20.8 C

How hackers unlock, steal vehicles – NCC




THE Nigerian Communications Commission (NCC) on Monday warned that hackers have deviced ways to unlock and make away with parked vehicles.

According to a statement released by NCC spokesman Ikechukwu Adinde, hackers now take advantage of car remotes that make use of Radio Frequency (RF) to unlock and start compromised vehicles.

The statement disclosed that an advisory issued by the Computer Security Incident Response Team (CSIRT), a cyber security unit established by the NCC, explained that “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will”.


NCC says it has not approved telecoms operators’ plan to hike cost of data, calls, SMS

NCC denounces fake website offering to unbar SIMs without NIN linkage

Hackers can access mobile phones when charging in public, NCC warns

- Advertisement -

The latest cyber-attack, which allows hackers manipulate car remotes to start engines wirelessly, according to the statement, is mostly used by hackers to unlock some Honda and Acura car models.

“The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the statement said.

The statement further advised car owners on how to avoid falling victim to hackers.

“When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter. Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity to carry out their nefarious acts,” the statement said.

According to the statement, the PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.

The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

- Advertisement -

The NCC also warned the general public over the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

It stated that criminals now intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then upload the app back to the Play Store with a new name.

Once the manipulated applications are installed, they request for permissions that enable them have access to critical functions such as text messages and notifications.

“As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware.

“It can click on online ads automatically and even use SMS One Time password (OTPs) to secretly approve payments. Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the statement added.

The NCC further advised telecom consumers to scrutinize apps installed from the Google Play Store by reading reviews, assessing the developers, perusing the terms of use and granting only the necessary permissions.

While it recommended that unauthorised transactions be checked against any installed app, users were advised to delete apps that are not in use, and always update to the latest software.

- Advertisement -

“To avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users have been advised to avoid downloading unnecessary apps or installing apps from unofficial sources,” the statement noted.

Author profile

You can send him an email at rolatunji@icirnigeria.org
Twitter handle: @olazrajj

Support the ICIR

We invite you to support us to continue the work we do.

Your support will strengthen journalism in Nigeria and help sustain our democracy.


If you or someone you know has a lead, tip or personal experience about this report, our WhatsApp line is open and confidential for a conversation



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Support the ICIR

We need your support to produce excellent journalism at all times.



Bandits kill assistant commissioner of police, one other in Katsina

BANDITS killed an Assistant Commissioner of Police (ACP) in charge of Dutsinma Area Command...

Gunmen attack Buhari’s convoy in Katsina

GUNMEN have attacked the advance convoy of President Muhammadu Buhari in his home state,...

Motorists, workers groan as fuel scarcity bites harder

MOTORISTS and workers in the Federal Capital Territory (FCT) are still groaning under the...

How informal sector employees can access NSITF benefits in event of accident

INFORMAL sector workers can access benefits of the 'Employees Compensation' scheme from the Nigerian...

My missing high school result was second-best nationally in 1976 – Okowa

THE vice presidential candidate of the Peoples Democratic Party (PDP) and Delta State governor,...

Most Read


Subscribe to our newsletter