NordicTrack Patches Out 'God Mode' In Treadmills That Allowed Users To Watch Anything On Its Display
from the mine-mine-mine! dept
If you are a console gamer of a certain age, you will remember the bullshit Sony pulled when it patched its PS3 systems to remove useful features it had used as selling points for the console to begin with. Essentially, the PS3 had a feature that allowed you to install another operating system on it. This was used by hobbyists, companies, and the US Military alike to creatively use PS3s for purposes other than that for which they were built, such as research supercomputers and creating homebrew PS3 games. Sony later decided that those features could also be used for piracy or other nefarious actions and so patched it out. Sell the console with a feature, remove it later after the purchase... and then get sued in a class action, as it turned out.
The story of NordicTrack's treadmill isn't exactly like that, but it's pretty damned close. The company's treadmill has a large display mounted on it. That display was designed to be used with a subscription to iFit, which is the parent company of NordicTrack. There are all sorts of useful features when you view subscribed content on the display while exercising, such as difficulty and incline changes that follow along with the subscribed workout content. But the console also has a way to bypass the user-facing portion of the console and get into the underlying OS, which means users like JD Howard could then setup their own internet browser, through which they could put any web content on the display while they worked out.
To get into his X32i, all Howard needed to do was tap the touchscreen 10 times, wait seven seconds, then tap 10 more times. Doing so unlocked the machine—letting Howard into the underlying Android operating system. This privilege mode, a sort of God mode, gave Howard complete control over the treadmill: he could sideload apps and, using a built-in browser, access anything and everything online. “It wasn't complicated,” Howard says. After accessing privilege mode he installed a third-party browser that allowed him to save passwords and fire up his beloved cloud security videos.
While NordicTrack doesn’t advertise privilege mode as a customer feature, its existence isn’t exactly a secret. Multiple unofficial guides tell people how to get into their machines, and even iFit’s support pages explain how to access it. The whole reason Howard bought the X32i, he says, was because he could access God mode. But the good times didn’t last long.
No they didn't, because NordicTrack subsequently removed the God mode feature through a software update. And not just on the treadmill, but also on its other associated exercise equipment. And a not insignificant number of customers are absolutely pissed about it. The comments coming in largely are combinations of anger and confusion, with many owners wondering why in the world they suddenly can't watch sports or Netflix while they workout. The other theme appears to be confusion as to how the company can even do this because, "Hey, don't we own this thing we bought?"
The answer, of course, is no.
“The block on privilege mode was automatically installed because we believe it enhances security and safety while using fitness equipment that has multiple moving parts,” says a spokesperson for NordicTrack and iFit. The company has never marketed its products as being able to access other apps, the spokesperson adds. “As there is no way of knowing what kind of changes or errors a consumer could introduce into the software, there is no way of knowing what specific issues accessing privilege mode might cause,” the spokesperson says. “Therefore, to maintain security, safety, and machine functionality, we have restricted access to privilege mode.” The spokesperson also emphasizes that privilege mode was “never designed as a consumer-facing functionality.” Rather, it was designed to allow the company’s customer service team to remotely access the products to “troubleshoot, update, reset, or repair our software.”
The move puts the company at the center of the right-to-repair debate, with consumers increasingly demanding that companies let them alter the products they purchase.
Kinda, yeah. And it's important to note that "owners" like Howard already had regular old treadmills and bought their NordicTrack treadmill because of the ability to put what they wants on the display. Again, sell the thing with a useful feature, then remove the useful feature afterwards via a software update. As I said, it's not exactly like the PS3 case, but it's pretty damned close.
The only real question now is whether iFit and NordicTrack too will have to pay out millions in attorney's fees and barely anything to the actual consumer in some massive class action like Sony did.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: god mode, hacking, nordic track, ownership, software updates
Companies: ifit, nordic track
Reader Comments
Subscribe: RSS
View by: Time | Thread
Seems like
It seems to me that they could create a pay-for-play mode with access...
[ link to this | view in thread ]
"“Therefore, to maintain security, safety, and machine functionality, we have restricted access to privilege mode.”"
Or... hear me out...
when they activate god mode now they will see a screen warning them they are about to void the warranty.
Then we can stop pretending this was every about security and safety and more so about forcing them to only watch the content we want them to pay us to watch.
[ link to this | view in thread ]
With it not being an advertised feature, I'm not sure it's a real analog to the PS3 situation. I can also see 2 sides here really. On the one hand, you have a company patching out a useful feature that people use that just "happens" to restrict them to only using paid content from that company, which is not a good thing.
