Ducati News Today must have gotten the same news tip as us, as a IT security blog is purporting to have information on how one can steal a Ducati Diavel (and presumably a Ducati Multistrada 1200) via the bike’s keyless ignition system.
It should be stated up-front that the pos referenced is dated April 5th, with the writer of the blog supposedly discovering this information on April 1st…and well all know what sort of Tomfoolery goes on during that time of the year.
According to the post’s author, the Ducati Diavel can be started not only without having the key in the ignition, but without the key at all.
While anyone who has ridden the Diavel knows that you only have to have the key in the proximity of the Diavel while you’re riding, the idea that one can start the bike without the key comes from a default code that comes up when such an act is attempted.
Where things get sticky though is that the author claims that this four-digit PIN is set from the factory to be the last four digits of the Diavel’s VIN, and that few owners know of security feature.
Like all good rumors this one is based on truth, but also flagrantly false. The Ducati Diavel and Multistrada 1200 do come with a RFID enabled key, which a rider only needs to have in proximity of the Diavel when riding to operate the motorcycle.
Also true is the fact that the Diavel can be started without the key, and instead with a four-digit PIN (this process is actually outlined on page 107 of the Ducati Diavel owners manual, & on page 116 for the MTS1200).
However where this article turns from white hat security to good April Fools fodder is in the fact that riding off with a Diavel is as easy as checking the VIN and putting in the last four digits.
According to Ducati North America, and confirmed by dealers we’ve talked to, the Diavel’s immobilizer override option code is not set from the factory, and is part of the dealership’s SOP when delivery a bike to a customer.
Ducati dealers are supposed to help Diavel & MTS1200 owners setup their new Bologna Bullets, including setting their own unique four-digit PIN to start the motorcycle without the key.
Admittedly it’s entirely possible that some deal dealerships in the US have setup their immobilizer overrides ahead of customer delivery, and have used the last four digits of the bike’s VIN as a quick and easy way to easily manage their inventory.
It is also possible that some dealers haven’t instructed Diavel and MTS1200 owners how to setup this feature, and enter a personalized PIN, thus creating some footing for this rumor.
So while this myth seems to be busted as far as creating a serious security threat for Ducati owners, prudence would dictate that Diavel and Multistrada 1200 owners should take a minute with their owners manual and set these features, before some punk kid reading too many weblogs tries to mess with their ride.
Source: Security in Motion & Ducati News Today
Comments