The revelation comes just weeks before the devices are due to launch in Australia, and one month after the company was forced to recall 125,000 treadmills following the death of a six-year-old.

Researchers in McAfee’s Enterprise Advanced Threat Research team announced their discovery on Wednesday, revealing a flaw with the Peloton Bike+’s Android software may have allowed hackers to install their own applications and potentially take over the camera and microphone on the Peloton Bike+ without leaving evidence.

McAfee fellow and chief scientist Raj Samani said if compromised, the flaw would let hackers access these features remotely, and give them access to a user’s personal information.

“Once I’ve got access to it, I can potentially have complete control over that particular device,” he said.

“You can take control of the camera, watch someone running day in, day out, or when they go to their login details I could capture those. It is a fundamental vulnerability.”

Mr Samani said the Peloton products — liked by celebrities including Justin Bieber and US President Joe Biden — could only be hacked by those with physical access to the exercise bikes, although warned that could be done at any point “in the supply chain”.

McAfee warned Peloton about the vulnerability in March and the company recently issued a software update to patch the flaw.

The news comes just weeks before the company is due to launch its Bike and Bike+ in Australia, with both pieces of equipment due to go on sale on July 14 at a cost of $2895 and $3695 respectively.

The advanced stationary bikes arrive with large touchscreen computers that show workout classes, workout statistics, and let users virtually ride with others.

Peloton’s latest software problem follows another serious vulnerability revealed last month after a security researcher discovered its users’ personal information could be accessed through a bug in its communication with apps.

The researcher was able to access details of even private profiles, including birthdays, locations, gender, weight, and exercise statistics before the company acted on the tip-off.

Peloton also recalled its Tread+ treadmills and stopped selling the models in May after a child was pulled under the machine and died.

Despite the company’s recent issues, Mr Samani said Peloton was “responsive” to McAfee’s findings and worked quickly to patch the software problem for users.

“The object isn’t to scare people but the Peloton research was to shine a light on how we live our lives in the 21st century, which is our exercise bikes are in our homes, on our networks, with cameras,” he said.

“When I started in this industry the number of internet-enabled devices in your home was probably one. Now most people have got 10, 20, 30, 50, a huge number of these devices and is this something you need to be concerned about? Broadly, I think, absolutely.”

Mr Samani said anyone using smart home products should investigate what information they’re collecting and what they’re doing with that information, and ensuring the technology is using the latest software updates.

Peloton confirmed in a statement that engineers from McAfee alerted them to the problem “via our Co-ordinated Vulnerability Disclosure program” and, in a blog post to US customers, instructed users to download and install a software fix for the issue.

“If you own a Bike+ or a Tread, we recommend that you log into the tablet on your device,” the message read.

“If you’re not already on the latest software, you will be immediately required to update your software upon logging in. After updating, your device will be protected against the vulnerability that McAfee reported.”

More Coverage

Apple reveals huge software swag

Jennifer Dudley-Nicholson

Apple TV users face big upgrade question

Jennifer Dudley-Nicholson

Originally published as Peloton suffers major software problem before it launches exercise bikes in Australia