Tag Archive for: God

Locked out of ‘God Mode’, runners hack treadmills – Bestgamingpro

/in


Just wanted to watch cloud security tutorials, right? Construction worker on sabbatical Howard spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind.

NordicTrack’s hardware, despite its enormous screen, encourages customers to subscribe to iFit, the company’s parent firm’s exercise software. You can’t watch videos from other applications or external sources on this device. iFit has content including workout routines and jogging routes that alter the treadmill’s incline based on the terrain shown on the screen.

To access his X32i, Howard only needed to tap the touchscreen 10 times, wait seven seconds, and then repeat the process 10 more times. This allowed Howard to gain entry to the Android operating system beneath it.

NordicTrack does not promote privilege mode as a client benefit, but it is nevertheless well-known. Several unauthorized manuals instruct people how to get inside their equipment, and even iFit’s support pages explain how to use it. Howard explains that he bought the X32i mainly because he could access God mode.

Since mid-October, NordicTrack has been automatically upgrading all of its exercise equipment—including bikes, ellipticals, and rowing machines—to prevent users from entering privilege mode.

“I got exactly what I paid for,” says Howard, who already owned a “poor” treadmill with no screen before buying the Internet-connected version and is also a member of iFit. “Now they’re trying to take away [features] that are really important to me.

Customers aren’t the only ones who are complaining. In recent weeks, a slew of threads and postings have surfaced online expressing dissatisfaction with NordicTrack and iFit’s decision to restrict privilege mode.

“The block on privilege mode was automatically enabled because we believe it enhances security and safety while using fitness equipment with numerous moving parts,” according to a spokesperson for NordicTrack and iFit. The company has never marketed its products as being able to use other apps, the spokesperson adds.

Source…

Locked out of “God mode,” runners are hacking their treadmills

/in


NordicTrack owners aren’t giving up the fight just yet.
Enlarge / NordicTrack owners aren’t giving up the fight just yet.

Sam Whitney | Getty Images

JD Howard just wanted to watch cloud security tutorials. Howard, a construction industry worker on sabbatical, spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind. His plan was to spend his time away from work exercising while watching technical videos from learning platforms such as Pluralsight and Udemy. But his treadmill had other ideas.

Despite having a huge display strapped to it, NordicTrack’s hardware pushes people to subscribe to exercise software operated by iFit, its parent company, and doesn’t let you watch videos from other apps or external sources. iFit’s content includes exercise classes and running routes, which automatically change the incline of the treadmill depending on the terrain on the screen. But Howard, and many other NordicTrack owners, weren’t drawn to the hardware by iFit’s videos. They were drawn in by how easy the fitness machines were to hack.

To get into his X32i, all Howard needed to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 more times. Doing so unlocked the machine—letting Howard into the underlying Android operating system. This privilege mode, a sort of God mode, gave Howard complete control over the treadmill: he could sideload apps and, using a built-in browser, access anything and everything online. “It wasn’t complicated,” Howard says. After accessing privilege mode he installed a third-party browser that allowed him to save passwords and fire up his beloved cloud security videos.

While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access it. The whole reason Howard bought the X32i, he says, was because he could access God mode. But the good times didn’t last long.

Since October, NordicTrack has been automatically updating all of its…

Source…

Locked Out of ‘God Mode,’ Runners Are Hacking Their Treadmills

/in


JD Howard just wanted to watch cloud security tutorials. Howard, a construction industry worker on sabbatical, spent $4,000 on a NordicTrack X32i treadmill, lured in by its 32-inch HD screen and the opportunity to exercise body and mind. His plan was to spend his time away from work exercising while watching technical videos from learning platforms such as Pluralsight and Udemy. But his treadmill had other ideas.

Despite having a huge display strapped to it, NordicTrack’s hardware pushes people to subscribe to exercise software operated by iFit, its parent company, and doesn’t let you watch videos from other apps or external sources. iFit’s content includes exercise classes and running routes, which automatically change the incline of the treadmill depending on the terrain on the screen. But Howard, and many other NordicTrack owners, weren’t drawn to the hardware by iFit’s videos. They were drawn in by how easy the fitness machines were to hack.

To get into his X32i, all Howard needed to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 more times. Doing so unlocked the machine—letting Howard into the underlying Android operating system. This privilege mode, a sort of God mode, gave Howard complete control over the treadmill: He could sideload apps and, using a built-in browser, access anything and everything online. “It wasn’t complicated,” Howard says. After accessing privilege mode he installed a third-party browser that allowed him to save passwords and fire up his beloved cloud security videos.

While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access it. The whole reason Howard bought the X32i, he says, was because he could access God mode. But the good times didn’t last long.

Since October, NordicTrack has been automatically updating all of its exercise equipment—its bikes, ellipticals, and rowing machines all have big screens attached—to block access to privilege mode. The move has infuriated customers who are now fighting back and finding workarounds that…

Source…

God bless his hairy palms • Graham Cluley

/in



FatFace stumps up $2 million to its ransomware extortionists, an IT administrator is caught with his pants down, Mobikwik blames its users for a data breach, and we burgle a house… virtually.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Thom Langford.




Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Guest:

Thom Langford – @thomlangford

Show notes:

Sponsor: 1Password

With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now at 1password.com

Follow the show:

Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.




Source…