Information Security News mailing list archives
75811 : Ducati Diavel Motorcycle Default Ignition Password
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 29 Sep 2011 00:31:10 -0500 (CDT)
http://osvdb.org/show/osvdb/75811 Timeline Disclosure Date Exploit Publish Date 2011-04-05 2011-04-05 DescriptionBy default, Ducati Diavel motorcycles install with a default ignition password. The bike can be started using a manufacturer default PIN, set to the last 4 numbers of the Vehicle Identification Number (VIN), which is publicly known and documented. This allows attackers to trivially access the bicycle and enjoy the 162 horsepower and wind blowing through your hair.
Classification Location: Physical Access Required Attack Type: Authentication Management Impact: Loss of Integrity Solution: Workaround Exploit: Exploit Public Disclosure: Vendor VerifiedSolution: Immediately after purchase, change the startup PIN as directed in the instruction manual (you did read that, right?).
Products Unknown or Incomplete References * Other Advisory URL: http://twitpic.com/4hd6up http://www.laresblog.com/2011/04/why-cant-i-just-buy-motorcycle-without.html Credit * Chris Nickerson - Lares Consulting [...] _____________________________________________________________ FINAL CALL to register #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/
Current thread:
- 75811 : Ducati Diavel Motorcycle Default Ignition Password InfoSec News (Sep 28)