Rob Wood

This article discusses the security concerns which must be taken into account whenever designing an embedded system. Failure to account for these security concerns in the system’s threat model can lead to a compromise of the most sensitive data within. Memory is a crucial part of any computer subsystem. The…

Editor’s note: This piece was originally published by embedded.com There’s no shortage of companies that need help configuring devices securely, or vendors seeking to remediate vulnerabilities. But from our vantage point at NCC Group, we mostly see devices when working directly with OEMs confronting security issues in their products —…

Background For some time there has been a growing movement amongst consumers who wish to repair their own devices in a cost effective manner, motivated to reduce their expenses, and reduce e-waste. This is becoming ever more difficult to achieve as devices reach ever higher levels of complexity, and include…

The complexities of the heavy truck ecosystem poses challenges to the security of the ECU networks contained within the vehicles. This paper describes some of the major sources of complexity, and how each can be addressed to design and implement a secure robust ECU provisioning system. Such a system is…

For those who have not attended previously, Hardwear.io is a technical conference focused on hardware security. While the conference is only in their 4th year, both the training and speakers have been world-class since its inception, and its success is obvious; it has expanded to a twice-a-year format, and even…

The following work was provided by Keegan Ryan, an NCC Group consultant. This past January, I ordered a new TV. Since I was concerned about how an Internet-connected TV has the potential to be hacked, I wanted the simplest device I could find. I didn’t need anything fancy: no Internet…

By now most people have seen the three Bloomberg articles detailing the alleged conspiracy to install back-doors on servers assembled by SuperMicro via a tiny microchip. There are plenty of great takes already (1, 2, 3, 4, 5, 6, 7). Supply chain attacks are not new, nor are those using hardware implants. But this is high profile, alleged to be government perpetrated, and affects a large…