Tag Archive for: car

NCC warns against car hackers, lists ways to stop them

/in


The Nigerian Communications Commission (NCC), in a statement signed by Dr. Ikechukwu Adinde Director, Public Affairs, has said that there is an ongoing cyber-vulnerability system that gives nearby hackers leeway to unlock vehicles, start their engines wirelessly and steal cars.

According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

The fact that car remotes are categorised as short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car.

NCC says in the statement

With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

NCC warns against car hackers
NCC warns against car hackers (PHOTO: Wardsauto)

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the advisory stated.

How to stop the hackers

NCC warns against car hackers

The NCC-CSIRT, in the advisory, has offered some precautionary measures or solutions that can be adopted by car owners to prevent falling victim to the attack.

When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter. Additionally, vulnerable car…

Source…

Car hack attacks: It’s about data theft, not demolition

/in


We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Cars flying off cliffs. Panicked drivers unable to stop their vehicles as they speed through red lights. It’s the stuff of movie fantasies, a Hollywood notion of hacking the software of modern automobiles. 

But while cars careening out of control make for good box office, the reality of hackers breaking into cars and automakers’ networks is much more mundane and more of a real threat than anything Hollywood has depicted.

Hacked cars IRL

Earlier this year, for example, a security researcher in Germany managed to get full remote access to more than 25 Tesla electric vehicles around the world. A security flaw in the web dashboard of the EVs left them wide open to attacks. (The researcher warned Tesla, and the software has since been patched.) 

Worse, in 2020, a ransomware attack against Honda forced the automaker to temporarily halt production on some plants in Europe and Japan. It’s more likely that this attack came through Honda’s IT infrastructure rather than its connected cars, but Honda never disclosed which road was taken. Ultimately, it doesn’t matter, as both are now inextricably connected.

In both cases, the danger wasn’t turning off headlights or disabling the brakes. The real target was getting access to all the data that cars and automakers now collect. 

Automakers put a premium on safety and have spent decades trying to reduce accidents. They’ve also gotten better at physically separating a vehicle’s internet connectivity from the driving of a car. But the likelihood of Hollywood scenarios where consumer vehicles are turned into remote-controlled cars is low and distracts from security risks nearly all consumers with connected cars face: harvesting their data.

Hackers want your data, not your life

From location information, to credit card data in connected apps, to bank account balances, cars are now a rolling repository of critical digital information. With Amazon’s Alexa, Google’s Assistant and Apple’s Siri ready to shop…

Source…

Beware, Hackers Can Steal Your Car Through Radio Frequency, NCC Warns Nigerians

/in


Hackers have now found a means to compromise the security of vehicles by unlocking and starting their engines wirelessly with the intention of stealing.

The Nigerian Communications Commission (NCC) disclosed this on Sunday to alert Nigerians on the ongoing cyber-vulnerability.

The regulator explained that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock, hence hackers take advantage to unlock and start a compromised car.

The Computer Security Incident Response Team of the NCC, said, “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

“With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.”

It said that the attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.”

Advising the public, the NCC provided some precautionary measures that can be adopted by car owners to prevent falling victim to the attack.

The NCC said, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.

“Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity…

Source…

AUTO Connected Car News’ Connected Car History and Timeline

/in


We at AUTO Connected Car News are fortunate to see the history of connected cars in action. It all started with the desire to help save lives and has grown into making many valuable connections for drivers and automakers.

AUTO Connected Car News’ History of Connected Cars

In the late 1990’s cars began to be connected wirelessly to other sources primarily for safety. At first cars were equipped with cellular connections for emergency notifications. Starting in the new millennium connections increased for safety, convenience, remote features and ultimately connecting to smartphones. In this decade starting in 2010, increased connectivity opened up opportunities for advanced safety driving features, parking/summon apps, self-driving, remote functions, and vulnerabilities for hackers.

The Early Years, The Late 1990’s

In the early years of telematics’ connected car services, the features were primarily for notifications of crashes to emergency responders, locating the vehicle and roadside assistance.

1996 The analog cellular OnStar system was announced. When air bags deploy, they system connects to an OnStar Advisor who relays the information to emergency responders.

1997 Mercedes-Benz introduced the first wireless key fob, called, Key-less Go” for the 1998 W220 S Class.

1997 BMW launched BMW Assist telematics services.

1998 GM improved the OnStar service with factory installed models that allow for hands -free calling and voice recognition.

1999 Mercedes-Benz launches Tele Aid telematics program with emergency response roadside assistance and locating of stolen vehicles.

The 2000’s

In this decade services that are launched include diagnostics, advanced navigation, web connections, stolen vehicle slow-down and smartphone apps with limited remote features.

2000 TeleAid on the Mercedes-Benz model S features remote door unlock.

2001 OnStar began providing real-time traffic information and remote door unlock with its fourth generation with close to 8 million interactions.

2001 Remote diagnostics hardware for autos launched by Continental.

2003 OnStar GM Goodwrench remote diagnostic service becomes available.

2003 Continental offers devices for vehicle health and…

Source…