NCC uncovers hackers’ new ploy to unlock, steal vehicles in Nigeria

The Nigerian Communications Commission (NCC) has alerted telecom consumers and public members on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly, and make away with them.
This is contained in the latest advisory released by the Computer Security Incident Response Team (CSIRT) established by the NCC and shared by the commission’s spokesperson, Ikechukwu Adinde.
“The fact that car remotes were categorised as short-range devices that use Radio Frequency (RF) to lock and unlock cars informed the need to alert Nigerians on this emergent danger.
“The vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car.
“It manipulates these signals and resends them later to unlock the car at will,” it stated.
The advisory stated that the latest cyber-attack gives room for easy manipulation of captured commands and re-transmitting them to achieve a different outcome altogether.
The commission’s spokesperson, however, said that the NCC-CSIRT, in the advisory, had offered some preventive measures or solutions that car owners could adopt to prevent falling victim.
According to the cyber-alert unit of the commission, when affected, the only mitigation is to reset your key fob at the dealership.
“Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.”
He advised car owners in these categories to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal because criminals would need to be at close range to carry out their nefarious acts.
In a related advisory, he said that the NCC, based on another detection by CSIRT, wishes to inform the general public about the resurgence of Joker Trojan-Infected Android Apps on the Google Play Store.
“This arose due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then upload the app back to the Play Store with a new name.
“The malicious payload is only activated once the apps go live on the Play Store, enabling the apps to scale through Google’s strict evaluation process.”
According to the advisory, the apps request for permissions and once granted, have access to critical functions.
“As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware,” he said.
Mr Adinde said that the app could click on online ads automatically and even use SMS One-Time Password (OTPs) to approve payments without checking bank statements secretly.
The NCC also advised telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinised by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions.
(NAN)
We have recently deactivated our website's comment provider in favour of other channels of distribution and commentary. We encourage you to join the conversation on our stories via our Facebook, Twitter and other social media pages.
More from Peoples Gazette

Agriculture
FG tasks ECOWAS on leveraging financing strategies for agroecology
The federal government has urged stakeholders in the agriculture and finance sectors in the West Africa region to leverage financing strategies to enhance agroecology practices

Politics
Katsina youths pledge to deliver over 2 million votes to Atiku
“Katsina State is Atiku’s political base because it is his second home.”

Heading 1
20,000 pigs killed in Canada wildland fires
The fire incident at the farm occurred as 200 separate wildfires were burning across different parts of Ontario, prompting evacuation of residents.

States
Court remands Anambra teenager over alleged defilement
The teenager faces a one-count charge of defilement.

States
Yobe woos 50 foreign, local investorsÂ
Mr Chikaji said, “Yobe is open for business, not just in aspiration but in practice.”

Opinion
Azu Ishiekwene: Shettima’s final test
Vice-President Kashim Shettima cannot be blamed for having doubts about whether President Bola Ahmed Tinubu would renominate him as his running mate for a second term.

Anti-Corruption
Presidency memo justifies Gbajabiamila’s role in NUPRC N54 billion revenue controversy
But the memo defended the chief of staff, asserting that Mr Gbajabiamila was acting under Mr Tinubu’s orders.

World
UN says over 500 Rohingya refugees feared dead after two ships sink off Myanmar coast
A second boat, reportedly carrying about 280 people, is believed to have sunk off Myanmar’s Ayeyarwady coast on July 8.