On the other hand, if you need to get root access to the OS in order to watch other things, I can definitely understand why the company would wish to patch out the ability for people to potentially make the device dangerous through untested software changes, even if most people are realistically going to just be watching Netflix.
"Again, sell the thing with a useful feature, then remove the useful feature afterwards via a software update"
Was it something that was advertised as a selling point? If it wasn't, as the rest of the article suggests, then it's not bait and switch and there won't be any lawsuit rewards to pay.
[ link to this | view in thread ]
Missed opportunity
If they're afraid of safety they could, of course, let the next update provide that in a safe way.
Personally I think that if an exercise machine has a large display and an internet connection, it is insanity to not provide access to Netflix, youtube etc. It wouldn't even occur to me to NOT do that. Every gym has TVs all over the place so people have some distraction. Do you think people working out at home would like to watch the wall while working out? And don't tell me people enjoy working out.
[ link to this | view in thread ]
Privilege mode? A sort of God mode? In the tech field, privilege has a specific meaning and "sort of God mode" has no meaning. The original author could've just called it Turtle mode, which would make a lot more sense if it gives you access to a shell.
[ link to this | view in thread ]
God mode?
NordicTrack to customers: "You think you have God mode? Watch this." [Pulls plug on God mode] "Ha, ha. My God mode is bigger than your God mode!"
I try my best to avoid products that have "right to own / repair" issues, but it is very difficult, and, in some cases, impossible, so sometimes I do without.
Unfortunately we do not have a consumeratti with enough principles and backbone to say "You can take your non-own-able, non-repairable, Internet server-dependent, paid subscription-dependent device and shove it up your arse!"
[ link to this | view in thread ]
I could suggest the next step be jailbreaking the thing. But then why not just return the junker,, buy something cheaper that works the same except with no Big Brother on it, then mount your own tablet on it to watch your shows.
[ link to this | view in thread ]
Re:
Ah, but the trick is, did they honestly believe that, or were they just seeing a revenue stream leaking away through a security hole?
[ link to this | view in thread ]
Re: Re:
Either way's possible. They could have been avoiding lawsuits from injuries, or they could have been protecting a revenue stream. But, if the "god mode" feature wasn't advertised as something the product was intended to do, it doesn't really matter. It seems that people have already found ways around the updates, while I'm sure that the company can now get any lawsuit dismissed where the injured party had deliberately bypassed safety features.
[ link to this | view in thread ]
Re:
But then you lose bragging rights.
[ link to this | view in thread ]
Re:
Heck, sounds like it would've been cheaper for at least some of these people to just buy a tablet and some kind of mount to attach to their existing units in the first place...
[ link to this | view in thread ]
Aside from everything else that's wrong with this, when manufacturers do shit like this (or, say, HP disabling third-party ink cartridges) they're conditioning users to mistrust security updates, and the long-term consequences of that are potentially devastating.
[ link to this | view in thread ]
Re:
I really don't think "let a company refuse to honor the warranty on a piece of exercise equipment because someone installed Netflix on it" is the acceptable compromise you think it is.
[ link to this | view in thread ]
When iFit stops crashing on my NordicTrack Treadmill (and dumping me into Android), I'll let you know. It's been doing in with regularity since 2017.
[ link to this | view in thread ]
Re: Re:
I think it is. I think "We won't repair it" is a far better position for these companies to take than "You can't repair it". If Nintendo had right-to-repair at the era of the NES and Game Boy, the chiptune scene would be nonexistent and my life would be different.
[ link to this | view in thread ]
Re: Missed opportunity
My local gym has ways to plug in iDevices (if not Android tablets as there's too much variance there). At the very least NordicTrack could've done something similar.
[ link to this | view in thread ]
Re: Re: Re:
That is nevertheless illegal in the USA. They can refuse to repair damage caused by the owner, but cannot refuse based on modifications that didn't cause any damage. If you brick the Android installation, you may be on your own; but if the motor dies, the company can't weasel out because you installed your own media player.
[ link to this | view in thread ]
Same but different
I bought a NordicTrack crosscountry ski machine. It arrived with a couple of special bolts missing. I tried to get them, sent pictures, all kinds of documentation. They sent brackets and other stuff, never got what I really needed. I told them I wanted to return it for a refund. They said sure, pretty quickly and no hassle, gave me the refund and said just keep it. They didn't have an agent nearby to come and get it/wasn't worth it to them to pay for shipping to have it returned. I still have it. Got some hardware on my own to make it work.
So now I have a $700 piece of equipment for free. And I just have to make myself use it more regularly.
[ link to this | view in thread ]
Re: Re:
Refusing warranty because someone changed the stock OS has been a long standing tradition, since at least the first person who needed support from a big box retailer and had edited a .bat file to run Doom was asked to reinstall Windows 3.11 to diagnose the issue.
