The McAfee Advanced Threat Research team (ATR) uncovered a flaw (CVE-2021-33887) in the Android Verified Boot (AVB) process that left the Peloton vulnerable.
Peloton products, according to McAfee are equipped with a large tablet that interfaces with the components of the fitness machine, as well as provides a way to attend virtual workout classes over the internet. “Under the hood” of this glossy exterior, however, is a standard Android tablet. Recently, Peloton garnered attention regarding concerns surrounding the privacy and security of its products.