The Nigerian Communications Commission (NCC) has warned car owners in Nigeria to beware of new hacking methods which can remotely open car doors and start engines without keys.
Telescope.ng reports that the commission said owners of Honda and Acura car models are more susceptible to this attack.
The warning was contained in the discoveries by the Computer Security Incident Response Team, (CSIRT), a cybersecurity centre established for the telecom sector by the NCC.
In a statement sent to the media, the commission’s director of public affairs, Ikechukwu Adinde, alerted telecom consumers and members of the public, particularly, car owners on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.
Adinde said: “the CSIRT discovered that because car remotes are categorized as short-range devices that make use of radio frequency, RF, to lock and unlock cars, there are immediate dangers in a new hacking method which see hackers take advantage to unlock and start a compromised car”.
The CSIRT released that the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key to the car, manipulates these signals, and re-sends them later to unlock the car at will.
Adinde quoted the CSIRT as saying: “Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,”
“However, when affected, the only mitigation is to reset your key fob at the dealership. The affected car manufacturer may provide a security mechanism that generates fresh codes for each authentication request, this makes it difficult for an attacker to replay the codes thereafter”.
The commission also advised car users to store their key fobs in signal-blocking’s Faraday pouches’ when not in use.
It cautioned car owners, especially of Honda and Acura models to choose Passive Keyless Entry, PKE, as opposed to Remote Keyless Entry RKE, to make it harder for an attacker to read the signal because criminals would need to be at close proximity to carry out their nefarious acts.
The PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit. The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.