Connect with us

NCC alerts Nigerians on new ways hackers unlock, steal vehicles, android apps

Victorious

Published

on

Follow
TECH NEWS: NCC alerts Nigerians on new ways hackers unlock, steal vehicles, android apps [New Tech News] » Naijacrawl
Photo: Naijacrawl

The Nigerian Communications Commission (NCC) says it wishes to alert telecom consumers and members of the public on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.



It said that the fact that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this danger, where hackers take advantage to unlock and start a compromised car.

According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the Cybersecurity Centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack, in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

The Commission said that with this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.

“The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the advisory stated emphatically.

However, the NCC-CSIRT, in the advisory, has offered some precautionary measures that could be adopted by car owners to prevent falling victim to the attack.

According to the cyber-alert unit of the Commission, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.”

It said that vulnerable car users should store their key fobs in signal-blocking ’Faraday pouches’ when not in use.

Importantly, the Commission said that car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity to carry out their nefarious acts.

It explained that the PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.

The RKE system, according to the Commission, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

Additionally, in a related advisory, the NCC, based on another detection by CSIRT, informed the general public about the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

This arose due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then uploading the app back to the Play Store with a new name.

It said that the malicious payload is only activated once the apps goes live on the Play Store, which enables the apps to scale through Google’s strict evaluation process.

Once installed, these apps request for permissions that once granted, enable the apps to have access to critical functions such as text messages and notifications.

As a consequence, it explained further that a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware.

“It can click on online ads automatically and even use SMS One Time password (OTPs) to secretly approve payments. Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the Commission said.

It warned that to avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users must avoid downloading unnecessary apps or installing apps from unofficial sources.

The NCC also said it wishes to advise telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinized by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions.

Conclusively, the NCC recommended that unauthorised transactions be checked against any installed app.

“Indeed, any apps not in use should be deleted while users are also advised to ensure that a device is always patched and updated to the latest software,” the Commission said in a statement signed by Dr. Ikechukwu Adinde, its Director of Public Affairs.

Click Here To Comment




Ojo Sunday Victor, A Professional Graphics Designer, and a skilled Content Writer in Entertainment, News and Sport Update.!An Undergraduate in Ladoke Akintola University of Technology (LAUTECH, Ogbomoso). Read More

Continue Reading
Click to comment

Be first to comment


Leave a Reply

Your email address will not be published. Required fields are marked *

Tech News

Easy way to Code with your Android smart phone

kizinho

Published

on

NEWS: Easy way to Code with your Android smart phone [New Tech News] » Naijacrawl
Photo: Naijacrawl
Hi guys will share you the resources that will enable you to code with your Android smart phone . This is so easy to use and user friendly. Will share the app , but first download the latest version webmasterlite app HereWebmasterLite enables you to write your code as if you are using laptop. It features almost all the languages egHTMLPhpJavaScript etcEnjoy using it.
Continue Reading

Tech News

Download ADM Pro To Increase The Downloading Speeds On Android Device Up To 5 Times

nesky001

Published

on

NEWS: Download ADM Pro To Increase The Downloading Speeds On Android Device Up To 5 Times [New Tech News] » Naijacrawl
Photo: Naijacrawl
Most of PC users who are very much addicted with downloading can never play with the Internet Downloading Manager (IDM), because they know that it's a powerful tool to increase download speeds by up to 5 times, resume and schedule downloads. IDM only available for the Microsoft Windows operating system, the good news is that we have found similar software for Android users, which is ADM (Advance Download Manager). ADM is a powerful downloader for Android devic...
Continue Reading

Tech News

Download Google Play Services (Android TV) 11.9.74 APK

kizinho

Published

on

NEWS: Download Google Play Services (Android TV) 11.9.74 APK [New Tech News] » Naijacrawl
Photo: Naijacrawl
There are many apps and features that make Google’s Android operating system feel premium and Play Services is one of them. Even though most people don’t know what Play Services does, it actually is an important component of their operating system.In fact, there are many cases where people delete Play Services from their smartphone in order to free up storage space and then they find out that nearly all their apps stop working.Basically, Play Services is res...
Continue Reading

Latest


Download Naijacrawl App today

Fastest way to read on the go

Download the Naijacrawl App.