Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Pepsi Bottlecap Liner Labeling Information Leak Vulnerability

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA

    Pepsi Bottlecap Liner Labeling Information Leak Vulnerability

    Yet again! Full Disclosure is the place to get the latest vulnerability announcements!

    Pepsi Bottlecap Liner Labeling Information Leak Vulnerability

    Advisory Location:

    Release date:
    February 18, 2004

    Pink (Free Music Downloads)

    Systems Affected:
    Diet Pepsi - 20 FL OZ Bottle (with "1 in 3 Wins a FREE Song" label)
    Pepsi - 20 FL OZ Bottle (with "1 in 3 Wins a FREE Song" label)
    Sierra Mist - 20 FL OZ Bottle (with "1 in 3 Wins a FREE Song" label)

    During the Super Bowl, Apple and Pepsi co-launched an Ad campain giving away 100 Million songs via Apple's iTunes Music Store. Because of a vulnerability in the notification of the give-away, attackers can guarentee a free song in any Pepsi purchase. Pepsi uses an industry standard known as "bottlecap
    liner labeling", where the vendor includes notification of fun and prizes. This method of notification is vulnerable to a pre-purchase notification weakness, allowing attackers to limit their purchase to products that are known to be "winners" in the give-away.

    Technical Description:
    An attacker capable of obtaining physical access to a bottle prior to purchase may create a non-uniform probability distribution leading to predictable outcome. By causing the bottle to be inclined at a specific
    declination, the attacker may gain partial visibility into result variable thereby bypassing the natural selection process.

    This attack is not new. Prior soft drink distribution versions have been vulnerable to this attack in the past. Known vulnerable versions have included the Mountain Dew "Free Soda" give-aways.

    Vendors should put all Pepsi 20 OZ bottles in a vending machine, which should mitigate this attack by not allowing physical access before the attacker purchases the product.

    ISS users can add the following TRONS rule to detect this attack:

    alert bottle any any -> any any (msg:"pepsi attack"; tilt:>15; classtype:information-leak; priority:pink;)

    This rule may be used to identify downloads of known exploits:

    alert tcp any 80 -> any any (msg:"Pepsi exploit download"; content:"pepsi"; nocase; content:"tilt"; nocase;

    Vendor Status:
    The vendor has not been notified.

    Exploits have been observed in the wild and are presumed to be in common use.
    A proof-of-concept exploit is available at:

    Ereet Hagiwara
    Brian Caswell
    Dragos Ruiu
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    now my day is going to be great. a bit of light tech humour to start the day.. hmm I may just go and hack a couple of Pepsi bottles today.. No I will go and exploite one..

    Mind the fix is ok to prevent consumer from exploitating the weakness.. But it won't stop the vending machine operator from exploiting.. this fix must have come from MS, it's a half patch

    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me

  3. #3
    Senior Member
    Join Date
    Feb 2002
    I said "huh? " when reading the title.. and now that I've read the post, I still say.. "huh ?"


    /sdg notifies the local bottlers.. suggests that new labels that reach to top of bottle be implimented ASAP..

    /then sdg exploits first bottle and downloads "Get The Party Started" by Pink

  4. #4
    Help my Pepsi bottle's just been owned.
    I swear i had all the patches and updates, i think the h4x0r used a back door to get in. .

    Nah but seriously though, it's the Manufactor's own fault, as the document said there's been exploits to those sort's of competitions for years, so if they just spent the extra 2Cents and put full length labels on the bottles then this would not of happened.
    So i think that they've learnt there lesson..
    Now if you would excuse me, im just gonna head down to the Supermarket and purchase me some "FREE" itunes thanks to Pepsi.

  5. #5
    AO Soccer Mom debwalin's Avatar
    Join Date
    Mar 2002
    What's funny to me is that you actually pay more for the music by purchasing the soda than if you just purchased the song. But you do at least have the soda to drink while you're dl'ing the music then.
    Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.

  6. #6
    Whats Next? Cracking McDonalds Secret Sauce????? lol

  7. #7
    Senior Member
    Join Date
    Oct 2001
    If they spent the extra 2 cents per soda, they'd make 2 cents less on the losing bottles (of which 2/3 are). I say they should just implement this on bottles with services to exploit. (RE: Fully cover all winning bottles)

    Although that probably defeats the purpose in the first place...

    I wish they had a 1 in 3 soda cans win, that way at LAN parties where we buy about 4 x 12 packs of soda I can get about 3-4 wins per LAN party... Although I'd probably have to purchase something other than the cheapest sodas to have a chance to win... least I would probably have a higher chance of winning sodas than games...

  8. #8
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Boston, MA
    actually riper, I wouldnt mind finding out where I could buy the zesty sauce from BurgerKing. That sauce is so damn delicious and it goes with any food . Believe it or not, Vending machines have been among the first "machines" to be exploited and hacked into . The best way to hack into one today is to bring a baseball bat and break the thing appart.

    Quite an amusing article . Just a thought though, why would someone go through the whole process of "exploiting" the bottles rather than just download them off kazaa or something? Some lamer actually has the time to just sit around cases of pepsi products checking the caps with a flashlight....ROFLMAO

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    You better get out there and start hacking those pepsi bottles!

    Its starting to hit news sites all over... is one of em.

    It has yet to hit slashdot... damn... I hope the 7-11 down the street doens't get the /. effect...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Dead Man Walking
    Join Date
    Jan 2003
    see told u i was an ub3r 1337 h4x0r

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts