Levente Csikor

**Name of the Vulnerable Software and Affected Versions** Mazda vehicles (affected versions not specified) **Description** The issue concerns the Remote Keyless Entry (RKE) receiving unit, which allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio. This is known as a RollBack attack, enabling the attacker to retain the ability to unlock indefinitely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honda vehicles through 2018 **Description** The issue allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, also known as a RollBack attack. This enables the attacker to retain the ability to unlock indefinitely. **Recommendations** For Honda vehicles through 2018, consider implementing additional security measures to prevent the capture and reuse of RKE signals, such as using a signal jamming device or implementing a more secure authentication protocol. As a temporary workaround, restrict access to the vehicle when it is not in use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nissan, Kia, and Hyundai vehicles (affected versions not specified) **Description** The issue allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio. This enables the attacker to retain the ability to unlock the vehicle indefinitely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.