Skip to main content

How hackers can unlock, steal your vehicles wirelessly

 


 By our Abuja correspondent

The Nigerian Communications Commission (NCC) has disclosed that hackers have invented means of starting some models of Honda and Acura car engines wirelessly.

NCC Director, Public Affairs, Dr. Ikechukwu Adinde said research has exposed a vulnerability used by nearby attackers to unlock these vehicles.

He pointed out that the vulnerability is a Man-in-the-Middle (MitM) attack or a replay attack in which an attacker intercepts the Radio Frequency (RF) signals normally sent from a remote key fob to the car, manipulates the signals, and re-sends them later to unlock the car at will.

“The fact that car remotes are categorized as short-range devices that make use of radio frequency to lock and unlock cars informed the need for the Commission to alert the public on this emergent danger, where hackers take advantage to unlock and start a compromised car. With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether,” he said in a statement.

The statement added that the attack consists of a threat actor capturing the radio frequency signals sent from the key fob to the car and resending the signals to take control of the car’s remote keyless entry system.

“When affected, the only mitigation according to cyber-alert unit is to reset the key fob at the dealership. The affected car manufacturer may also provide a security mechanism that generate fresh codes for each authentication request, which makes it difficult for an attacker to ‘replay’ the codes thereafter,” NCC said.

In a related advisory, the NCC, based on another detection by CSIRT, alerted the public about the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

This arose due to the activities of criminals, who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then uploading the app back to the Play Store with a new name.

The statement revealed that the malicious payload is only activated once the apps goes live on the Play Store, which enables the apps to scale through Google’s strict evaluation process.

“Once installed, the apps request for permissions that once granted, enable the apps to have access to critical functions such as text messages and notifications.

As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware. It can click on online ads automatically and even use SMS One-Time Password (OTPs) to secretly approve payments.

“Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the statement reads in part.

The NCC  advised telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinized by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions. It also recommended that unauthorised transactions be checked against any installed app.

Comments

Post a Comment

Popular posts from this blog

War at NASS amid Akapbio impeachment as DSS takes over

                              Akpabio The premises of the national assembly appears like a war zone this morning as men of the Department of State Security (DSS) have taken over amidst speculations of an impeachment move against Sen. Akpabio  Operatives of the DSS have taken control of the national assembly amid allegations of a potential impeachment threat against Senate President, Goodswill Akpabio. Speculations have swirled that some aggrieved northern senators, allegedly dissatisfied with President Bola Tinubu, are reportedly reviving an earlier attempt to remove Akpabio from office. Globally, parliaments have dedicated internal security personnel responsible for maintaining order and safety within and around the premises of parliament. Other security agencies attached to the parliament are present to ensure the safety of lives and property in the event of any security breach or threats that might disrupt the proceedings of lawmakers and staff, particularly when internal security i
Post a Comment
Read more

No sit-at-home in South-East on Tuesday – Ekpa insists

 (By thenewsguru.com) The Prime Minister of the Biafra Republic Government in Exile, Simon Ekpa, has clarified that there will be no sit-at-home on Tuesday, October 22, 2024, in the Southeast region. In a statement issued Monday through his official Twitter handle, Ekpa emphasized that only Monday’s sit-at-home was observed to demand the release of Nnamdi Kanu, the leader of the Indigenous People of Biafra (IPOB), and to push for the delegitimization of Nigeria’s authority in the Biafran territory. At CHISCO TRANSPORT, every journey is safe  Ekpa made the clarification in response to circulating claims suggesting that a sit-at-home would also occur on Tuesday. He reiterated that no such directive has been issued for that day. He further noted that he would address Biafrans live on his platform to explain the decision. “Ekpa has cleared the air on the rumored sit-at-home, and he promised to go live on X Space to inform Biafrans that there is no sit-at-home tomorrow,” he said. It is note
Post a Comment
Read more

United States grand jury indicts Nigerian Catholic priest on three felony sexual assault charges

  Anthony Odiong is accused of sexual assault by at least eight women whom the priest had been counseling Ramon Antonio Vargas The criminal case that authorities are building against a Roman Catholic priest accused of preying on women whom he met while working in south-east Louisiana and Texas is progressing, with a grand jury in the latter state indicting him on three felony sexual assault charges. Anthony Odiong, 55, faces two counts of second-degree sexual assault as well as one of first-degree sexual assault in the charges handed up against him recently in the McLennan county, Texas, state court. The charges against Odiong – who was first arrested in July – involve two women. He could receive up to life imprisonment if convicted of the first-degree charge, a stiffer penalty that stems from the fact that the alleged victim in the case was a woman whom Odiong was prohibited from “marrying or purporting to marry” under Texas law. The second-degree counts each carry up to 20 years in p
Post a Comment
Read more