NCC warns car owners of new hacking… Says Honda, Acura more easy

Please share

By Favour Nnabugwu



The Nigerian Communications Commission, NCC, has warned car owners in country to cautious of new hacking methods that open car doors and start engines without keys. 

The commission said owners of Honda and Acura car models are more susceptible to this attack. 

The warning contained in the discoveries by the Computer Security Incident Response Team, CSIRT, a cyber security centre established for the telecom sector by the NCC. 

Part of the centre’s report, released by the commission’s Director Public Affairs, Dr Ikechukwu Adinde, alerted telecom consumers and members of the public, particularly, car owners on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.

According to him “”The CSIRT discovered that because car remotes are categorized as short-range devices that make use of radio frequency, RF, to lock and unlock cars, there are immediate dangers in a new hacking method which see hackers take advantage to unlock and start a compromised car”. 

The CSIRT released that the vulnerability is a Man-in-the-Middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key to the car, manipulates these signals, and resends them later to unlock the car at will. 

 Adinde quoted the CSIRT as saying: “Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” 

“However, when affected, the only mitigation is to reset your key fob at the dealership. The affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to replay the codes thereafter”. 

The commission also advised car users to store their key fobs in signal-blocking ’Faraday pouches’ when not in use. 

It cautioned car owners, especially of Honda and Acura models  to choose Passive Keyless Entry, PKE, as opposed to Remote Keyless Entry RKE, to make it harder for an attacker to read the signal because criminals would need to be at close proximity to carry out their nefarious acts. 

The PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit. The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *