Echelon fitness firmware lockout: Difference between revisions

Line 1:

{{IncidentCargo

|Company=Echelon Fitness

|StartDate=2025~~-07~~

|StartDate=July 2025

|Status=Active

|ProductLine=echelon ~~exercie~~ equipment

|ProductLine=echelon exercise equipment

|Product=~~exercise~~ equipment

|Product=Exercise equipment

|ArticleType=Product

|Type=Firmware lockout

|Description=Echelon pushed firmware updates blocking third-party apps, requiring server authentication & breaking QZ compatibility for users

}}A July 2025 firmware update pushed by Echelon Fitness retroactively blocked third-party fitness applications from connecting to their devices. The update affected users of QZ (qdomyos-zwift), an open-source bridging application that enables cross-platform compatibility with fitness platforms like ~~[[wikipedia:Zwift~~|Zwift]], ~~[[wikipedia:Peloton_Interactive~~|Peloton Digital]], & others.

}}

A July 2025 firmware update pushed by ''Echelon Fitness'' retroactively blocked third-party fitness applications from connecting to their devices. The update affected users of QZ (qdomyos-zwift), an open-source bridging application that enables cross-platform compatibility with fitness platforms like {{Wplink|Zwift}}, {{Wplink|Peloton Interactive|Peloton Digital}}, and others.

==Background==

===QZ and cross-platform compatibility===

QZ (qdomyos-zwift) was created in September 2020 by Italian software engineer {{Wplink|Roberto Viola}}.<ref name="viola-blog">{{Cite web |last=Viola |first=Roberto |title=How I Built QZ—and How Echelon Is Now Breaking It |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |website=Roberto Viola |date=22 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20251127140146/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |archive-date=27 Nov 2025}}</ref> The application functions as a {{Wplink|Bluetooth}} bridge that intercepts proprietary communications from closed fitness devices and translates them into standard protocols compatible with other mainstream fitness platforms.

~~===QZ & cross-platform compatibility===~~

For almost five years, QZ maintained compatibility with Echelon devices. Viola notes that the app "helped Echelon sell tens of thousands of bikes" by making them compatible with multiple training platforms. Viola also recommended the Echelon as the "best indoor bike on the market."<ref name="viola-blog" /> Before the incident, Echelon's official marketing materials explicitly promoted third-party compatibility. Their FAQ stated devices were designed to give users "the flexibility to use your favorite devices" and specifically mentions "third-party apps you can use as well."<ref name="echelon-faq">{{Cite web |author= |title=APP FAQs |url=https://echelonfit.com/pages/app-faqs |website=Echelon Fit |date= |access-date=23 July 2025 |url-status=live |archive-url=http://web.archive.org/web/20251018171434/https://echelonfit.com/pages/app-faqs |archive-date=18 Oct 2025}}</ref>

QZ (qdomyos-zwift) was created in September 2020 by Italian software engineer [[wikipedia:Roberto_Viola|Roberto Viola]].<ref>{{cite web |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |title=How I Built QZ—and How Echelon Is Now Breaking It |author=Roberto Viola |date=22 July 2025 |access-date=23 July 2025 |archive-url=http://web.archive.org/web/20251127140146/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |archive-date=27 Nov 2025}}</ref> The application functions as a Bluetooth bridge that intercepts proprietary communications from closed fitness devices & translates them into standard protocols compatible with other mainstream fitness platforms.

For almost five years, QZ maintained compatibility with Echelon devices. Viola notes that the app ''"helped Echelon sell tens of thousands of bikes"'' by making them compatible with multiple training platforms. Viola also recommended the Echelon as the ''"best indoor bike on the market."''<ref name="viola-blog">{{~~cite~~ web |url=https://~~robertoviola~~.~~cloud~~/~~2025~~/~~07/22/how-i-built-qz-and-how-echelon-is-now-breaking~~-~~it/~~ |~~title~~=~~How I Built QZ—and How~~ Echelon ~~Is Now Breaking It |author=Roberto Viola~~ |date=~~22 July 2025~~ |access-date=23 July 2025 |archive-url=http://web.archive.org/web/~~20251127140146~~/https://~~robertoviola~~.~~cloud~~/~~2025~~/~~07/22/how~~-~~i-built-qz-and-how-echelon-is-now-breaking-it/~~ |archive-date=~~27 Nov~~ 2025}}</ref> Before the incident, Echelon's official marketing materials explicitly promoted third-party compatibility. Their FAQ stated devices were designed to give users '''''"the flexibility to use your favorite devices"''''' & specifically mentions "third-party apps you can use as well."<ref name="echelon-faq" />

