Title: Predictable seed generation after ECU reset

Date: 15/08/2024

CVE-ID: CVE-2024-6347

CVSS Score: 5.3 (v4)

Author: Thomas Sermpinis

Versions: Nissan Altima MY22 - MY24 (More to be added)

CNA: ASRG

Tested on: Nissan Altima MY22 - MY24

Unprotected privileged mode access through UDS session in the Blind Spot Detection Sensor ECU firmware in Nissan Altima (2022) allows attackers to trigger denial-of-service (DoS) by unauthorized access to the ECU’s programming session. * No preconditions implemented for ECU management functionality through UDS session in the Blind Spot Detection Sensor ECU in Nissan Altima (2022) allows attackers to disrupt normal ECU operations by triggering a control command without authentication.

Disclosed in DefCon 32 - Engage, on August 11th, 2024, in Las Vegas, NV, during my talk “The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)”.