Indian Motorcycle Scout Bobber Wireless Control Module Anti-Theft Bypass Vulnerability

A vulnerability in the 2025 model year Indian Motorcycle Scout Bobber allows adjacent-network attackers to bypass the motorcycle's anti-theft shutdown. This is achieved by forcing the Wireless Control Module (WCM) into a CAN bus-off state, using a known CAN error-frame injection technique. Once in this state, the WCM halts all transmissions, including the shutdown command. Other ECUs do not recognize this silence as a security issue and continue normal operations, enabling the motorcycle to be used without unlocking the immobilizer.

Impact

Exploitation of this vulnerability allows for unauthorized operation of the motorcycle by bypassing the anti-theft immobilizer system, which is designed to prevent the vehicle from being used without proper authorization.

Reproduction

The vulnerability can be reproduced by injecting error frames into the CAN bus to disrupt the normal communication of the Wireless Control Module. This can be done by an attacker on an adjacent network who has access to the CAN bus system of the motorcycle.