Skip to main content

What Joe Biden's Peloton Tells Us About Security in the Internet of Things

Article: Belam, Martin. “Joe Biden's Peloton Bike May Pose Cybersecurity Risk, Experts Warn.” The Guardian. Guardian News and Media, January 21, 2021. https://www.theguardian.com/us-news/2021/jan/21/joe-biden-peloton-fitness-bike-cybersecurity-risk/

This article gives an overview of the cyber security challenges posed by Joe Biden's Peloton bike (Jill Biden has one too but hers isn't mentioned).  For those that aren't aware, Pelotons are fancy exercise bikes that allow users to join virtual bike groups and communicate with "fellow" bikers over cameras and video systems.  As mentioned in the article, the camera and microphone in the Peloton bike represent security issues due to the chance of someone hacking the bikes and seeing or hearing something they weren't supposed to.  According to a computer security expert quoted in the article, the only way to make the bike totally secure would be removing the internet adapter, camera, and microphone.  Apparently, this is what they did for Michelle Obama's Peloton during the Obama administration.

Although this is kind of a frivolous article, it does provide a chance to discuss the Internet of Things.  The Internet of Things consists of objects other than phones and computers that are connected with to the internet.  It includes thermostats, light bulbs, and, as indicated in the article, Peloton bikes.  According to page 10 of the text book, Internet of Things devices increase the risk of cyber intrusion because they all have IP addresses and infiltrating one of the devices allows hackers to steal data (1).  

A 2016 report from VICE about the Philips Hue lightbulb demonstrates the potential dangers of having a smart device hacked.  As discussed in the article, computer science PhD students at two different universities decided to test to see whether the smart lightbulbs were vulnerable to hacking.  The pairing method used by the lightbulbs is supposed to only allow them to pair with other lightbulbs within 30 cm.  Unfortunately, the programmers of the software running the lightbulbs left in a bug and they were actually pairable as far as 400 meters away - which was the range of the wireless standard used in the lightbulbs.  Using this exploit, the PhD students were able to take control of lightbulbs in a home while driving by.  

They hypothesized that this exploit could be used to harass people living in homes with the lights or cause epileptic seizures.  Additionally, one of the PhD students was able to infiltrate private networks using the exploit.  They warned that it might be possible to automate the infiltration process using a worm and potentially take large quantities of lights at once (2).

The White House security professionals' concern about Biden's Peloton and the hacking of the Philips Hue lightbulbs demonstrate that although Internet of Things devices are popular with consumers, they can pose security issues due to inadequate security protocols.

(1) David Kim and Michael Solomon, Fundamentals of Information Systems Security (Burlington, MA: Jones & Bartlett Learning, 2018), 10.

(2) Lorenzo Franceschi-Bicchierai, “Afraid of the Dark? Too Bad, Your Smart Bulbs Can Be Hacked,” VICE (Vice Media Group, August 5, 2016), https://www.vice.com/en/article/d7yxxw/hackers-could-take-control-of-your-smart-light-bulbs-and-cause-a-blackout/.


Comments

Post a Comment

Popular posts from this blog

When Hacking is a Form of Statecraft

Article:   Johnson, Kevin. “'Criminal Syndicate with a Flag': North Korean Intel Operatives Charged in Hacking Campaign.” USA Today. Gannett Satellite Information Network, February 17, 2021. https://www.usatoday.com/story/news/politics/2021/02/17/us-charges-north-korean-intel-operatives-global-hacking-campaign/6781478002/. On February 17, 2021, the U.S. government charged three intelligence officials from the government of North Korea for participating in a global hacking campaign to steal $1.2 billion in crypto and regular currency.  According to the article, the investigation started after the 2014 Sony Pictures hack that led to the leaking of the movie The Interview but widened as investigators discovered what was described in the article as "a criminal syndicate with a flag representing the North Korean government."  The investigation also led to charges against a private citizen who was charged with organizing gangs of people using cloned ATM cards to steal mill...
Post a Comment
Read more

What else have we learned from the Solar Winds hack?

 Article:   “US imposes sanctions on Russia over cyber-attacks,” Yahoo! News . [Online]. Available: https://news.yahoo.com/us-poised-sanction-russia-cyber-041015589.html. [Accessed: 18-Apr-2021]. On April 18, 2021, the United States announced sanctions against Russia for its efforts to interfere in the 2020 election and for carrying out the Solar Winds hack.  In the announcement, the USA specifically blamed the Russian intelligence agency SVR for the hack. The sanctions target 32 Russian officials for trying to influence the 2020 election.  Additionally, 10 ambassadors were expelled and barred US financial institutions from doing business with Russian entities. This announcement harkens back to two previous entries of this blog on the Solar Winds Hack and Hacking as Statecraft .
Post a Comment
Read more

How Infrastructure Can Also be a Target for Cyber Terrorists

 Article: Evans, Jack. “Someone Tried to Poison Oldsmar's Water Supply during Hack, Sheriff Says.” Tampa Bay Times. Tampa Bay Times, February 10, 2021. https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/.  Businesses like Equifax aren’t the only entities vulnerable to hackers.  Water treatment plants can be too.  Case in point:  the hacking of the Oldsmar, FL water treatment plant.   On February 6, 2021, employees at the Oldsmar city water treatment plant noticed something strange:  the sodium hydroxide (lye) level had been changed in the computer managing the treatment plant into add 100 times more of the chemical to the water.  Lye is added to the water to control acidity but it is poisonous in higher levels.  Fortunately, the employees were able to change the lye level back to normal levels immediately before any damage was done.  Even if the employee hadn’t noticed...
Post a Comment
Read more