I'm not saying that's right, but it's hardly a surprise for a company that needs to protect themselves from complaints about physical liability.
[ link to this | view in thread ]
Re: Re: Missed opportunity
They offered a big screen in return for streaming their content. People decided to bypass that content in order to get the big screen without the subscription. Realistically, none of this is a surprise.
[ link to this | view in thread ]
I'm surprised that TFA didn't mention why Nordic Track said "safety" numerous times. (Though they got close with "moving parts".) I'm seeing this machine as an IoT device, which of course is defined as an external access point with less-than-zero security - it effectively challenges scumbags to come in an fsck up your workout routine. (Come to think of it, isn't that what just happened - a malicious intruder just entered the system under a false flag and boogered it up?) And that's just for starters - what about the rest of your network?
I've had a couple of treadmills in the past, the second with the same abilities of the current NT (but probably without the God Mode, I don't know). I can just imagine being dumped into the console, with no small amount of force, by some script-kiddie telling the machine to shut off just when I'd reached my favored running speed.
That's just the kind of thing that lawyers look for, and successfully sue over: "The manufacturer should have anticipated this possibility, and taken steps to prevent it". Still, Nordic Track could've just given that example, and been done with it. People would still be very upset, but they'd have no chance in Hell of succeeding in court. After all, users are looking to them to take responsibility, and that's just what they are doing - protecting the user from him/her self. Courts tend to accept this line of reasoning, as galling as it may be to the user.
Bait and switch? The plaintiff would like this to be the central focal point, but they'll fail for the above reasons - it's about the manufacturer being responsible for preventing a potential tort, end of story. Sony's PS3 debacle wasn't about possible physical harm, that truly was about revenue streams, and thus was correctly decided as a bait and switch.
And using a separate tablet, that's just what I did... with a cable up to the 32" monitor mounted on the wall. (Largest thing available at the time.) Lot cheaper than a new treadmill, and one less thing I have to learn how to protect from just from this kind of malarky.
[ link to this | view in thread ]
Re:
...or possibly liberating, if people learn to avoid all vendor-provided firmware and expect the vendors to provide something that can run a stock OS image (you know, one prepared by someone who knows something about software and can provide updates with more than a 1- or 2-year attention span).
[ link to this | view in thread ]
Re:
It had nothing to do with that. Sony removed a feature that Sony had advertised to the people who bought their product.
[ link to this | view in thread ]
Re: Re: Re:
Are you pro-getting shot in the leg because it's better than getting shot in the face?
[ link to this | view in thread ]
Re: Re: Re:
You could accurately say "this isn't surprising" at the bottom of at least 75% of Techdirt articles, including this one.
"It's not surprising" is not a defense of bad behavior.
[ link to this | view in thread ]
Re:
And how does this update fix any of the issues you mentioned? It's still an IoT device. The OS is still the same. It still has full access to the internet and the "script kiddies" who reside there.
"God mode" (and I don't know why we're calling it that) exists on all operating systems, including the one on your treadmill. The only people who could get in before the update and can't get in now, are people who have physical access to the device's touchscreen.
[ link to this | view in thread ]
Re: Re:
The update that removed "God mode" fixes the main issue of potential/probable liability for physical harm to the customer, that's all. It may be enough to ward off a loss in the current court case, in fact I'm betting that it will, but I'm also well aware that the opera ain't over until the fat lady sings. I can only hope that the case will be either settled outside of court, or resolved by the court(s), soon. And that's only because I'm curious, you understand. :)
The other things you mention are likely still intact and vulnerable. I can only guess that when an attacker success fully bricks a treadmill, or worse, then another court case will ensue. Not every treadmill user is smart enough to block its network access at the router, sad to say.
Oh, and please enlighten us as to where to find God Mode in MS-DOS, or IBM's PC-DOS, or DR-DOS, any versions of such. I gotta admit, I do love me some command line exploits!
[ link to this | view in thread ]
Re: Re: Re: Missed opportunity
There are legal ways to do this. put in the contract "We offer you this screen at a reduced / free price as part of this unit and you agree not to do xyz modifications to said screen in exchange for this price.
This is not the case, they just offered a machine with a big screen running some android back end.
Now they are trying to insert this into the agreement after the fact. So yes, ownership rights really do come into play here just like all the stuff Printer makers have been caught doing.
