of the possible threats they posture, he notes.
The New York Times in January reported that prior to his inauguration, the possibility of President Joe Biden using his Peloton bike in the White House was raising security concerns because Peloton tablets have integrated cams and microphones that allow users to hear and see one another if they choose (see: Newly Patched Peloton API Flaws Exposed Users Private Data).
On the other hand, the advanced danger research study group at security vendor McAfee just recently released a report about an Android Verified Boot vulnerability determined in Pelotons Bike+ that could enable an assaulter with either physical access to the stationary bicycle or access during any point in the supply chain to acquire remote access to the bikes tablet, consisting of the cam, microphone and individual information, without any indicator that the device had actually been subjected to tampering. Peloton states it has actually fixed the security flaw.
” These devices must be treated with absolutely no trust,” Krehel says in an interview with Information Security Media Group. “Whatever is collected, caught, kept – you need to consider at any point could be openly disclosed and the gadget compromised.”
In this interview (see audio link listed below image), Krehel likewise discusses:
Krehel is the digital forensic lead, CEO and creator of LIFARS, a worldwide cybersecurity and digital forensics firm, and the captain at Cyber Team Six, an elite occurrence reaction group. Hes the previous CISO of Identity Theft 911, an identity theft healing and information breach management service.
This content was originally published here.