The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H | 1.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hyundai | hyundai_firmware | * |
| kia | kia_firmware | * |
| nissan | nissan_firmware | * |
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. NOTE: the vendor's position is that this cannot be reproduced with genuine Nissan parts: for example, the combination of keyfob and door handle shown in the exploit demonstration does not match any technology that Nissan provides to customers.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nissan | sylphy_classic_2021_firmware | - |