[ link to this | view in thread ]
incompetence is often a better explanation than ill will
I bought an ifit treadmill. The physical machine is moderately cool, better than the ones at my gym (where I didn't go for some years, pandemic.) The software and systems and the organization are awful. Long workouts are tough, since the s/w crashes regularly. I now have an intervals workout on the machine -- I did manual intervals and go back to the calendar to re-use that old workout. It has built in music, but after a couple of weeks I put an Alexa next to it, much much better. Tech support -- completely incompetent. Service and support -- two year delays to get a bolt back in, but there is a thriving if very expensive third party entrepreneurial repair sector. There must be more ...
... Any of you techdirt readers have money as well as the brilliance we all love here, buy ifit, bring it up to the organizational competence level of, say, Sprint just before it was bought, and you will make a ton of $$.
[ link to this | view in thread ]
Re:
The user is clearly escalating their privileges. "God Mode" has been used for ages for taking some sort of extra control, whether it involves a privilege escalation in an OS or not.
Not everyone is going to use words as defined by your version of "the tech field", whatever the hell that is. We could discuss your common (ab)usage of the word [fragment] "tech", for that matter. As if anyting IT-adjacent were the only kind of technology ever.
Buzz-wordy and not overly precise? Maybe. Big deal? Doubt it.
[ link to this | view in thread ]
Re: Re: Re:
There is no privilege separation in those realtime OSes, so...
[ link to this | view in thread ]
Re: CRIMINAL RECORD OFF MY ASS
dafuq, lol
[ link to this | view in thread ]
Re: Re: Re:
None of the DOS ecosystems have ever restricted "god mode" as far as I'm aware, so you can just hit the power button on your device to enter it.
[ link to this | view in thread ]
Re: Re: Re: Re:
Nice try, both of you. Good for the yucks, but not much more.
[ link to this | view in thread ]
this is bollocks
Buy a monitor, mount it near your treadmill, watch what you like.
Buy a treadmill with a built in monitor, watch what the treadmill wants.
I can't make toast in my washing machine either, should I sue the manufacturer for that?
[ link to this | view in thread ]
Re: Re: Re: Re:
I don't think that anyone's defending the action, it's just that patching a feature that was never intended to be used by the end user in this manner, and which was not advertised as a selling point, is very low on the scale of bad behaviour.
[ link to this | view in thread ]
Re: Re: Re: Re: Missed opportunity
"There are legal ways to do this"
There are. However, there's nothing not legal about doing what they're already doing. They sold a product with X functionality, some people thought they'd buy one because they got extra unadvertised Y features with a "hack", and now are complaining because the "hack" was patched.
"This is not the case, they just offered a machine with a big screen running some android back end."
They offered a locked product that happened to have an easy to reach unlock feature that wasn't advertised. You can argue whether or not they should be offering an unlocked product, but the advertised product was locked, so it's nowhere near the same issue as the PS3 issue (where the advertise features were removed).
I won't sit here and defend everything they've done here, but there's a lot of false equivalence floating around.
[ link to this | view in thread ]
Re: Re: Re: Re:
It's just that the modifications for the Game Boys include backlights, "professional"-sounding audio outputs, and clock speed adjusters. I don't think Nintendo would pay to repair those! That being said, I know lots of other people who are knowledgeable about the Game Boy's anatomy such that they could repair them if I wanted them to do so, so I don't see the voided warranty as a big deal.
[ link to this | view in thread ]
Re: Re: Re: Re:
Terrible analogy. If NordicTrack refuses to honor the warranty for a hacked system, at the very least there will probably be DIY forums and other places on the internet that would show you how to fix the NordicTrack if things go south.
If NordicTrack acts like Apple or John Deere and sues independent repair shops, however, it means that repairs would get a lot more expensive.
[ link to this | view in thread ]
They could.
Taking away a feature, then adding it back for a price. Makes business sense to me. It'd be like prohibiting people from jumping on a bed, then allowing people to reobtain that privilege by paying extra.
[ link to this | view in thread ]
FYI
Yes, I am the person that is being quoted...
To anyone "trying" to see iFit's perspective. I commend you for that, but you should know that there is more to the story. For one, it is a fairly massively coincidence that all of this started at the exact same time they announced their future IPO... This privileged mode has existed for many years. They never gave a crap about all the stuff until someone C-Level shit head decided to increase their personal returns when it goes public.
Also, I am not opposed to them selling an unlocked mode that doesn't void the warranty. I think its an absolute dick move, but one I could at least live with so I can use the equipment the way I want.
I have a lot going on, but I am passively working on a permanent fix for this problem. They would be wise to get that "paid unlocked mode" rolled out before I shut down the possibility for them.
[ link to this | view in thread ]
Nordictrack updated our Treadmill, and it's now bricked. It's a $1k paperweight.
[ link to this | view in thread ]