Andy Davis

NCC Group's Transport Security Practice has co-authored with the Surrey Center for Cyber Security and the Surrey Space Center a new paper titled 'Cyber security in New Space'. It provides analysis of the threats, challenges and key technologies related to the satellite industry.

The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created eight key principles of cyber security for connected and autonomous vehicles. The guidance has been produced in response to the large (and growing) attack surface presented by connected and autonomous vehicle technology, as…

Vehicle emissions and cyber security Recently Volkswagen admitted to installing “defeat devices” (software that manipulates the level of emissions of gases such as nitrogen oxide (NOx) from their vehicles during regulatory testing) in millions of its diesel cars. However, excessive levels of NOx are not the only concerning emissions from many of today’s…

Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making…

In a report [1] by US TV show “60 Minutes” about DARPA [2] and the Internet of Things, the Department of Defence has shown that it can hack the General Motors OnStar [3] system to remotely control a last-generation Chevrolet Impala. DARPA has been investigating the cyber security of vehicle systems and…

NCC Group has the largest commercial security assessment team in the world, and so we have significant exposure to technologies across every sector. Therefore, we have decided to start a series of whitepapers, drawing from our experience, which will provide Research Insight into a selection of these technologies and sectors,…

Introduction Since the BadUSB talk [1] by Karsten Nohl and Jakob Lell at Black Hat USA in August there has been much discussion about the implications of this class of USB attack. The discussions gained additional momentum when Adam Caudill and Brandon Wilson investigated the attack further and publicly released…

Laptop docking stations are widely used in organisations, often in hot-desking environments. They provide a neat connectivity solution for workers who are semi-mobile and therefore use laptops rather than desktop PCs. However, laptop docks are an attractive target for an attacker. They have access to the network, to all the…

USB hosts are everywhere – laptops, TVs, tablets, car infotainment systems, even aeroplane seat-backs. All of these hosts need to understand the capabilities of devices that are connected to them – a process is known as enumeration. It is basically a conversation between the device and the host upon insertion…