Indian Motorcycle Scout Bobber Infotainment System PIN Bypass Vulnerability

A vulnerability in the Infotainment system of the 2025 Indian Motorcycle Scout Bobber model allows an adjacent-network attacker to bypass the PIN entry screen. The issue arises because the Infotainment system uses the presence of Wireless Control Module (WCM) traffic during boot as an indicator of whether an immobilizer is installed. If no WCM messages are detected, the system skips the PIN entry and goes straight to the user interface. An attacker can exploit this by silencing the WCM during boot, for example, using a known CAN bus-off technique, to access an unlocked Infotainment system without entering a PIN.

Impact

Exploitation of this vulnerability allows for unauthorized access to the Infotainment system, bypassing security measures intended to protect user data and system functionality.

Reproduction

To reproduce this vulnerability, an attacker must disrupt the WCM traffic during the Infotainment system's boot process. This can be done using a CAN bus-off technique, which silences the WCM messages that the system relies on to determine if an immobilizer is present. Once the WCM traffic is interrupted, the Infotainment system will skip the PIN entry screen and display the normal user interface, fully unlocked.