Over the last week there’s been a surprising amount of concerned speculation that President Biden would be unable to take his apparently beloved Peloton Bike to the White House, citing security concerns. The reason is that the Peloton Bikes contain not only a network connection, but also a camera and a microphone. The camera and microphone are intended to be able to do a workout with a friend, akin to Facetime or such, though in reality very few people tend to use them. There’s also Bluetooth and WiFi.
Still – cameras and microphones, as well as both wired and wireless connections can indeed pose security concerns in any technology device, be it a bike or a phone. It’s why in most high-security environments, such devices are tightly controlled (if allowed at all). However, the amount of speculation that somehow this would stop the Biden’s from bringing their Peloton bike is silly.
Here, let me explain.
(Preemptive warning: Politically focused comments – on either side of the aisle – will be immediately deleted. There are plenty of other places in the world to drop those, I’m here for the tech – so let’s focus on that.)
Peloton Bike Tech:
Now the first thing to know about the Peloton Bike is that there are actually two main models of the Peloton Bike: The Bike, and the newer Bike+. They are similar in many ways, but also quite different. From an underlying bike frame standpoint (the big bulky metal part), they’re actually identical. However, the differences are in the screen, as well as on the Bike+ there is an electronic resistance unit. But that doesn’t matter in this conversation.
The basic design of both bikes is that the screen up top is the everything from a smarts standpoint. It’s essentially a giant Android phone, using a large touchscreen instead. The unit runs Android (different versions depending on the bike), but the average consumer would never really notice that. However, that Android platform does make it far more appealing (and easy) for attackers (or hobbyists) to tweak with.
Both bikes have cameras in them at the top of the screen, however, the Peloton Bike+ also has a camera cover. This small piece of plastic allows you to cover the camera.
Both bikes have mics in them, also at the top of the screen. In the case of the original Bike it’s actually visible just above the camera on the bezel of the screen. Whereas the Bike+ appears to have it behind the speaker fabric.
Both Peloton Bikes have dedicated headphone jacks as well.
When it comes to connectivity, both bikes have WiFi connectivity, though only the original Bike has wired ethernet built-in. Instead, the Bike+ would require someone purchase a USB-C to Ethernet dongle in order for wired connectivity. There’s also Bluetooth audio devices (and heart rate sensor pairing). If looking at the device holistically from a security standpoint, it’s likely they would aim to physically disable the Bluetooth connectivity as well, as that could be paired to nearby Bluetooth audio devices otherwise.
Neither the camera nor microphone are required for day to day usage, however network connectivity is. Without network connectivity you can’t load the classes to take (or take live ones), nor can you see any of your training data over time. You can however use the bike without connectivity in a base mode without classes (basically just as a simple spin bike).
Now while all of these things are considered security risks, they’re hardly without precedent in the White House. In fact ultimately, the Peloton bike as noted earlier is just a giant Android phone. But various US government agencies literally have divisions that are focused on taking apart devices and making them more hardened. But one has to first decide what type of ‘space’ they’re going into. For example, while there are many portions of the White House that are considered a sensitive compartmented information facility (SCIF) where classified information can be discussed – there are plenty of portions that are not. It’s in these portions that most day to day work happens, and where staffers carry both government-issued and personal devices (the exact policies on this have varied from administration to administration, and even within an administration).
Sure, one should always be careful with any device and discussing both official and classified information. But iPhone, Android phones, smart watches and such are the norm these days. And for classified information that’d be discussed in a classified ‘facility’ (the term facility here is more of a construct than a specific building – in some locations the facility can be the entire building, and in others just a single tiny room).
Still, governments around the world have a long history of securing devices, both in unclass (unclassified) and high side (classified) areas. For high-security situations, they’ll dismantle them, understand how they work, remove risky components, and put them back together again. This is hardly news. One only needs to look at the current PDB (Presidential Daily Brief) being delivered on an iPad to see that, as a public example.
While it’s rumored that former First Lady Michelle Obama has, or had, a Peloton Bike delivered without a camera/mic, that would do little to assuage security divisions about putting any connected device within the White House residence. If the location of the device warranted, those same divisions would still take apart the device and do their normal security work. The removal of a camera/mic by Peloton would merely save government teams time in making the device work properly after disabling those components (as it would usually fail various internal checks).
No matter which flavor of bike shows up, White House staffers within EOP would then work to follow standard security guidelines (so-called STIG’s) published by NIST for Android devices, then in conjunction with other intelligence agencies they’d complete a more detailed assessment of the risks of that specific Peloton model to decide where it might be placed, and what hardening steps may or may not be taken. Given how many government officials (such as embassy staff and past executive officials) have Peloton bikes, this has undoubtedly been done many times before and well documented.
Finally, while my Peloton Bike is currently sitting in our bedroom – a place where, in a White House setting, classified information would undoubtedly be discussed as any president mulls through tough decisions, there’s zero need for the bike to sit there in the White House. After all, the White House is a vast building including a gym, bowling alley, and theater. A Peloton Bike could easily be placed in the White House gym or another secured room that is only used for working out. You can see some images of the long lineup of fitness machines in some White House gym photos here.
Thus ultimately, the task of securing electronic/connected devices to work in the White House is something that is a well-understood path that’s been done countless times before on far more technically challenging devices. And more importantly, it’s something done on a continual basis for far more mundane devices. Sticking a connected bike in a storage room somewhere is pretty low on the complexity factor for those divisions.
Thus, I’ve got no doubts that both the President and First Lady will continue using their bike, whichever model it is, for some time to come.
With that – thanks for reading!
(And again – preemptive warning: Politically focused comments – on either side of the aisle – will be immediately deleted. There are plenty of other places in the world to drop those, I’m here for the tech – so let’s focus on that.)