===Echelon's business model===

Echelon Fitness markets connected fitness equipment ranging from $500 entry-level models to $2,495 premium bikes. The company operates a subscription service priced between $29.99-$39.99 monthly or $399.99-$699.99 annually for access to live & on-demand fitness content.<ref name="echelon-faq"~~>{{cite web |url=https://echelonfit.com/pages/app-faqs |title=APP FAQs |publisher=Echelon Fit |access-date=23 July 2025 |archive-url=http://web.archive.org~~/~~web/20251018171434/https://echelonfit.com/pages/app-faqs |archive-date=18 Oct 2025}}</ref~~>

Echelon Fitness markets connected fitness equipment ranging from $500 entry-level models to $2,495 premium bikes. The company operates a subscription service priced between $29.99-$39.99 monthly or $399.99-$699.99 annually for access to live and on-demand fitness content.<ref name="echelon-faq" />

[[File:Echelon.png|alt=Subscriptions from echelon's website ~~[1]~~|thumb|Subscriptions from echelon's website <ref>{{Cite web |title=Choose your Premier Subscription – Echelon Fit US |url=https://echelonfit.com/collections/choose-your-united-sub?_ab=0&_fd=0&_sc=1 |archive-url=http://web.archive.org/web/20250912233519/https://echelonfit.com/collections/choose-your-united-sub?_sc=1&_ab=0&_fd=0 |archive-date=12 Sep 2025}}</ref>]]

[[File:Echelon premier subscription plans.png|alt=Subscriptions from echelon's website.|thumb|Subscriptions from echelon's website.<ref>{{Cite web |author= |title=Choose your Premier Subscription – Echelon Fit US |url=https://echelonfit.com/collections/choose-your-united-sub?_ab=0&_fd=0&_sc=1 |website=Echelon Fit |date= |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20250912233519/https://echelonfit.com/collections/choose-your-united-sub?_sc=1&_ab=0&_fd=0 |archive-date=12 Sep 2025}}</ref>]]

==July 2025 firmware update==

Line 32:

Line 33:

===Technical implementation===

The firmware creates a ~~'''~~boot-time server handshake~~'''~~ requirement before any functionality is enabled. Devices send authentication requests to Echelon servers, which respond with rotating unlock keys. Without successful validation, devices become completely non-functional, including for basic manual workouts.<ref name="viola-blog" />

The firmware creates a boot-time server handshake requirement before any functionality is enabled. Devices send authentication requests to Echelon servers, which respond with rotating unlock keys. Without successful validation, devices become ''completely'' non-functional, including for basic manual workouts.<ref name="viola-blog" />

The system targets third-party apps explicitly through ~~'''~~Bluetooth access control~~'''~~ that only activates after server authentication. This hardware-level lockout cannot be bypassed through software, effectively transforming ownership into a subscription-based permission model.<ref name="viola-blog" />

The system targets third-party apps explicitly through Bluetooth access control that only activates after server authentication. This hardware-level lockout cannot be bypassed through software, effectively transforming ownership into a subscription-based permission model.<ref name="viola-blog" />

===Impact on third-party applications===

The firmware update completely blocks QZ & similar third-party applications from communicating with Echelon devices. This affects advanced features like automatic resistance control and prevents basic manual workouts without internet connectivity & server approval.<ref name="viola-blog" />

The firmware update completely blocks QZ and similar third-party applications from communicating with Echelon devices. This affects advanced features like automatic resistance control and prevents basic manual workouts without internet connectivity and server approval.<ref name="viola-blog" />

==Consumer impact==

===Financial losses===

Users who purchased Echelon devices specifically for third-party compatibility are affected:

Line 48:

*Loss of free or alternative platform access previously enabled by QZ<ref name="viola-blog" />

One affected UK user commented: <blockquote>''"This is infuriating. I paid £1,199 for a bike in 2020, & a further £399 for 2 years of classes, so what I choose to do with the hardware I purchased outright is none of their business!"''<ref ~~name~~=~~"viola~~-~~blog"~~ /></blockquote>

One affected UK user commented:

