The Nigerian Communications Commission (NCC) has alerted owners of some Honda and Acura car models of how hackers have devised means of starting their engines wirelessly.
According to Dr. Ikechukwu Adinde, NCC Director, Public Affairs, research has exposed a vulnerability used by nearby attackers to unlock these vehicles.
- NCC moves to disconnect fake, stolen phones from networks
- NCC uncovers 2 new cyber threats to windows platforms, routers
Adinde said the vulnerability is a Man-in-the-Middle (MitM) attack or a replay attack in which an attacker intercepts the Radio Frequency (RF) signals normally sent from a remote key fob to the car, manipulates the signals, and re-sends them later to unlock the car at will.
“The fact that car remotes are categorized as short-range devices that make use of radio frequency to lock and unlock cars informed the need for the Commission to alert the public on this emergent danger, where hackers take advantage to unlock and start a compromised car. With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether,” he said in a statement.
The statement added that the attack consists of a threat actor capturing the radio frequency signals sent from the key fob to the car and resending the signals to take control of the car’s remote keyless entry system.
“When affected, the only mitigation according to cyber-alert unit is to reset the key fob at the dealership. The affected car manufacturer may also provide a security mechanism that generate fresh codes for each authentication request, which makes it difficult for an attacker to ‘replay’ the codes thereafter,” NCC said.
In a related advisory, the NCC, based on another detection by CSIRT, alerted the public about the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.
This arose due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then uploading the app back to the Play Store with a new name.
The statement revealed that the malicious payload is only activated once the apps goes live on the Play Store, which enables the apps to scale through Google’s strict evaluation process.
“Once installed, the apps request for permissions that once granted, enable the apps to have access to critical functions such as text messages and notifications.
As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware. It can click on online ads automatically and even use SMS One-Time Password (OTPs) to secretly approve payments.
“Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the statement reads in part.
To avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users have been advised to avoid downloading unnecessary apps or installing apps from unofficial sources.
The NCC also advised telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinized by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions. It also recommended that unauthorised transactions be checked against any installed app.
