Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Cybersecurity experts alert car owners to new hacking methods | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The evolving technological world is dynamic. While some people create solutions, there are others trying to exploit the vulnerability in the solution created to create a different problem.

Automobile thieves seem to be making desperate efforts to stay ahead of technological advancements created to beat them. From the days of smashing car windows to gain access or hotwiring a vehicle to steal it, automobile robbers graduated to hacking a vehicle using computer codes.

Car hacking is done by accessing a car’s computer systems through software such as CAN bus, Bluetooth pairing, or via physical access to connectors and ports.

However, when hacking became widespread, experts recommended car trackers, to trace and retrieve stolen vehicles.

But the bad men are constantly trying to beat advancing technology. With modern technology, the hackers have devised methods such as carjacking, jamming, cloning key fobs, defeating immobilisers and scanners to steal automobiles.

Researcher project that in the near future, motorists may have to worry about their the possibility of their vehicles being remotely hijacked and driven to specific locations by hackers and robbed of their vehicles.

When trackers were recommended, car owners heaved a sigh of relief. However, this won’t last for a long time as hackers have also identified a vulnerability in trackers, which they now use negatively to their advantage.

In a recent report by Forbes, a weakness has been detected in the tracking system of modern cars, which enables hackers to gain access to a car owner’s cellphones to steal their data.

What is bewildering is that fact that the technology that makes it possible for the hackers to do this is exactly what security agencies are using to check car theft through hacking.

According to the report, these are same technologies that security agencies are regularly exploiting in the United States, with immigration and police investing more in tools to extract mass data — from passwords to location — from as many as 10,000 different car models.

The report stated that the latest hacking was due to cars’ shared telematics system which records speed, brakes and door use data — created by SiriusXM, according to a cybersecurity specialist, Sam Curry.

Curry noted that the only data he needed to hack a car was the car’s identification number, known as a VIN, which is easily retrievable from a windshield on a lot of car models.

Using what the specialist called a computer programme, he could take the VIN number and send it to a SiriusXM server as a kind of fake identification, tricking the programme into believing he is the owner.

The programme would then ask SiriusXM to pull the personal data stored in the car, turn on the ignition or perform other functions.

Recently, the Nigeria Communications Commission warned Nigerians to be wary of potential car hacking.

The statement reads, “According to the latest advisory released by the Computer Security Incident Response Team, the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a man-in-the-middle attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

“With this latest type of cyber attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether. “Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.’’

The NCC noted that the fact that car remotes are categorised as short-range devices makes the use of radio frequency to lock and unlock cars possible.

It said it was important that members of the public be informed about this new trend, which hackers exploit to unlock and start a compromised car.

A cybersecurity expert, Toyyib Alarape, speaking to Sunday PUNCH on the development, noted that as the world advances, every single technological development would be endangered because there are always weak points to exploit.

He said, “When trackers were invented, it was to solve a problem. However, this solution has become another problem in its entirety, posing a threat to car owners. The  way the technology world is built, there’ll always be a bug in solutions that can be easily exploited by superior programmers.

“I’m glad that we do not have this yet in Nigeria where trackers are now hacked, but the sad reality is that we would be having it in no time and there is more risk than in normal hacking because this time, the user’s data are stolen, like the research stated. We have to start working on solutions to combat this.”

Alarape explained that it was important for companies to start working on a possible solution to ensure that user’s data like VIN, which could be exploited, are kept safe.

“A vulnerability was what made it possible to target the VIN. Cybersecurity personnel  should not be left alone to battle this; automobile manufacturers also have to try and ensure that they are up-to-date.

“If that bug that made the VIN and trackers targeted are worked on by building even complex solutions, then we would have a chance. Also, car owners should start ensuring that they use other means to secure their vehicles because while we think about a solution, criminals are thinking about a hundred ways to bypass that solution.”

Another cybersecurity expert, Timothy Avele, said the new develoment calls for more vigilance on the part of vehicle owners.

He explained that the major weakness in vehicle security is the connectivity to the Internet, especially through a vehicle owner’s mobile phone. He said the risk was more where car owners use insecure WiFi.

He said, “Car owners should never use their vehicle’s web browser, avoid downloading third-party software for vehicle diagnostics, especially when such software requires Internet connectivity. Always update your infotainment system software by downloading from the manufacturer’s website into a USB and plugging it into your vehicle to update. Never store your personal information on your infotainment system GPS. It’s strongly recommended that you install a standalone GPS tracker for your vehicle.

“Above all, connecting your phone to your vehicle infotainment system through WiFi is the surest means to get your vehicle hacked. Try to limit or avoid it. But if you must, then use a  phone that doesn’t have your details to connect to your vehicle infotainment system. It should be solely for the vehicle usage and ensure to use  multiple authentication tools.”

He added that without Internet and WiFi connections, no hacking could ever take place.


Click Here For The Original Story From This Source.

National Cyber Security