UK government cyber security guidelines for connected & autonomous vehicles

The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created eight key principles of cyber security for connected and autonomous vehicles. The guidance has been produced in response to the large (and growing) attack surface presented by connected and autonomous vehicle technology, as highlighted below: <image> The guidance … Continue reading UK government cyber security guidelines for connected & autonomous vehicles

Vehicle Emissions and Cyber Security

Vehicle emissions and cyber security Recently Volkswagen admitted to installing “defeat devices” (software that manipulates the level of emissions of gases such as nitrogen oxide (NOx) from their vehicles during regulatory testing) in millions of its diesel cars. However, excessive levels of NOx are not the only concerning emissions from many of today’s vehicles - as more and … Continue reading Vehicle Emissions and Cyber Security

Broadcasting your attack – DAB security

Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making phone calls, to viewing vehicle … Continue reading Broadcasting your attack – DAB security

DARPA OnStar Vulnerability Analysis

In a report [1] by US TV show “60 Minutes” about DARPA [2] and the Internet of Things, the Department of Defence has shown that it can hack the General Motors OnStar [3] system to remotely control a last-generation Chevrolet Impala. DARPA has been investigating the cyber security of vehicle systems and many other embedded devices in … Continue reading DARPA OnStar Vulnerability Analysis

Launching the first in our series of Research Insights

NCC Group has the largest commercial security assessment team in the world, and so we have significant exposure to technologies across every sector. Therefore, we have decided to start a series of whitepapers, drawing from our experience, which will provide Research Insight into a selection of these technologies and sectors, highlighting some of the trends … Continue reading Launching the first in our series of Research Insights

Spy-Pi: Do you trust your laptop docking stations?

Laptop docking stations are widely used in organisations, often in hot-desking environments. They provide a neat connectivity solution for workers who are semi-mobile and therefore use laptops rather than desktop PCs. However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop, often … Continue reading Spy-Pi: Do you trust your laptop docking stations?

Lessons learned from 50 USB bugs

USB hosts are everywhere - laptops, TVs, tablets, car infotainment systems, even aeroplane seat-backs. All of these hosts need to understand the capabilities of devices that are connected to them - a process is known as enumeration. It is basically a conversation between the device and the host upon insertion to agree on what functionality … Continue reading Lessons learned from 50 USB bugs