The Nigerian Communications Commission (NCC) on Saturday, May 14, issued an advisory to telecom customers and the general public about an ongoing cyber-vulnerability that allows a nearby hacker to remotely unlock cars, start their engines and drive away.
The fact that automobile remotes are classified as short-range devices that employ radio frequency (RF) to lock and unlock cars prompted the Commission to issue an alert to the general public about the hazard. It allows hackers to unlock and start a hacked vehicle.
Read Also: Nigerians Below 18 Years No Longer Eligible To Get SIM Cards – NCC
The vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack. The attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates them; and re-sends them later to unlock the car at will.
This was according to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the NCC’s Cybersecurity Centre for the telecom sector.
According to the Commission, it is also conceivable to alter captured commands and re-transmit them to obtain a different result using this latest sort of cyber-attack.
The NCC stated;
Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.
The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.
However, the NCC-CSIRT, in the advisory, has offered some precautionary measures that could be adopted by car owners to prevent falling victim to the attack.
When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.
In a separate advisory, the NCC warned the public about the reappearance of Joker Trojan-Infected Android Apps on Google Play Store, based on another CSIRT finding.
This was caused by thieves who downloaded genuine apps from the Play Store, modified them by adding Trojan malware, and then uploaded the programme back to the Play Store under a new name.
Read Also: NCC Not Disqualifying Nigerians From Getting SIM
The harmful payload is only active once the apps are published on the Play Store, allowing them to scale through Google’s rigorous review process.
Once installed, these apps will ask for permissions, which will give them access to important services like text messages and notifications.
The post NCC Warns Nigerians About New Hacking Techniques By Criminals appeared first on MojiDelano.Com.