While topical because of all the high-profile people who use Pelotons, Jack Mannino, CEO at nVisium, said the AVB issue isn’t unique to Peloton. Mannino said many Android device OEMs suffer from similar flaws shipped in production devices.

“Android provides capabilities for Verified Boot, however, bootloader security settings still need to be configured properly by the manufacturer,” Mannino said.  “Otherwise, as was demonstrated, an attacker can gain complete control of the bootloader and device.”

Read entire article here