404 Media

2025-08-27 20:22:43

Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software

An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it.

Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company’s servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.

In the immediate aftermath of this decision, right to repair advocate and popular YouTuber Louis Rossmann announced a $20,000 bounty through his new organization, the Fulu Foundation, to anyone who was able to jailbreak and unlock Echelon equipment: “I’m tired of this shit,” Rossmann said in a video announcing the bounty. “Fulu Foundation is going to offer a bounty of $20,000 to the first person who repairs this issue. And I call this a repair because I believe that the firmware update that they pushed out breaks your bike.”
youtube.com/embed/2zayHD4kfcA?…
App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use.

“It’s like picking a lock, and it’s a lock that I own in my own house. I bought this bike, it was unlocked when I bought it, why can’t I distribute this to people who don’t have the technical expertise I do?” Witherspoon told 404 Media. “It would be one thing if they sold the bike with this limitation up front, but that’s not the case. They reached into my house and forced this update on me without users knowing. It’s just really unfortunate.”

Kevin O’Reilly, who works with Rossmann on the Fulu Foundation and is a longtime right to repair advocate, told 404 Media that the foundation has paid out Witherspoon’s bounty.

“A lot of people chose Echelon’s ecosystem because they didn’t want to be locked into using Echelon’s app. There was this third-party ecosystem. That was their draw to the bike in the first place,” O’Reilly said. “But now, if the manufacturer can come in and push a firmware update that requires you to pay for subscription features that you used to have on a device you bought in the first place, well, you don’t really own it.”

“I think this is part of the broader trend of enshittification, right?,” O’Reilly added. “Consumers are feeling this across the board, whether it’s devices we bought or apps we use—it’s clear that what we thought we were getting is not continuing to be provided to us.”

Witherspoon says that, basically, Echelon added an authentication layer to its products, where the piece of exercise equipment checks to make sure that it is online and connected to Echelon’s servers before it begins to send information from the equipment to an app over Bluetooth. “There’s this precondition where the bike offers an authentication challenge before it will stream those values. It is like a true digital lock,” he said. “Once you give the bike the key, it works like it used to. I had to insert this [authentication layer] into the code of my app, and now it works.”

Witherspoon has now essentially restored functionality that he used to have to his own bike, which he said he bought in the first place because of its ability to work offline and its ability to connect to third-party apps. But others will only be able to do it if they design similar software, or if they never update the bike’s firmware. Witherspoon said that he made the old version of his SyncSpin app free and has plastered it with a warning urging people to not open the official Echelon app, because it will update the firmware on their equipment and will break functionality. Roberto Viola, the developer of a popular third-party exercise app called QZ, wrote extensively about how Echelon has broken his popular app: “Without warning, Echelon pushed a firmware update. It didn’t just upgrade features—it locked down the entire device. From now on, bikes, treadmills, and rowers must connect to Echelon’s servers just to boot,” he wrote. “No internet? No workout. Even basic offline usage is impossible. If Echelon ever shuts down its servers (it happens!), your expensive bike becomes just metal. If you care about device freedom, offline workouts, or open compatibility: Avoid all firmware updates. Disable automatic updates. Stay alert.”

Witherspoon told me that he is willing to talk to other developers about how he did this, but that he is not willing to release the jailbreak on his own: “I don’t feel like going down a legal rabbit hole, so for now it’s just about spreading awareness that this is possible, and that there’s another example of egregious behavior from a company like this […] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to.”

Echelon did not immediately respond to a request for comment.

How I Built QZ—and How Echelon Is Now Breaking It - Roberto Viola

By Roberto Viola, creator of QZ On September 10, 2020, I began building QZ (qdomyos-zwift), an app born from a simple idea: open up closed fitness hardware and make it work with the platforms people actually love—Zwift, Peloton, Kinomap, and more.

^{cagnulein (Roberto Viola)}