Nigerian Communications Commission has warned Nigerians against hackers, who unlock and steal cars due to the cyber-vulnerability of such cars.
According to the NCC, the ongoing cyber-vulnerability allows a nearby hacker to unlock vehicles, start their engines wirelessly and steal the cars.
The NCC gave this warning in a statement signed by its Director, Public Affairs, Dr. Ikechukwu Adinde.
The statement read in part, “The Nigerian Communications Commission is alerting telecom consumers and members of the public on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars”.
“The fact that car remotes are categorized as short-range devices that make use of radio frequency to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car”.
“According to the latest advisory released by the Computer Security Incident Response Team, the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.”It was disclosed that this cyber-vulnerability has been found in some Honda and Acura car models”.
The NCC-CSIRT advised vulnerable car users to reset their key fob at the dealership or store their key fobs in signal-blocking ‘Faraday pouches’ when not in use. It was also recommended that car owners choose Passive Keyless Entry as opposed to Remote Keyless Entry, which would make it harder for an attacker to read the signal for any nefarious act.
The NCC also warned Nigerians about the resurgence of Joker Trojan-Infected Android Apps on the Google Play Store, which can lead to a compromised device.
In this regard, the NCC warned Android users to avoid downloading unnecessary apps or installing apps from unofficial sources.
The commission also recommended that unauthorised transactions should be checked against any installed app, and any apps not in use should be deleted while ensuring that a device is always patched and updated to the latest software.