ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

LARES BLOG: Why can't I just buy a motorcycle without WORK interfering?

LARES BLOG: Why can't I just buy a motorcycle without WORK interfering? | ICT Security-Sécurité PC et Internet | Scoop.it
From www.laresblog.com - September 29, 2011 2:53 PM

===> Unbelievable!!! A MUST READ!!! <===

 

Finally after almost 2 hours, the phone rings. It's the dealership. In haste I say " what is the password" and they walk me through it. the password is 1375... a number that seemed familiar. The bike fires back up and I am back on the road towards the dealer. As I arrive the salesman is standing out front with a long face. He calls out

Sales Guy(SG):" Man, I am sooooo sorry. I should have told you about that password. One of our tech's lost the key so we have had to run it with the password instead of the key."

Great... now I care more about the security of the bike...than the discount I could have negotiated from being a pissed off customer. I respond

Me:"So, you run this without the key?"

SG:"Yep, if you have the key the password screen just doesn't show up.. but its an awesome feature if you ever lose a key or something. It is set up that way from the factory."

Me: "Um, yea... or if someone wants to steal your bike and guesses your password"

SG: "I supposed thats true"

Me: *relooking over the bike and seeing why 1375 is familiar* "Huh, the code is the last 4 of the VIN"

SG: "Well, lemme tell ya something *as he shields his mouth like he is telling a secret* ALL OF THESE BIKES USE THE LAST 4 OF THE VIN AS THE PASSWORD. THAT IS HOW THEY COME FROM THE FACTORY"

Just then, you can see my wife's face drop and look at me... as if to say.. " I CAN'T believe that you just told HIM that!!!"

ME: " Can you change the password"

SG: "We have a call in to them on that, but as of right now there is no option"

Me: " Holy $#it, that is horrible."

I was blown away. Now I sit there with the bike of my dreams and it is tainted with a trivial flaw which could allow for its theft. What to do? Well, sad to say, I walked away. I needed to feel out mitigation options for this fundamental flaw.

Just to be sure, I checked this out with a few other ducati/security fans. It seems it is true. Ducati in ATL 1 of 1 bikes started. Ducati Dallas 2 of 2 started. Ducati London 1 of 1 started. Boy oh boy, were the salespeople and others surprised to see them fire up.

With the righ mindset this could be an AWESOME feature. 2Factor auth to start my BIKE!!!! HELL YES!

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

75811: Ducati Diavel Motorcycle Default Ignition Password

75811: Ducati Diavel Motorcycle Default Ignition Password | ICT Security-Sécurité PC et Internet | Scoop.it
From osvdb.org - September 29, 2011 12:16 PM
By default, Ducati Diavel motorcycles install with a default ignition password. The bike can be started using a manufacturer default PIN, set to the last 4 numbers of the Vehicle Identification Number (VIN), which is publicly known and documented.
more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn