Title: Predictable seed generation after ECU reset

Date: 15/08/2024

CVE-ID: CVE-2024-6348

CVSS Score: 5.3 (v4)

Author: Thomas Sermpinis

Versions: Nissan Altima MY22 - MY24 (More to be added)

CNA: ASRG

Tested on: Nissan Altima MY22 - MY24

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests.

Disclosed in DefCon 32 - Engage, on August 11th, 2024, in Las Vegas, NV, during my talk “The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)”.