In the process, they found that the Bike+ software wasn’t verifying whether the device’s bootloader was unlocked, enabling them to upload a custom image that wasn’t meant for Peloton hardware.

After downloading an official Peloton update package, the researchers were then able to modify Peloton’s actual boot image and gain root access to the bike’s software.

The original Peloton bikes are also popular fixtures at gyms and fitness centers in hotels and apartment buildings—an area that the company is keen to expand in.

Another thing to keep in mind is Peloton prohibits users from downloading other apps, such as Netflix or Spotify, onto its bikes and treadmills.

Update, 06/16/2021, 8:40 am: Clarified that only original Peloton bikes are currently found in commercial settings.