<blockquote>"This is infuriating. I paid £1,199 for a bike in 2020, & a further £399 for 2 years of classes, so what I choose to do with the hardware I purchased outright is none of their business!"<ref>{{Cite web |author=Tom |title=Blog comment reply |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/#comment-12687 |website=Roberto Viola |date=22 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20250722132239/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/#comment-12687 |archive-date=22 Jul 2025}}</ref></blockquote>

===Elimination of offline functionality===

Line 55:

Line 56:

==Echelon's response==

===Press release===

On July ~~29,~~ 2025, Echelon issued a press release announcing the implementation of "comprehensive security enhancements," including jailbreak detection mechanisms to prevent unauthorized access to their equipment.<ref>{{~~cite~~ web |~~date~~=~~29 July 2025~~ |title=Echelon Implements Advanced Security Measures to Prevent Any Unwarranted Access To Fitness Equipment Data |url=https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |url-status=live |archive-url=https://web.archive.org/web/20260324195504/https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |archive-date=24 Mar 2026 ~~|access-date=27 August 2025 |publisher=PR Newswire~~}}</ref> The company specifically targeted QZ developer Roberto Viola, describing him as a "bad actor" who "attempts to bypass Echelon's fitness ecosystem" by charging users $6.99 for access to unauthorized connections.

On 29 July 2025, Echelon issued a press release announcing the implementation of "comprehensive security enhancements," including jailbreak detection mechanisms to prevent unauthorized access to their equipment.<ref>{{Cite web |author= |title=Echelon Implements Advanced Security Measures to Prevent Any Unwarranted Access To Fitness Equipment Data |url=https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |website=PR Newswire |date=29 July 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260324195504/https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |archive-date=24 Mar 2026}}</ref> The company specifically targeted QZ developer Roberto Viola, describing him as a "bad actor" who "attempts to bypass Echelon's fitness ecosystem" by charging users $6.99 for access to unauthorized connections.

Echelon announced that they are "actively reviewing legal action under the Digital Millennium Copyright Act (DMCA) and other applicable laws" against third-party applications. The company stated that customers using applications like QZ would have their warranties voided for violating terms of service and "compromising the secure operation" of products.

Echelon announced that they are "actively reviewing legal action under the [[Digital Millennium Copyright Act]] (DMCA) and other applicable laws" against third-party applications. The company stated that customers using applications like QZ would have their warranties voided for violating terms of service and "compromising the secure operation" of products.

CEO Lou Lentine framed the issue as protecting American intellectual property from "foreign individuals and entities," stating: <blockquote>"There are a few bad actors in the global marketplace who are constantly trying to shortcut the investments made by Echelon and other American companies—through fraud, copying, and stealing."</blockquote>

CEO Lou Lentine framed the issue as protecting American intellectual property from "foreign individuals and entities," stating:

<blockquote>"There are a few bad actors in the global marketplace who are constantly trying to shortcut the investments made by Echelon and other American companies—through fraud, copying, and stealing."</blockquote>

Concurrent with blocking third-party access, Echelon announced a new "Authorized Partnership Program" for companies seeking approved connections to their equipment. The program offers access to official APIs and developer support, though no timeline or application process was provided.

Echelon ~~repositioned~~ its offerings around two tiers:

Echelon re-positioned its offerings around two tiers:

*'''Freestyle Mode''' - Described as "no charge" but requires internet connectivity for "secure sign-in authentication"

*'''Freestyle Mode''' — Described as "no charge" but requires internet connectivity for "secure sign-in authentication"

*'''Premium Streaming Plans''' - Subscription plans starting at $19.99 monthly for access to classes and features

*'''Premium Streaming Plans''' — Subscription plans starting at $19.99 monthly for access to classes and features

The press release did not address the removal of offline functionality or the impact on existing customers who had purchased devices with advertised third-party compatibility.

==FULU Foundation bounty==

After the story's initial publication, Louis Rossmann released a $20,000 bounty<ref>{{~~cite~~ web |url=https://www.youtube.com/watch?v=2zayHD4kfcA |~~title=Fulu Foundation offers $20,000 bounty to repair Echelon firmware lockout |author=Louis Rossmann |publisher~~=YouTube |date=~~July~~ 2025 |access-date=27 ~~August 2025~~ |archive-url=https://preservetube.com/watch?v=2zayHD4kfcA |archive-date=23 Feb 2026}}</ref> for anyone who could create a method to bypass the restrictions placed on Echelon bikes. In August, the bounty winner was announced,<ref>{{~~cite~~ web |url=https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |~~title=Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software |author=Jason Koebler |publisher~~=404 Media |date=~~August~~ 2025 |access-date=27 ~~August 2025~~ |archive-url=http://web.archive.org/web/20260112063210/https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |archive-date=12 Jan 2026}}</ref> ~~however,~~ the solution used to claim the bounty was not released. Louis Rossmann stated that the reason for not releasing was the impact of a US law (17 U.S. Code § 1201), which prevents sharing methods to bypass a technological measure designed to manage access to a product.<ref>{{~~cite~~ web |~~url~~=~~https://www.youtube.com/watch?v~~=~~chPzslZKBhI~~ |title=I started an organization to ~~dismantle~~ the DMCA - here's why |~~author~~=~~Louis Rossmann~~ |~~publisher~~=YouTube |date=27 ~~August~~ 2025 |access-date=27 ~~August 2025~~ |archive-url=https://preservetube.com/watch?v=chPzslZKBhI |archive-date=23 Feb 2026}}</ref>

After the story's initial publication, Louis Rossmann released a $20,000 bounty<ref>{{Cite web |last=Rossmann |first=Louis |title=FULU Foundation offers $20,000 bounty to unbrick echelon bikes |url=https://www.youtube.com/watch?v=2zayHD4kfcA |website=[[YouTube]] |date=25 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=2zayHD4kfcA |archive-date=23 Feb 2026}}</ref> for anyone who could create a method to bypass the restrictions placed on Echelon bikes. In August 2025, the bounty winner was announced,<ref>{{Cite web |last=Koebler |first=Jason |title=Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software |url=https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |website=404 Media |date=27 Aug 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20260112063210/https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |archive-date=12 Jan 2026}}</ref> but the solution used to claim the bounty was not released. Louis Rossmann stated that the reason for not releasing was the impact of a US law (17 U.S. Code § 1201), which prevents sharing methods to bypass a technological measure designed to manage access to a product.<ref>{{Cite web |last=Rossmann |first=Louis |title=We've started an organization to reform the DMCA - here's why |url=https://www.youtube.com/watch?v=chPzslZKBhI |website=[[YouTube]] |date=27 Aug 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=chPzslZKBhI |archive-date=23 Feb 2026}}</ref>

==Consumer recourse==

===Immediate actions===

Roberto Viola made the following recommendations for affected users:

*'''Avoid all firmware updates''' & disable automatic updates.

*'''Avoid all firmware updates''' and disable automatic updates.

*'''Delete the Echelon app''' to prevent forced updates.

*Make sure tablets can't access the internet independently.

*~~document~~ current functionality for potential claims<ref name="viola-blog" />

*Document current functionality for potential claims.<ref name="viola-blog" />

If ~~it prompts you~~ to install a firmware update on reboot, ~~you~~ may ~~avoid this~~ by rebooting the bike again, then, in Wi-Fi settings at the first opportunity, entering a custom SSID and leaving it blank. For some reason, this appears to be the only way to get it to switch from an existing connection. ~~You~~ must again enter ~~your~~ actual Wi-Fi details on the member login screen.

If the user is prompted to install a firmware update on reboot, this may be avoided by rebooting the bike again, then, in Wi-Fi settings at the first opportunity, entering a custom {{Wplink|Service set (802.11 network)#Service set identifier|SSID}} and leaving it blank. For some reason, this appears to be the only way to get it to switch from an existing connection. The user must again enter their actual Wi-Fi details on the member login screen.

===Optional actions===

~~You~~ can lock the bike to a fixed resistance and use it as a basic exercise bike without innovative features. This is useful if ~~you~~ want to start a workout quickly without powering on the bike or adjusting the resistance again after pausing in the middle of a workout.

A user can lock the bike to a fixed resistance and use it as a basic exercise bike without innovative features. This is useful if they want to start a workout quickly without powering on the bike or adjusting the resistance again after pausing in the middle of a workout.

#Make sure the bike is plugged in.

