Vulnerabilty in Honda and Acura Could Grant Hackers Access Control
The Nigerian Communications Commission (NCC) said in a report that “the vulnerability of Honda and Acura cars is liable to unauthorized access by hackers due to their wireless engine”.
On Sunday, the commission alerted consumers and members of the public to the possibility of an attack on cars as hackers could easily gain access control of them. The said regulator affirmed that it would be hard to detect affected cars due to their engine models but maintained that Honda and Acura are likely to be targeted.
It was recently discovered by the Computer Security Incident Response Team (CSIRT), a cybersecurity center, that such offensives are made by these hackers who deploy the Man-in-the-Middle (MitM) attack.
With these tools set in place, the attackers can intercept between Radio Frequency (RF) signals normally sent from a remote key fob to the car, change the signal and send it again to unlock the car.
With the aid of radiofrequency to lock and unlock cars rapidly without the authorization or authentication of the users, the threat actors has become spontaneously sporadic to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.
Multi-Factor Authentication Could Prevent Exploitation by Hackers
Car manufacturers are implored to provide multi-factor security authentication before the cars can be accessed and security mechanisms to signal or alert the car owner of any malicious attack. Authentication codes should automatically be changed for each request to make it difficult for attackers to replay the code.
Generally, remote cars grouped into short-range devices make use of radiofrequency for daily operation. In a statement issued by NCC Director of Public Affairs, Dr. Ikechukwu Adinde explained that when affected, the only mitigation, according to the cyber-alert unit, was to reset the key fob at the dealership.
Passive Keyless Entry (PKE) is advisable to be used by car owners as it has a high-security level as opposed to Remote Keyless Entry (RKE) to reduce the nefarious act by the criminals.