The Nigerian Communications Commission (NCC) within the week warned car owners in Nigeria to beware of new hacking methods, which could remotely open car doors and start engines without keys.
The commission disclosed that owners of Honda and Acura car models were more prone to this attack.
The warning was part of the recent discoveries made by the Computer Security Incident Response Team (CSIRT), a cyber-security centre established for the telecom sector by the NCC.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
Part of the centre’s report, released to the media by the commission’s Director of Public Affairs, Dr Ikechukwu Adinde, alerted telecom consumers and members of the public, particularly car owners, on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.
According to Adinde, “the CSIRT discovered that because car remotes are categorized as short-range devices that make use of Radio Frequency (RF) to lock and unlock cars, there are immediate dangers in a new hacking method which see hackers take advantage to unlock and start a compromised car”.
The CSIRT notified that the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key to the car, manipulates these signals, and re-sends them later to unlock the car at will.
Dr Adinde quoted the CSIRT as saying, “Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.
“The attack consists of a threat actor capturing the radio frequency signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,”
“However, when affected, the only mitigation is to reset your key fob at the dealership. The affected car manufacturer may provide a security mechanism that generates fresh codes for each authentication request, this makes it difficult for an attacker to replay the codes thereafter”.
The NCC equally advised car users to store their key fobs in signal-blocking ’Faraday pouches’ when not in use.
It cautioned car owners, especially of Honda and Acura models to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), to make it harder for an attacker to read the signal, because criminals would need to be at close proximity to carry out their nefarious acts.
The PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.
The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.
The bone of contention is that, be it PKE or RKE, vehicle owners are enjoined to be wiser than serpent, to enable them to become a step ahead of hackers. Hence, they must seek advice from professionals whenever they acquire any vehicle prior to its use.
As tech or digitization obviously advances by the day, the members of the public are strongly urged to ensure they update their mindsets on a regular basis as regards any tech-driven gadget in their possession. They need to be well informed concerning any device being used by them or their loved ones, towards realizing the danger inherent that comes up as the days unfold.
As computer users are alerted to ensure strict passwords are being used, as well as regularly reviewed and changed, so it is applicable to vehicle owners or users of any tech appliance, to avert falling victim.