How hackers can unlock, steal your vehicles –


The Nigerian Communications Commission has warned Nigerians against hacker devices that unlock and steal vehicles.

The warning was given in a statement released by the NCC’s director of public affairs, Dr. Ikechukwu Adinde.

In Sunday’s statement, Adinde said without modification:

The Nigerian Communications Commission (NCC) wishes to alert telecommunications consumers and members of the public to an ongoing cyber vulnerability that allows a nearby hacker to unlock vehicles, start their wireless engines and dispose of cars.

The fact that car remotes are categorized as short-range devices that use radio frequency (RF) to lock and unlock cars justified the need for the Commission to alert the general public to this emerging danger, where hackers take advantage to unlock and launch a compromised system. auto.

According to the latest advisory from the Computer Security Incident Response Team (CSIRT), the cybersecurity center for the telecommunications industry established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a a replay attack in which an attacker intercepts RF signals normally sent from a remote key fob to the car, manipulates those signals, and later sends them back to unlock the car at will.

With this last type of cyberattack, it is also possible to manipulate the captured commands and retransmit them to achieve a completely different result. “Several researchers have revealed a vulnerability, which would be used by a nearby attacker to unlock certain Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing radio frequency (RF) signals sent from your key fob to the car and re-sending those signals to take control of your car’s remote keyless entry system,” the official said. insistently.

However, the NCC-CSIRT, in the notice, offered precautionary measures or solutions that can be adopted by car owners to avoid falling victim to the attack.

According to the Commission’s Cyber ​​Alert Unit, “In the event of an impact, the only mitigation is to reset your key fob at the dealership. In addition, the car manufacturer concerned may provide a security mechanism that generates new codes for each authentication request, making it difficult for an attacker to “replay” the codes afterwards. Additionally, vulnerable motorists must store their key fobs in signal-blocking “Faraday pouches” when not in use. don’t use them.

It is important to note that owners of cars in the listed categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it more difficult for an attacker to read the signal due to the fact that criminals would need to be nearby to commit their nefarious deeds.

PKE is an automotive security system that works automatically when the user is near the vehicle, unlocks the door when approaching or when the door handle is pulled, and also locks it when the user walks away or touches the car on the way out. The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking the doors and trunk of a vehicle using the remote control.

Additionally, in a related advisory, the NCC, based on another detection by the CSIRT, wishes to inform the general public of the resurgence of Android apps infected with the Joker Trojan on the Google Play Store. This is due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware, and then upload the app to the Play Store with a new name.

The malicious payload is only activated once the apps go live on the Play Store, allowing apps to fit Google’s strict review process. Once installed, these apps request permissions which, when granted, allow the apps access to critical functions such as text messages and notifications.

As a result, a compromised device will subscribe unwitting users to premium services, charging them for services that don’t exist. A device like this can also be used to commit SMS (Short Messaging Service) fraud without the owner knowing about it.

It can automatically click on online advertisements and even use an SMS one-time password (OTP) to secretly approve payments. Without verification of bank statements, the user will not know that he has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other data from the device, are also possible.

To avoid falling victim to manipulation by hackers deploying Android apps infected with the Joker Trojan, Android users have been advised to avoid downloading unnecessary apps or installing apps from unofficial sources . The NCC would also like to advise telecom consumers to ensure that apps installed from the Google Play Store are thoroughly reviewed by reading reviews, rating developers, going through terms of service, and only granting necessary permissions.

In conclusion, the NCC recommends that unauthorized transactions be checked against any installed application. This is because all unused apps should be removed, while users are also advised to ensure that a device is always patched and updated with the latest software.

Previous Sayouth Mobi 2022 Login Problems - Recover Username and Password
Next Bugs Bunny gets what he deserves in this new MultiVersus trailer | Gamer on PC