NCC Group's Transport Security Practice has co-authored with the Surrey Center for Cyber Security and the Surrey Space Center a new paper titled 'Cyber security in New Space'. It provides analysis of the threats, challenges and key technologies related to the satellite industry.
The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created eight key principles of cyber security for connected and autonomous vehicles. The guidance has been produced in response to the large (and growing) attack surface presented by connected and autonomous vehicle technology, as highlighted below: <image> The guidance … Continue reading UK government cyber security guidelines for connected & autonomous vehicles
Vehicle emissions and cyber security Recently Volkswagen admitted to installing “defeat devices” (software that manipulates the level of emissions of gases such as nitrogen oxide (NOx) from their vehicles during regulatory testing) in millions of its diesel cars. However, excessive levels of NOx are not the only concerning emissions from many of today’s vehicles - as more and … Continue reading Vehicle Emissions and Cyber Security
Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making phone calls, to viewing vehicle … Continue reading Broadcasting your attack – DAB security
In a report  by US TV show “60 Minutes” about DARPA  and the Internet of Things, the Department of Defence has shown that it can hack the General Motors OnStar  system to remotely control a last-generation Chevrolet Impala. DARPA has been investigating the cyber security of vehicle systems and many other embedded devices in … Continue reading DARPA OnStar Vulnerability Analysis
NCC Group has the largest commercial security assessment team in the world, and so we have significant exposure to technologies across every sector. Therefore, we have decided to start a series of whitepapers, drawing from our experience, which will provide Research Insight into a selection of these technologies and sectors, highlighting some of the trends … Continue reading Launching the first in our series of Research Insights
Introduction Since the BadUSB talk  by Karsten Nohl and Jakob Lell at Black Hat USA in August there has been much discussion about the implications of this class of USB attack. The discussions gained additional momentum when Adam Caudill and Brandon Wilson investigated the attack further and publicly released working code  at the … Continue reading The facts about BadUSB
Laptop docking stations are widely used in organisations, often in hot-desking environments. They provide a neat connectivity solution for workers who are semi-mobile and therefore use laptops rather than desktop PCs. However, laptop docks are an attractive target for an attacker. They have access to the network, to all the ports on a laptop, often … Continue reading Spy-Pi: Do you trust your laptop docking stations?
USB hosts are everywhere - laptops, TVs, tablets, car infotainment systems, even aeroplane seat-backs. All of these hosts need to understand the capabilities of devices that are connected to them - a process is known as enumeration. It is basically a conversation between the device and the host upon insertion to agree on what functionality … Continue reading Lessons learned from 50 USB bugs