http://osvdb.org/show/osvdb/75811 Timeline Disclosure Date Exploit Publish Date 2011-04-05 2011-04-05 Description By default, Ducati Diavel motorcycles install with a default ignition password. The bike can be started using a manufacturer default PIN, set to the last 4 numbers of the Vehicle Identification Number (VIN), which is publicly known and documented. This allows attackers to trivially access the bicycle and enjoy the 162 horsepower and wind blowing through your hair. Classification Location: Physical Access Required Attack Type: Authentication Management Impact: Loss of Integrity Solution: Workaround Exploit: Exploit Public Disclosure: Vendor Verified Solution: Immediately after purchase, change the startup PIN as directed in the instruction manual (you did read that, right?). Products Unknown or Incomplete References * Other Advisory URL: http://twitpic.com/4hd6up http://www.laresblog.com/2011/04/why-cant-i-just-buy-motorcycle-without.html Credit * Chris Nickerson - Lares Consulting [...] _____________________________________________________________ FINAL CALL to register #HITB2011KUL - Asia's premier deep-knowledge network security event now in it's 9th year! http://conference.hitb.org/hitbsecconf2011kul/Received on Wed Sep 28 2011 - 22:31:10 PDT
This archive was generated by hypermail 2.2.0 : Wed Sep 28 2011 - 22:39:24 PDT