Connect with us

Headline

NCC Alerts Nigerians On New Ways Hackers Unlock, Steal Vehicle, Android Apps

Published

on

The Nigerian Communications Commission (NCC) says it wishes to alert telecom consumers and members of the public on an ongoing cyber-vulnerability that allows a nearby hacker to unlock vehicles, start their engines wirelessly and make away with the cars.

It said that the fact that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this danger, where hackers take advantage to unlock and start a compromised car.

According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the Cybersecurity Centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack, in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

Advertisement

READ ALSO: 5G: Exciting Opportunities Await Firms, Digitally-inclined Nigerians – NCC

The Commission said that with this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.

“The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the advisory stated emphatically.

Advertisement

However, the NCC-CSIRT, in the advisory, has offered some precautionary measures that could be adopted by car owners to prevent falling victim to the attack.

According to the cyber-alert unit of the Commission, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.”

It said that vulnerable car users should store their key fobs in signal-blocking ’Faraday pouches’ when not in use.

Importantly, the Commission said that car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity to carry out their nefarious acts.

Advertisement

READ ALSO: NCC Discovers New Ways Hackers Steal Banking Details From Phone, Warns Nigerians

It explained that the PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.

The RKE system, according to the Commission, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

Additionally, in a related advisory, the NCC, based on another detection by CSIRT, informed the general public about the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

Advertisement

This arose due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then uploading the app back to the Play Store with a new name.

It said that the malicious payload is only activated once the apps goes live on the Play Store, which enables the apps to scale through Google’s strict evaluation process.

Once installed, these apps request for permissions that once granted, enable the apps to have access to critical functions such as text messages and notifications.

As a consequence, it explained further that a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist. A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware.

Advertisement

“It can click on online ads automatically and even use SMS One Time password (OTPs) to secretly approve payments. Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible,” the Commission said.

It warned that to avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users must avoid downloading unnecessary apps or installing apps from unofficial sources.

READ ALSO: NCC Alerts Nigerians On Flubot Malware, Lists Measures To Guard Against Attack

The NCC also said it wishes to advise telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinized by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions.

Advertisement

The NCC recommended that unauthorised transactions be checked against any installed app, DAILY POST reports.

Indeed, any apps not in use should be deleted while users are also advised to ensure that a device is always patched and updated to the latest software,” the Commission said in a statement signed by Dr. Ikechukwu Adinde, its Director of Public Affairs.

Advertisement

Headline

Five-year-old Boy Shot Dead By Hijackers In South Africa

Published

on

By

A 5-year-old boy, Ditebogo Junior, was shot dead after his father’s Toyota Hilux was hijacked outside their home in Soshanguve, in the north of Gauteng, South Africa.

Police spokesperson, Lt-Col Mavela Masondo said that the child had gone out to welcome his father, Ditebogo Phalane, when he arrived home around 10:30pm on Friday, May 10, 2024.

An unconfirmed number of armed suspects allegedly hijacked the father’s White Toyota bakkie and shot the five-year-old boy who later died in hospital,” Masondo said.

Advertisement

READ ALSO: Why Tinubu Didn’t Intervene In Ganduje’s Troubles – APC Leaders

Phalane’s cousin, Gift Makoti took to X to share the heartbreaking news about the boy’s passing.

My cousin was Hijacked hours ago in Soshanguve block Uu, they took his Bakkie. He was with his son, they shot the 5yr old boy!! He didn’t make it!! What has this country come to now!!!!!???! That’s a CHILD man!!!!!!” he wrote

He posted photos of the young boy, Ditebogo Phalane Jnr, with his father smiling and looking happy. He said that the boy’s father was inconsolable.

Advertisement

READ ALSO: Customs Intercepts N10m Worth Petrol En Route Cameroon Illegally

“He and his son had a strong bond. His son was always out and about with him, keeping him company. I don’t know how he is going to live without his son,” he said

The tragic incident has left social media users shocked and angry.

Many have made contributions to help erect a tombstone for the boy.

Advertisement

 

Continue Reading

Headline

American Comedian, James Gregory Is Dead

Published

on

By

American comedian, James Gregory, known for calling himself “The Funniest Man in America” has passed on at the age of 78.

Gregory’s family said he died on Thursday, May 9, from cardiac complications.

James took up comedy in the early ’80s when he was 36 after years of working as a salesman, and, he became the first comedian to take the stage at the legendary Punchline club in Atlanta.

Advertisement

READ ALSO: Obasanjo To Adeleke: Keep The Dancing Spirit, Deliver On Infrastructure

While he was known as a Southern comedian, he traveled all across the country performing shows for the next four decades.

His biggest claim to fame came when he dubbed himself “The Funniest Man in America” in the ’80s, and, later he took the URL domain “funniestman.com”, cementing himself in his fans’ minds as the funniest man.

He is survived by his three nieces and other extended family.

Advertisement

Continue Reading

Headline

JUST-IN: 34 Dead, 16 Missing In Indonesia Floods

Published

on

By

At least 34 people have died and 16 more were missing after floods on Sumatra island in western Indonesia, the spokesperson for the West Sumatra disaster mitigation agency said Sunday.

READ ALSO: Hundreds Rescued After Flooding In Australia

“Until now our data shows that 34 people died: 16 in Agam and 18 in Tanah Datar. At least 18 others are injured. We are also still searching for 16 other people,” Ilham Wahab told AFP, referring to two districts in West Sumatra province.

Advertisement

Details later…

AFP

Advertisement
Continue Reading

Trending

Exit mobile version