JD Howard just wanted to watch cloud security tutorials. Howard, a construction worker on sabbatical, spent $4,000 on a NordicTrack X32i treadmill, lured by its 32-inch HD display and ability to exercise the mind and body. His plan was to spend his time outside of work playing sports while watching tech videos from learning platforms like Pluralsight and Udemy. But his treadmill had other ideas.
Despite having a huge screen attached to it, NordicTrack’s hardware forces people to subscribe to workout software operated by iFit, its parent company, and won’t let you watch videos from other apps or third-party sources. The contents of iFit include training classes and running routes, which automatically change the incline of the treadmill depending on the terrain on the screen. But Howard, and many other NordicTrack owners, were not drawn to the hardware by iFit’s videos. They were drawn to how easy the fitness machines were to hack.
To get into his X32i, Howard only had to tap the touchscreen 10 times, wait seven seconds, and then tap 10 more times. Doing so unlocked the machine, giving Howard access to the underlying Android operating system. This privilege mode, a kind of God mode, gave Howard complete control over the treadmill: he could sideload apps and, using a built-in browser, access anything and everything online. “It wasn’t complicated,” Howard says. After entering privilege mode, he installed a third-party browser that allowed him to save passwords and launch his beloved cloud security videos.
While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access them. The whole reason Howard bought the X32i, he says, was because he had access to God mode. But the good times didn’t last long.
Since October, NordicTrack has automatically updated all of its fitness equipment — its bikes, ellipticals and rowing machines all have large screens — to block access to privilege mode. The move has infuriated customers who are now fighting back and finding solutions that allow them to bypass the update and see what they want while they train.
“I got exactly what I paid for,” Howard says, adding that he already owned a “crappy” screenless treadmill before purchasing the Internet-connected model and is also a subscriber to the iFit software. “Now They’re Trying To Take Away” [features] which are of vital importance to me. I tend to disagree.”
Another NordicTrack owner, who won’t be named, says the treadmill is one of the most expensive purchases he’s ever made, and he was “outraged” when the update stopped him and his partner from Netflix, YouTube and UK. Premier League football highlights while they were training. “You actually pushed an update to stop me from doing this, which is really bizarre,” he says. “It’s so frustrating because this beautiful screen is there.”
They are not alone with their complaints. In recent weeks, multiple threads and posts have surfaced online complaining about NordicTrack and iFit’s decision to lock down privilege mode. Customers complain that they have spent thousands of dollars on their machines and that they should be able to do whatever they want with them. Many argue that if they can watch their favorite shows, they are more likely to exercise. Some say they appreciated the ability to cast iFit’s workout videos on a larger screen; others say they want to use their treadmill for Zoom conversations. Many complain that unlike previous software updates, they were forced to block privilege mode.
“The privilege mode lock was installed automatically because we believe it improves security and safety when using fitness equipment with multiple moving parts,” said a spokesperson for NordicTrack and iFit. The company has never marketed its products as access to other apps, the spokesperson added. “Because there is no way of knowing what kind of changes or errors a consumer might make to the software, there is no way of knowing what specific problems accessing privilege mode might cause,” the spokesperson said. “In order to maintain security, safety and machine functionality, we have therefore restricted access to privilege mode.” The spokesperson also emphasizes that the privilege mode was “never designed as a consumer-oriented functionality”. Rather, it was designed to allow the company’s customer service team to remotely access the products to “troubleshoot, update, reset, or repair issues with our software.”