Nigeria’s Communications Commission (NCC) published a warning yesterday advising drivers in the West African country to beware of a new cybercrime method being used by hackers where car doors can be opened and vehicles can be started without keys, all done remotely while the criminals hide nearby.
According to the NCC, owners of Honda and Acura-model vehicles are the most susceptible to these kinds of new attacks.
The NCC discovered these new grand theft auto methods via investigations made by the Computer Security Incident Response Team (CSIRT), a cybersecurity body established to protect the country’s telecom sector by the NCC.
According to CSIRT’s report, released to the media by Dr Ikechukwu Adinde, Director Public Affairs at the NCC, there is an existing cyber-vulnerability with certain makes of vehicles that allows hackers to remotely unlock vehicles, start their engines wirelessly and then steal the cars. The only requirement is that the hackers be nearby the vehicles to allow the process to take place.
“CSIRT discovered that because car remotes are categorised as short-range devices that make use of radiofrequency to lock and unlock cars, there are immediate dangers in a new hacking method which sees hackers take advantage to unlock and start a compromised car,” said Adinde, quoted by Vanguard Nigeria.
According to CSIRT’s report, the cybercrime attack is what is known as a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts the radio signal used by car remotes and manipulates the signal in order for the criminal to remotely unlock the car at a later time – like when the owner has lost sight of the vehicle – and gain access.
Some vehicles are more susceptible to these attacks than others, such as certain Honda or Acura models which can be started without ignition keys. These model vehicles can have their engines started wirelessly using the same reply attack method. By the time the owner returns, their car has vanished with no broken glass or alarm bells to tell the owner of what occurred.
“The attack consists of a threat actor capturing the radiofrequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” Adinde quotes the CSIRT report.
“However, when affected, the only mitigation is to reset your key fob at the dealership. The affected car manufacturer may provide a security mechanism that generates fresh codes for each authentication request, this makes it difficult for an attacker to replay the codes thereafter,” Adinde further explained.
The NCC advises owners, especially of Honda and Acura models, to store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.
Another method these owners can take to protect their vehicles from theft is to change their entry systems from Remote Keyless Entry (RKE) to Passive Keyless Entry (PKE), which makes it more difficult for an attacker to manipulate the signal because the cybercriminals would need to be in much closer proximity to carry out the deed, like beside the car.
A PKE is an automatic security system for cars in which the car opens automatically when the owner of the vehicle comes within close enough proximity – unlocking the doors on approach or when a handle is pulled and locking when the owner walks away.