Research - [CVE-2024-6348] - Predictable seed generation after ECU reset
Title: Predictable seed generation after ECU reset
Date: 15/08/2024
CVE-ID: CVE-2024-6348
CVSS Score: 5.3 (v4)
Author: Thomas Sermpinis
Versions: Nissan Altima MY22 - MY24 (More to be added)
CNA: ASRG
Tested on: Nissan Altima MY22 - MY24
Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.
Disclosed in DefCon 32 - Engage, on August 11th, 2024, in Las Vegas, NV, during my talk “The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)”.