The Nigerian Communications Commission (NCC) has alerted owners of some Honda and Acura car models of how hackers have devised means of starting their engines wirelessly.
According to Dr. Ikechukwu Adinde, NCC Director, Public Affairs, research has exposed a vulnerability used by nearby attackers to unlock these vehicles.
Adinde said the vulnerability is a Man-in-the-Middle (MitM) attack or a replay attack in which an attacker intercepts the Radio Frequency (RF) signals normally sent from a remote key fob to the car, manipulates the signals, and re-sends them later to unlock the car at will.
“The fact that car remotes are categorized as short-range devices that make use of radio frequency to lock and unlock cars informed the need for the Commission to alert the public on this emergent danger, where hackers take advantage to unlock and start a compromised car. With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether,” he said in a statement.
The statement added that the attack consists of a threat actor capturing the radio frequency signals sent from the key fob to the car and resending the signals to take control of the car’s remote keyless entry system.
“When affected, the only mitigation according to cyber-alert unit is to reset the key fob at the dealership. The affected car manufacturer may also provide a security mechanism that generate fresh codes for each authentication request, which makes it difficult for an attacker to ‘replay’ the codes thereafter,” NCC said.
