Seemed Like a Good Idea ...

When the designers of the Ducati Diavel motorcycle wanted to push the technology envelope, they opted for a keyless ignition, much like late model autos. As we've previously reported, automotive keyless ignition systems are vulnerable to attacks. So it shouldn't surprise us that the motorcycle is also susceptible to attacks. What did is the "how."

While the use of a wireless code from a keyfob on motorcycles may be open to attack, researchers instead found a far easier way to steal the motorcycle: Use the default PIN.

From the vulnerability disclosure posting

By default, Ducati Diavel motorcycles install with a default ignition password. The bike can be started using a manufacturer default PIN, set to the last 4 numbers of the Vehicle Identification Number (VIN), which is publicly known and documented. This allows attackers to trivially access the bicycle and enjoy the 162 horsepower and wind blowing through your hair.

This is another example where the designers thought it was a good idea, but didn't run it by the security folks at the company (assuming they have some). The workaround is to have the end-user change the default password, but that's Security 101.