NCC issues car protection advisory
The Nigerian Communications Commission (NCC) has issued an advisory on car protection.
The Commission warned about the vulnerability of cars to wireless hacking.
According to the Commission, hackers can access and steal vehicles via radio frequency (RF) signals from remote key fobs used to lock and unlock vehicles.
The NCC however said it has established a Computer Security Incident Response Team (CSIRT) to respond to the threat, which it identified as a Man-in-the-Middle (MitM) attack exploiting a replay vulnerability.
The alert comes amid warnings that researches have disclosed the vulnerability, which was used to access specific Honda and Acura models.
Owners are advised to reset their key fobs at dealerships and keep them in signal-blocking Faraday pouches when not in use.
The NCC has suggested that car owners should choose Passive Keyless Entry (PKE) systems instead of Remote Keyless Entry (RKE) systems.
PKE automatically unlocks the doors when the user approaches the vehicle and locks them when they move away.
On the other hand, RKE is a traditional remote control system for locking and unlocking car doors.
The PKE system is more secure as attackers need to be in close proximity to execute their malicious activities.
Additionally, the NCC has issued a warning about the return of Android apps infected with the Joker Trojan on the Google Play Store.
Cybercriminals download valid apps, insert Trojan malware, and then modify their names before uploading them back onto the store.
These malicious apps become active once they are live on the Play Store, managing to bypass Google’s security evaluation process.
When installed, they request permission to access critical functions like notifications and text messages.
The Joker Trojan-Infected Android Apps are used to compromise devices and subscribe users to premium services, charging them for services that do not exist. These apps engage in SMS fraud, click on online ads without the owner’s knowledge, and secretly approve payments using SMS One Time Passwords. Additionally, the Trojan-infected apps can steal text messages, contacts, and other device data.
To avoid falling victim to these Trojan-infected apps, Android users should avoid downloading unnecessary apps, refrain from installing apps from unofficial sources, thoroughly scrutinize apps from the Google Play Store, read reviews and assess developers before installing, review terms of use, and grant only necessary permissions. Regularly checking for unauthorized transactions and deleting unused apps, as well as keeping devices up-to-date with the latest software patches, is crucial to maintaining security.
The NCC recommends that Nigerians be vigilant against cyber-attacks that enable car theft and Trojan-infected Android Apps. Following the recommended precautions and adopting secure practices will help individuals reduce the risk of falling victim to these cyber threats.