Line 92:

Line 94:

==References==

~~<references />~~

==External ~~Links~~==

==External links==

*[https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ Roberto Viola's detailed technical analysis]

*[https://github.com/cagnulein/qdomyos-zwift QZ (qdomyos-zwift) GitHub repository]

*[https://github.com/cagnulein/qdomyos-zwift/issues/1752 GitHub Issue #1752 - Echelon connection problems]

*[https://www.classaction.org/news/ifit-class-action-says-software-update-left-fitness-equipment-totally-inoperable iFIT Class Action Settlement Information]

[[Category:~~Incidents~~]]

[[Category:Echelon Fitness]]

@@ Line 1: / Line 1: @@
 {{IncidentCargo
 |Company=Echelon Fitness
-|StartDate=2025-07
+|StartDate=July 2025
 |Status=Active
-|ProductLine=echelon exercie equipment
+|ProductLine=echelon exercise equipment
-|Product=exercise equipment
+|Product=Exercise equipment
 |ArticleType=Product
 |Type=Firmware lockout
 |Description=Echelon pushed firmware updates blocking third-party apps, requiring server authentication & breaking QZ compatibility for users
-}}A July 2025 firmware update pushed by Echelon Fitness retroactively blocked third-party fitness applications from connecting to their devices. The update affected users of QZ (qdomyos-zwift), an open-source bridging application that enables cross-platform compatibility with fitness platforms like [[wikipedia:Zwift|Zwift]], [[wikipedia:Peloton_Interactive|Peloton Digital]], & others.
+}}
+A July 2025 firmware update pushed by ''Echelon Fitness'' retroactively blocked third-party fitness applications from connecting to their devices. The update affected users of QZ (qdomyos-zwift), an open-source bridging application that enables cross-platform compatibility with fitness platforms like {{Wplink|Zwift}}, {{Wplink|Peloton Interactive|Peloton Digital}}, and others.
 ==Background==
+===QZ and cross-platform compatibility===
+QZ (qdomyos-zwift) was created in September 2020 by Italian software engineer {{Wplink|Roberto Viola}}.<ref name="viola-blog">{{Cite web |last=Viola |first=Roberto |title=How I Built QZ—and How Echelon Is Now Breaking It |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |website=Roberto Viola |date=22 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20251127140146/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |archive-date=27 Nov 2025}}</ref> The application functions as a {{Wplink|Bluetooth}} bridge that intercepts proprietary communications from closed fitness devices and translates them into standard protocols compatible with other mainstream fitness platforms.
-===QZ & cross-platform compatibility===
+For almost five years, QZ maintained compatibility with Echelon devices. Viola notes that the app "helped Echelon sell tens of thousands of bikes" by making them compatible with multiple training platforms. Viola also recommended the Echelon as the "best indoor bike on the market."<ref name="viola-blog" /> Before the incident, Echelon's official marketing materials explicitly promoted third-party compatibility. Their FAQ stated devices were designed to give users "the flexibility to use your favorite devices" and specifically mentions "third-party apps you can use as well."<ref name="echelon-faq">{{Cite web |author= |title=APP FAQs |url=https://echelonfit.com/pages/app-faqs |website=Echelon Fit |date= |access-date=23 July 2025 |url-status=live |archive-url=http://web.archive.org/web/20251018171434/https://echelonfit.com/pages/app-faqs |archive-date=18 Oct 2025}}</ref>
-QZ (qdomyos-zwift) was created in September 2020 by Italian software engineer [[wikipedia:Roberto_Viola|Roberto Viola]].<ref>{{cite web |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |title=How I Built QZ—and How Echelon Is Now Breaking It |author=Roberto Viola |date=22 July 2025 |access-date=23 July 2025 |archive-url=http://web.archive.org/web/20251127140146/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |archive-date=27 Nov 2025}}</ref> The application functions as a Bluetooth bridge that intercepts proprietary communications from closed fitness devices & translates them into standard protocols compatible with other mainstream fitness platforms.
-For almost five years, QZ maintained compatibility with Echelon devices. Viola notes that the app ''"helped Echelon sell tens of thousands of bikes"'' by making them compatible with multiple training platforms. Viola also recommended the Echelon as the ''"best indoor bike on the market."''<ref name="viola-blog">{{cite web |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |title=How I Built QZ—and How Echelon Is Now Breaking It |author=Roberto Viola |date=22 July 2025 |access-date=23 July 2025 |archive-url=http://web.archive.org/web/20251127140146/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ |archive-date=27 Nov 2025}}</ref> Before the incident, Echelon's official marketing materials explicitly promoted third-party compatibility. Their FAQ stated devices were designed to give users '''''"the flexibility to use your favorite devices"''''' & specifically mentions "third-party apps you can use as well."<ref name="echelon-faq" />
