Locked into ‘God Mode,’ Runners Hacked Their Treadmills
Just JD Howard want to look at cloud security tutorials. Howard, a sabbatical construction industry worker, spent $ 4,000 on a NordicTrack X32i treadmill, captivated by its 32-inch HD screen and the opportunity to exercise body and mind. His plan is to spend his time away from work exercising while watching technical videos from learning platforms like Pluralsight and Udemy. But his treadmill has other ideas.
Despite having a large display attached to it, NordicTrack’s hardware pushes people to subscribe to exercise software powered by iFit, its parent company, and you’re not allowed to watch of videos from other apps or external sources. The iFit content includes exercise classes and running routes, which automatically change the inclination of the treadmill depending on the terrain on the screen. But Howard, and several other NordicTrack owners, were not attracted to the hardware by the iFit videos. They were fascinated by how easy it was to hack fitness machines.
To get into his X32i, all Howard had to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 times. Doing so unlocks the machine — Howard’s permission on the underlying Android operating system. This privilege mode, a kind of God mode, gives Howard complete control of the treadmill: He can sideload apps and, using the built-in browser, access anything and everything online. . “It wasn’t complicated,” Howard said. After accessing privilege mode he installs a third-party browser that allows him to save passwords and shoot his beloved cloud security videos.
While NordicTrack does not announce privilege mode as a customer feature, its existence is not exactly a secret. Many unofficial guides tell people how to get into their machines, and even the iFit support pages explain how to access it. The whole reason Howard bought the X32i, he said, was because he could access God mode. But the good times didn’t last long.
Since October, NordicTrack has automatically updated all exercise equipment — bicycles, ellipticals, and rowing machines that all have large screens included — to block access to privilege mode. The move has angered customers who are now struggling and looking for workarounds that allow them to skip the update and see whatever they want while they work.
“I got what I paid for,” Howard said, adding that he had a “crappy” treadmill with no screen before he bought the internet -connected model and was also a subscriber to the software at iFit. “Now they’re trying to get [features] which is very important to me. I’m not OK with that. ”
Another NordicTrack owner, who asked not to be named, said the treadmill was one of the best purchases he had ever made and he was “upset” when the update prevented him and his partner from watching. watch Netflix, YouTube, and English Premier League football highlights. while they work. “You really pushed for an update to prevent me from doing this, which is really weird,” he said. “It’s very disappointing because this beautiful screen is here.”
They are not alone in their complaints. In recent weeks more threads and posts mourned The decision of NordicTrack and iFit to lock privilege mode appears online. Customers complain that they have spent thousands of dollars on their machines and should be able to do what they want with them, many arguing that watching their favorite movies means they are more likely to spend they have time to work. Some say they appreciate the ability to cast iFit workout videos on a larger screen; others say they like to use their treadmills for Zoom calls. Many complained that, unlike previous software updates, someone blocking privilege mode forced them.
“The privilege mode block is automatically installed because we believe it improves safety and security while using fitness equipment with multiple moving features,” said a spokesperson for NordicTrack and iFit. The company has not yet marketed its products to access other apps, in addition to the spokesperson. “As there is no way to know what kind of changes or errors a software consumer might introduce, there is no way to know what specific issues might be cause access to privilege mode, “said the spokesperson. “Therefore, in order to maintain security, safety, and machine operation, we restrict access to privilege mode.” The spokesperson also stressed that privilege mode “was never designed as a consumer-facing device.” However, it is designed to allow the company’s customer service team to remotely access products to “troubleshoot, update, reset, or repair our software.”