Hackers Can Now Unlock Your Vehicles, Start Engines Wirelessly – NCC Alerts Nigerians
The Nigerian Communications Commission (NCC) has warned Nigerians about an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with cars.
According to the NCC, the ongoing cyber-vulnerability allows a nearby hacker to unlock vehicles, start their engines wirelessly and steal the cars. The NCC gave this warning in a statement on Sunday signed by its Director, Public Affairs, Dr. Ikechukwu Adinde.
The statement read in part: “The Nigerian Communications Commission is alerting telecom consumers and members of the public on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.
“The fact that car remotes are categorized as short-range devices that make use of radio frequency to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car.
“According to the latest advisory released by the Computer Security Incident Response Team, the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.”
The NCC disclosed that this cyber-vulnerability has been found in some Honda and Acura car models.
The NCC-CSIRT advised vulnerable car users to reset their key fob at the dealership or store their key fobs in signal-blocking ‘Faraday pouches’ when not in use. It was also recommended that car owners choose Passive Keyless Entry as opposed to Remote Keyless Entry, which would make it harder for an attacker to read the signal for any nefarious act.
The NCC also warned Nigerians about the resurgence of Joker Trojan-Infected Android Apps on the Google Play Store, which can lead to a compromised device.