Hackers Can Now Steal Cars Remotely Says CSIRT

Hackers Can Now Steal Cars Remotely Says CSIRT

Nigeria Communications Commission (NCC) issued a warning through CSIRT to drivers in the West African country yesterday, alerting them of a new cybercrime approach in which hackers can open car doors and start vehicles without keys, all while the criminals hide nearby.

Owners of Honda and Acura vehicles, according to the NCC, are the most vulnerable to these new attacks.

The Computer Security Incident Response Team (CSIRT), a cybersecurity agency established by the NCC to protect the country’s telecom sector, found these new grand theft auto tactics during investigations.

What CSIRT Report Contains

According to the CSIRT report, which was presented to the public by Dr. Ikechukwu Adinde, Director of Public Affairs at the NCC, some brands of automobiles have a cyber vulnerability that allows hackers to remotely unlock, start their engines wirelessly, and steal them. The only stipulation is that the hackers must be near the vehicles for the operation to work.

CSIRT revealed that because automobile remotes are classified as short-range devices that use radiofrequency to lock and unlock cars, there are imminent threats in a new hacking method,” stated Adinde, as quoted by Vanguard Nigeria.

According to the CSIRT report, the cybercrime is a “Man-in-the-Middle” attack, or a reply attack, in which a threat actor intercepts and manipulates the radio signal used by car remotes in order for the criminal to remotely unlock the car and gain access at a later time – such as when the owner has lost sight of the vehicle.

 

Read AlsoNCC Declares Deployment of Digital Infrastructure in Nigeria a Priority



Some vehicles, such as some Honda and Acura models that can be started without ignition keys, are more vulnerable to these attacks than others. The same reply attack method can be used to start the engines of these model vehicles wirelessly. When the owner returns, their automobile has vanished, leaving no smashed glass or alarm bells to alert them to the situation.

According to the CSIRT study, “the attack consists of a threat actor collecting the radiofrequency (RF) signals transferred from your key fob to the automobile and resending these signals to seize control of your car remote keyless entry system.”

 

What Car Owners Can Do To Protech Themselves From The Threat


However, the only way to avoid being affected is to have your key fob reset at the dealership.” “The impacted automobile manufacturer may implement a security mechanism that creates new codes for each authentication request, making it harder for an attacker to replay the codes afterward,” Adinde added.

When not in use, owners of Honda and Acura vehicles should place their key fobs in signal-blocking Faraday pouches, according to the NCC.

Another step these owners can take to protect their vehicles from theft is to switch their entry systems from Remote Keyless Entry (RKE) to Passive Keyless Entry (PKE), which makes it more difficult for cybercriminals to manipulate the signal because they have to be much closer to do so, such as beside the vehicle.

A PKE is a car security system that opens automatically when the owner of the vehicle approaches close enough, unlocking the doors on approach or when a handle is pulled, and shutting the doors when the owner walks away. 

The RKE system, on the other hand, is the industry standard for remotely locking and unlocking the doors and luggage compartment of a vehicle.