SlashNOT

Matthew writes: The Department of Homeland Security has announced a new critical vulnerability in all versions of Pepsi, including Pepsi, Diet Pepsi, and the critical Mountain Dew developer support platform.

The flaw is essentially an authentication vulnerability that allows hackers to determine the Pepsi-iTunes song give-away code without properly authenticating with the bottle cap lid through the purchase mechanism.

The vulnerability was originally thought merely to be a code-scanning technique in which vulnerable Pepsi bottle caps with the code could be identified, but it has now been confirmed that the codes can be surreptitiously discovered through a hand-shaking technique and careful scrutiny from outside the plastic bottle perimeter.

Up to 100 million bottles of Pepsi are potentially vulnerable to the hack, according to the bevhacking group 0ski11z, who discovered the exploit.

Pepsi drinkers are advised to avoid popular beverage vendors and sites frequented by teenagers until the bottles can be patched. Bottled sodas dispensed from vending machines are not vulnerable to the exploit.