 ===Echelon's business model===
-Echelon Fitness markets connected fitness equipment ranging from $500 entry-level models to $2,495 premium bikes. The company operates a subscription service priced between $29.99-$39.99 monthly or $399.99-$699.99 annually for access to live & on-demand fitness content.<ref name="echelon-faq">{{cite web |url=https://echelonfit.com/pages/app-faqs |title=APP FAQs |publisher=Echelon Fit |access-date=23 July 2025 |archive-url=http://web.archive.org/web/20251018171434/https://echelonfit.com/pages/app-faqs |archive-date=18 Oct 2025}}</ref>
+Echelon Fitness markets connected fitness equipment ranging from $500 entry-level models to $2,495 premium bikes. The company operates a subscription service priced between $29.99-$39.99 monthly or $399.99-$699.99 annually for access to live and on-demand fitness content.<ref name="echelon-faq" />
-[[File:Echelon.png|alt=Subscriptions from echelon's website [1]|thumb|Subscriptions from echelon's website <ref>{{Cite web |title=Choose your Premier Subscription – Echelon Fit US |url=https://echelonfit.com/collections/choose-your-united-sub?_ab=0&_fd=0&_sc=1 |archive-url=http://web.archive.org/web/20250912233519/https://echelonfit.com/collections/choose-your-united-sub?_sc=1&_ab=0&_fd=0 |archive-date=12 Sep 2025}}</ref>]]
+[[File:Echelon premier subscription plans.png|alt=Subscriptions from echelon's website.|thumb|Subscriptions from echelon's website.<ref>{{Cite web |author= |title=Choose your Premier Subscription – Echelon Fit US |url=https://echelonfit.com/collections/choose-your-united-sub?_ab=0&_fd=0&_sc=1 |website=Echelon Fit |date= |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20250912233519/https://echelonfit.com/collections/choose-your-united-sub?_sc=1&_ab=0&_fd=0 |archive-date=12 Sep 2025}}</ref>]]
 ==July 2025 firmware update==
@@ Line 32: / Line 33: @@
 ===Technical implementation===
-The firmware creates a '''boot-time server handshake''' requirement before any functionality is enabled. Devices send authentication requests to Echelon servers, which respond with rotating unlock keys. Without successful validation, devices become completely non-functional, including for basic manual workouts.<ref name="viola-blog" />
+The firmware creates a boot-time server handshake requirement before any functionality is enabled. Devices send authentication requests to Echelon servers, which respond with rotating unlock keys. Without successful validation, devices become ''completely'' non-functional, including for basic manual workouts.<ref name="viola-blog" />
-The system targets third-party apps explicitly through '''Bluetooth access control''' that only activates after server authentication. This hardware-level lockout cannot be bypassed through software, effectively transforming ownership into a subscription-based permission model.<ref name="viola-blog" />
+The system targets third-party apps explicitly through Bluetooth access control that only activates after server authentication. This hardware-level lockout cannot be bypassed through software, effectively transforming ownership into a subscription-based permission model.<ref name="viola-blog" />
 ===Impact on third-party applications===
-The firmware update completely blocks QZ & similar third-party applications from communicating with Echelon devices. This affects advanced features like automatic resistance control and prevents basic manual workouts without internet connectivity & server approval.<ref name="viola-blog" />
+The firmware update completely blocks QZ and similar third-party applications from communicating with Echelon devices. This affects advanced features like automatic resistance control and prevents basic manual workouts without internet connectivity and server approval.<ref name="viola-blog" />
 ==Consumer impact==
 ===Financial losses===
 Users who purchased Echelon devices specifically for third-party compatibility are affected:
@@ Line 48: / Line 48: @@
 *Loss of free or alternative platform access previously enabled by QZ<ref name="viola-blog" />
-One affected UK user commented: <blockquote>''"This is infuriating. I paid £1,199 for a bike in 2020, & a further £399 for 2 years of classes, so what I choose to do with the hardware I purchased outright is none of their business!"''<ref name="viola-blog" /></blockquote>
+One affected UK user commented:
+<blockquote>"This is infuriating. I paid £1,199 for a bike in 2020, & a further £399 for 2 years of classes, so what I choose to do with the hardware I purchased outright is none of their business!"<ref>{{Cite web |author=Tom |title=Blog comment reply |url=https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/#comment-12687 |website=Roberto Viola |date=22 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20250722132239/https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/#comment-12687 |archive-date=22 Jul 2025}}</ref></blockquote>
