Conference Talks – October 2020

This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia 2020 (Virtual - October 1 2020)Sanne Maasakkers, "Improve Security Awareness Campaigns by Applying Phishing Research," to be presented … Continue reading Conference Talks – October 2020

UK government cyber security guidelines for connected & autonomous vehicles

The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created eight key principles of cyber security for connected and autonomous vehicles. The guidance has been produced in response to the large (and growing) attack surface presented by connected and autonomous vehicle technology, as highlighted below: <image> The guidance … Continue reading UK government cyber security guidelines for connected & autonomous vehicles

The Automotive Threat Modeling Template

Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector. Considering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems … Continue reading The Automotive Threat Modeling Template

Building WiMap the Wi-Fi Mapping Drone

We've published a whitepaper about how we built WiMap, which is a Wi-Fi mapping drone.  The paper includes details of the methods used to create, from parts, a hexacopter capable of being controlled over 3/4G and equipped to perform wireless and infrastructure assessments. We’d love to hear your feedback. Download Whitepaper Published date:  17 February … Continue reading Building WiMap the Wi-Fi Mapping Drone

Drones: Detect, Identify, Intercept, and Hijack

Drones have become readily available and more affordable. They are quite easy to use now and gone are the days whereby stable flight relied on the dexterous skills of an experienced operator. With the addition of GPS positioning, a drone operator can program a flight path using point-and-click software and have it executed by the … Continue reading Drones: Detect, Identify, Intercept, and Hijack

Vehicle Emissions and Cyber Security

Vehicle emissions and cyber security Recently Volkswagen admitted to installing “defeat devices” (software that manipulates the level of emissions of gases such as nitrogen oxide (NOx) from their vehicles during regulatory testing) in millions of its diesel cars. However, excessive levels of NOx are not the only concerning emissions from many of today’s vehicles - as more and … Continue reading Vehicle Emissions and Cyber Security

Build Your Own Wi-Fi Mapping Drone Capability

This blog, as the name implies, discusses how I went about designing and building our initial Wi-Fi mapping drone capability (and you can too, hopefully). Before we begin, a brief disclaimer: we sought legal advice and complied with relevant laws. Before you embark on such a project, make sure you are aware of relevant laws … Continue reading Build Your Own Wi-Fi Mapping Drone Capability

Broadcasting your attack – DAB security

Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making phone calls, to viewing vehicle … Continue reading Broadcasting your attack – DAB security

DARPA OnStar Vulnerability Analysis

In a report [1] by US TV show “60 Minutes” about DARPA [2] and the Internet of Things, the Department of Defence has shown that it can hack the General Motors OnStar [3] system to remotely control a last-generation Chevrolet Impala. DARPA has been investigating the cyber security of vehicle systems and many other embedded devices in … Continue reading DARPA OnStar Vulnerability Analysis