Tag Archive for: Nigerians

Beware, Hackers Can Steal Your Car Through Radio Frequency, NCC Warns Nigerians

/in


Hackers have now found a means to compromise the security of vehicles by unlocking and starting their engines wirelessly with the intention of stealing.

The Nigerian Communications Commission (NCC) disclosed this on Sunday to alert Nigerians on the ongoing cyber-vulnerability.

The regulator explained that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock, hence hackers take advantage to unlock and start a compromised car.

The Computer Security Incident Response Team of the NCC, said, “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

“With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.”

It said that the attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.”

Advising the public, the NCC provided some precautionary measures that can be adopted by car owners to prevent falling victim to the attack.

The NCC said, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.

“Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity…

Source…

Warning to Nigerians: Avoid clicking links sent through SMS, malware in circulation, NCC says

/in


  • Nigerians have been asked not to click on any link sent through SMS because it can contain a terrible virus
  • According to the Nigerian Communications Commission (NCC), the virus infects Android mobile devices
  • Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages

The Nigerian Communications Commission (NCC) has warned the public of TangleBot, a new virus infecting Android mobile devices through short messaging service (SMS).

This was disclosed in a statement issued on Saturday by Ikechukwu Adinde, NCC spokesman, following a recent security advisory made available to the commission by the Nigeria Computer Emergency Response Team (ngCERT).

Avoid clicking links sent through SMS, malware in circulation, NCC says
NCC asks Nigerians to avoid clicking links sent through SMS. Photo: NCC
Source: Facebook

Some of the messages with the link to the malware are said to contain information on COVID vaccination and power outages.

“The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information,” the statement reads.

Read also

Stop charging your phone in public places, ‘Yahoo boys’ can hack into your phones NCC warns Nigerians

Do you have a groundbreaking story you would like us to publish? Please reach us through [email protected]!

“Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

“The immediate consequence to this, is that the malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.”

The NCC added that the malware takes control of the targeted device, including access to banking data.

“In order to ensure maximum protection for Internet users in the country, the ngCERT has offered a number of preventive measures to be taken by the consumers. These measures include an advisory to telecom consumers and other Internet users to refrain…

Source…

How digital loan providers breach data privacy, violate rights of Nigerians

/in


In July, Piye Garuba needed N10,000 for an important task. So when he saw 9Credit, an online platform, offering short-term loans, he grabbed the offer.

The 31-year-old Abuja-based lawyer was elated when the approval of his loan request arrived shortly after filling, on the app, the Know Your Customer (KYC) form with necessary details such as his Bank Verification Number (BVN).

Little did Mr Piye know that it was the beginning of a relationship that would turn sour.

After repaying the initial N10,000 with an additional 20 per cent, being the interest for seven days, Mr Garba turned to 9credit for another loan. He repeated the cycle until the eleventh time when he defaulted.

“When I defaulted, that was sometimes at the end of August, I began to receive multiple text messages from different sources saying they are Recovery Agents from 9Credit. The agents kept sending threatening messages to all my contact lists including my wife, colleagues, mother-in-law and uncles,” said Mr Garba.

“The harassment went further with several threats and curses. Also, using all manners of offensive adjectives like “Chronic and Unremorseful Debtor” some of the text messages stated that I had been declared ‘wanted.”

Mr Garuba said despite the insults and embarrassment to him and members of his family, he was not bitter because he understood that he had breached an agreement by not paying up when due.

A Defamatory text message sent to Mr Garuba's wife from 9Credit
A Defamatory text message sent to Mr Garuba’s wife from 9Credit

“It was my fault because I defaulted and it was for a reason because I was going through a tough time. And not that I wasn’t going to pay, or that I had ulterior motives to run away with their money.”

The legal practitioner eventually sometime early in September made attempts to repay the loan on the app but was unsuccessful. He then decided to make a direct bank transfer to the money-lending platform’s bank account.

Screenshot of another threatening message sent to Mr. Garuba
Screenshot of another threatening message sent to Mr. Garuba

“I began to experience trouble with the app so I wasn’t able to pay up at the initial time. After trying several times without success, and whereas there was this particular agent who had been calling me for…

Source…

New malware, AbstractEmu attacking, destroying Android phones – NCC warns Nigerians

/in


The Nigerian Communications Commission (NCC) has warned telecom consumers and the general public of a new Android malware that has been discovered.

According to the Commission, the malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection.

In a statement made available to DAILY POST by Ikechukwu Adinde, the NCC Spokesman, said that this discovery was announced recently by the Nigerian Computer Emergency Response Team (ngCERT), the national agency established by the Federal Government to manage the risks of cyber threats in Nigeria, which also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria

AbstractEmu, the NCC said has been found to be distributed via Google Play Store and third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure.

The advisory stated that a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps have been reported to contain the rooting functionality of the malware.

The apps are said to have been prominently distributed via third-party stores such as the Amazon Appstore and the Samsung Galaxy Store, as well as other lesser-known marketplaces like Aptoide and APKPure. The apps include All Passwords, Anti-ads Browser, Data Saver, Lite Launcher, My Phone, Night Light and Phone Plus, among others.

According to the report, rooting malware although rare, is very dangerous. By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant itself dangerous permissions or install additional malware – steps that would normally require user interaction. Elevated privileges also give the malware access to other apps’ sensitive data, something not possible under normal circumstances.

The ngCERT advisory also captured the consequences of making their devices susceptible to AbstractEmu attacks. Once installed, the attack chain is…

Source…