 ===Elimination of offline functionality===
@@ Line 55: / Line 56: @@
 ==Echelon's response==
 ===Press release===
-On July 29, 2025, Echelon issued a press release announcing the implementation of "comprehensive security enhancements," including jailbreak detection mechanisms to prevent unauthorized access to their equipment.<ref>{{cite web |date=29 July 2025 |title=Echelon Implements Advanced Security Measures to Prevent Any Unwarranted Access To Fitness Equipment Data |url=https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |url-status=live |archive-url=https://web.archive.org/web/20260324195504/https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |archive-date=24 Mar 2026 |access-date=27 August 2025 |publisher=PR Newswire}}</ref> The company specifically targeted QZ developer Roberto Viola, describing him as a "bad actor" who "attempts to bypass Echelon's fitness ecosystem" by charging users $6.99 for access to unauthorized connections.
+On 29 July 2025, Echelon issued a press release announcing the implementation of "comprehensive security enhancements," including jailbreak detection mechanisms to prevent unauthorized access to their equipment.<ref>{{Cite web |author= |title=Echelon Implements Advanced Security Measures to Prevent Any Unwarranted Access To Fitness Equipment Data |url=https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |website=PR Newswire |date=29 July 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260324195504/https://www.prnewswire.com/news-releases/echelon-implements-advanced-security-measures-to-prevent-any-unwarranted-access-to-fitness-equipment-data-302516131.html |archive-date=24 Mar 2026}}</ref> The company specifically targeted QZ developer Roberto Viola, describing him as a "bad actor" who "attempts to bypass Echelon's fitness ecosystem" by charging users $6.99 for access to unauthorized connections.
-Echelon announced that they are "actively reviewing legal action under the Digital Millennium Copyright Act (DMCA) and other applicable laws" against third-party applications. The company stated that customers using applications like QZ would have their warranties voided for violating terms of service and "compromising the secure operation" of products.
+Echelon announced that they are "actively reviewing legal action under the [[Digital Millennium Copyright Act]] (DMCA) and other applicable laws" against third-party applications. The company stated that customers using applications like QZ would have their warranties voided for violating terms of service and "compromising the secure operation" of products.
-CEO Lou Lentine framed the issue as protecting American intellectual property from "foreign individuals and entities," stating: <blockquote>"There are a few bad actors in the global marketplace who are constantly trying to shortcut the investments made by Echelon and other American companies—through fraud, copying, and stealing."</blockquote>
+CEO Lou Lentine framed the issue as protecting American intellectual property from "foreign individuals and entities," stating:
+<blockquote>"There are a few bad actors in the global marketplace who are constantly trying to shortcut the investments made by Echelon and other American companies—through fraud, copying, and stealing."</blockquote>
 Concurrent with blocking third-party access, Echelon announced a new "Authorized Partnership Program" for companies seeking approved connections to their equipment. The program offers access to official APIs and developer support, though no timeline or application process was provided.
-Echelon repositioned its offerings around two tiers:
+Echelon re-positioned its offerings around two tiers:
-*'''Freestyle Mode''' - Described as "no charge" but requires internet connectivity for "secure sign-in authentication"
+*'''Freestyle Mode''' — Described as "no charge" but requires internet connectivity for "secure sign-in authentication"
-*'''Premium Streaming Plans''' - Subscription plans starting at $19.99 monthly for access to classes and features
+*'''Premium Streaming Plans''' — Subscription plans starting at $19.99 monthly for access to classes and features
 The press release did not address the removal of offline functionality or the impact on existing customers who had purchased devices with advertised third-party compatibility.
 ==FULU Foundation bounty==
-After the story's initial publication, Louis Rossmann released a $20,000 bounty<ref>{{cite web |url=https://www.youtube.com/watch?v=2zayHD4kfcA |title=Fulu Foundation offers $20,000 bounty to repair Echelon firmware lockout |author=Louis Rossmann |publisher=YouTube |date=July 2025 |access-date=27 August 2025 |archive-url=https://preservetube.com/watch?v=2zayHD4kfcA |archive-date=23 Feb 2026}}</ref> for anyone who could create a method to bypass the restrictions placed on Echelon bikes. In August, the bounty winner was announced,<ref>{{cite web |url=https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |title=Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software |author=Jason Koebler |publisher=404 Media |date=August 2025 |access-date=27 August 2025 |archive-url=http://web.archive.org/web/20260112063210/https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |archive-date=12 Jan 2026}}</ref> however, the solution used to claim the bounty was not released. Louis Rossmann stated that the reason for not releasing was the impact of a US law (17 U.S. Code § 1201), which prevents sharing methods to bypass a technological measure designed to manage access to a product.<ref>{{cite web |url=https://www.youtube.com/watch?v=chPzslZKBhI |title=I started an organization to dismantle the DMCA - here's why |author=Louis Rossmann |publisher=YouTube |date=27 August 2025 |access-date=27 August 2025 |archive-url=https://preservetube.com/watch?v=chPzslZKBhI |archive-date=23 Feb 2026}}</ref>
+After the story's initial publication, Louis Rossmann released a $20,000 bounty<ref>{{Cite web |last=Rossmann |first=Louis |title=FULU Foundation offers $20,000 bounty to unbrick echelon bikes |url=https://www.youtube.com/watch?v=2zayHD4kfcA |website=[[YouTube]] |date=25 Jul 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=2zayHD4kfcA |archive-date=23 Feb 2026}}</ref> for anyone who could create a method to bypass the restrictions placed on Echelon bikes. In August 2025, the bounty winner was announced,<ref>{{Cite web |last=Koebler |first=Jason |title=Developer Unlocks Newly Enshittified Echelon Exercise Bikes But Can't Legally Release His Software |url=https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |website=404 Media |date=27 Aug 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=http://web.archive.org/web/20260112063210/https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/ |archive-date=12 Jan 2026}}</ref> but the solution used to claim the bounty was not released. Louis Rossmann stated that the reason for not releasing was the impact of a US law (17 U.S. Code § 1201), which prevents sharing methods to bypass a technological measure designed to manage access to a product.<ref>{{Cite web |last=Rossmann |first=Louis |title=We've started an organization to reform the DMCA - here's why |url=https://www.youtube.com/watch?v=chPzslZKBhI |website=[[YouTube]] |date=27 Aug 2025 |access-date=27 Mar 2026 |url-status=live |archive-url=https://preservetube.com/watch?v=chPzslZKBhI |archive-date=23 Feb 2026}}</ref>
 ==Consumer recourse==
 ===Immediate actions===
 Roberto Viola made the following recommendations for affected users:
-*'''Avoid all firmware updates''' & disable automatic updates.
+*'''Avoid all firmware updates''' and disable automatic updates.
 *'''Delete the Echelon app''' to prevent forced updates.
 *Make sure tablets can't access the internet independently.
-*document current functionality for potential claims<ref name="viola-blog" />
+*Document current functionality for potential claims.<ref name="viola-blog" />
-If it prompts you to install a firmware update on reboot, you may avoid this by rebooting the bike again, then, in Wi-Fi settings at the first opportunity, entering a custom SSID and leaving it blank. For some reason, this appears to be the only way to get it to switch from an existing connection. You must again enter your actual Wi-Fi details on the member login screen.
+If the user is prompted to install a firmware update on reboot, this may be avoided by rebooting the bike again, then, in Wi-Fi settings at the first opportunity, entering a custom {{Wplink|Service set (802.11 network)#Service set identifier|SSID}} and leaving it blank. For some reason, this appears to be the only way to get it to switch from an existing connection. The user must again enter their actual Wi-Fi details on the member login screen.
 ===Optional actions===
-You can lock the bike to a fixed resistance and use it as a basic exercise bike without innovative features. This is useful if you want to start a workout quickly without powering on the bike or adjusting the resistance again after pausing in the middle of a workout.
+A user can lock the bike to a fixed resistance and use it as a basic exercise bike without innovative features. This is useful if they want to start a workout quickly without powering on the bike or adjusting the resistance again after pausing in the middle of a workout.
 #Make sure the bike is plugged in.
@@ Line 92: / Line 94: @@
 ==References==
-<references />
+{{Reflist}}
-==External Links==
+==External links==
 *[https://robertoviola.cloud/2025/07/22/how-i-built-qz-and-how-echelon-is-now-breaking-it/ Roberto Viola's detailed technical analysis]
 *[https://github.com/cagnulein/qdomyos-zwift QZ (qdomyos-zwift) GitHub repository]
 *[https://github.com/cagnulein/qdomyos-zwift/issues/1752 GitHub Issue #1752 - Echelon connection problems]
 *[https://www.classaction.org/news/ifit-class-action-says-software-update-left-fitness-equipment-totally-inoperable iFIT Class Action Settlement Information]
-[[Category:Incidents]]
+[[Category:Echelon Fitness]]