back to top

How hackers unlock, steal vehicles – NCC

THE Nigerian Communications Commission (NCC) on Monday warned that hackers have deviced ways to unlock and make away with parked vehicles.

According to a statement released by NCC spokesman Ikechukwu Adinde, hackers now take advantage of car remotes that make use of Radio Frequency (RF) to unlock and start compromised vehicles.

The statement disclosed that an advisory issued by the Computer Security Incident Response Team (CSIRT), a cyber security unit established by the NCC, explained that “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will”.


READ ALSO:

NCC says it has not approved telecoms operators’ plan to hike cost of data, calls, SMS

NCC denounces fake website offering to unbar SIMs without NIN linkage

Hackers can access mobile phones when charging in public, NCC warns


The latest cyber-attack, which allows hackers manipulate car remotes to start engines wirelessly, according to the statement, is mostly used by hackers to unlock some Honda and Acura car models.

Read Also:

“The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the statement said.

The statement further advised car owners on how to avoid falling victim to hackers.

“When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter. Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity to carry out their nefarious acts,” the statement said.

According to the statement, the PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.

The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

The NCC also warned the general public over the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

It stated that criminals now intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then upload the app back to the Play Store with a new name.

Once the manipulated applications are installed, they request for permissions that enable them have access to critical functions such as text messages and notifications.

“As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware.




     

     

    Read Also:

    “It can click on online ads automatically and even use SMS One Time password (OTPs) to secretly approve payments. Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the statement added.

    The NCC further advised telecom consumers to scrutinize apps installed from the Google Play Store by reading reviews, assessing the developers, perusing the terms of use and granting only the necessary permissions.

    While it recommended that unauthorised transactions be checked against any installed app, users were advised to delete apps that are not in use, and always update to the latest software.

    “To avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users have been advised to avoid downloading unnecessary apps or installing apps from unofficial sources,” the statement noted.

    Join the ICIR WhatsApp channel for in-depth reports on the economy, politics and governance, and investigative reports.

    Support the ICIR

    We invite you to support us to continue the work we do.

    Your support will strengthen journalism in Nigeria and help sustain our democracy.

    If you or someone you know has a lead, tip or personal experience about this report, our WhatsApp line is open and confidential for a conversation

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here


    Support the ICIR

    We need your support to produce excellent journalism at all times.

    -Advertisement-

    Recent

    - Advertisement