20 years of research at NCC Group

News -

20 years of research at NCC Group

Over the years, research has formed a big part of NCC Group’s mission to make the world safer and more secure.

From format string vulnerabilities discovered in Windows 2000, and an exploration of quantum cryptography from 2003, to more recent deep dives into the worlds IoT and biometric security, our research has spanned almost every type of technology and their associated security issues.

Searching the archives

We’ve waded through the NCC Group research archives to put together an extensive overview of over 200 whitepapers and conference presentations we’ve delivered over the past 20 years.

While much of the research may not be so relevant anymore due to changes in technology landscapes and a maturation of the cyber security industry; the whitepapers and presentations chronicle much of the foundation of our industry, and at many times show the genesis of ideas and techniques, classes of vulnerability, methods of attack and defence, open source tooling and public reports on key Internet components, and much more. This research has helped our clients with their cyber security assurance needs, and has positively contributed to the security of the Internet as we all know and use it.

You can find a full round up over on our Research blog here.

2019 - 2020 - a year in review

And this last year has been no different – our global research teams have delivered valuable insights across a range of key themes and facets of modern society, including smart cities, connected health, AI and ML, 5G and telecoms, cryptography and many more.

We wanted to take a step back to review these research outputs and how the work of our global research teams is helping us to deliver on our mission.

Enterprise Printers

And what better way to kick off than with our enterprise printers research released and presented at a number of industry conferences last year.

While printers may not automatically come to mind when you think about IoT, the fact that they are embedded devices that connect to sensitive corporate networks should be a cause for concern, which is why our researchers decided to test six leading enterprise printers.

Over 35 vulnerabilities were discovered and ranged in severity, including the ability to launch denial of service attacks leading to the crash of printers, add backdoors within compromised printers to maintain attacker persistence on a network, as well as snoop on every print job sent to vulnerable printers and forward them to an external internet-based attacker.

This is just one facet of a landscape that is hugely complex, but many advancements are being made across the globe to improve IoT security standards which set out the responsibilities of the stakeholders involved in developing and putting these products to market.

Open source security

NCC Group is committed to working with the open source community to improve security. Last year, it was announced that we were joining the Open Source Security Coalition, otherwise known as the GitHub Security Lab. The coalition of global leaders was brought together to secure the world’s open source software, by improving vulnerability disclosure, creating large scale tooling to help identify vulnerabilities.

Since joining, we have dedicated 10% of our global research capacity to understand and resolve common issues in the open source community.

DeepFakes

At NCC Group, we are also committed to forming collaborations across the academia, standard bodies, B2B and consortia spaces. Our partnership with the University College London (UCL) saw us explore the world of DeepFakes.

This work resulted in an in-depth paper that delved into how the technology could be used and abused by adversaries in the near future, and how we can get ahead of the game by way of defensive measures, and the provision of guidance to legislation and regulation around the use of DeepFake technology.

Sniffle

In September last year, we released the world’s first open source sniffer for Bluetooth 5, Sniffle. Developed by Sultan Qasim Khan, it provides a reliable and easy to use sniffer that can greatly facilitate the development, debugging, testing, and reverse engineering of devices using Bluetooth 5 and 4.x LE.

But what does this mean? Put simply, it can help researchers understand how devices that have a Bluetooth connection could be compromised, and what needs to be done to ensure these issues are resolved.

Connected health

The healthcare landscape is constantly evolving – major advancements are happening every day, and technology has played a significant role in advancing this space, but what are the security implications of the innovations in this space?

Our whitepaper on connected health explores the security challenges that face the current and future landscape, as well the considerations required to deliver a Connected Health ecosystem that works for all in a secure and safe way.

A global blog dedicated to research

We launched our global research blog launched late last year, which houses all our research, talks, technical advisories and tools in one place.

Since the launch, the blog has built up a monthly readership in the thousands and we will continue to post a range of whitepapers, conference talks, technical advisories and tooling in the coming months.

Building on our capabilities

It’s been a great year of research across all of our focus areas and we’re looking forward to building our capabilities even further with some exciting research projects, partnerships and developments.

But for now head over to the blog if you’d like to read up on our research.

Subjects

Contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7976234970

Related media

Annual Research Report 2020
  • Annual Research Report 2020
  • License: All rights reserved
    The Content may only be used by Mynewsdesk. It is thus not permissible for anyone else to download, copy, distribute or otherwise use the Content (other than for private use to the extent permitted by law).
  • File format: .pdf
Not downloadable

Related content

Royalty-free stock photo ID: 1160793658

NCC Group named Authorized Lab by ioXt Alliance to enhance security standards in Internet of Things product development

​NCC Group has been named as an Authorized Lab by the ioXt Alliance, the Global Standard for IoT Security and the industry group dedicated to building confidence in Internet of Things products.

Shutterstock: Royalty-free stock vector ID: 558060373

NCC Group providing ongoing threat intelligence on F5 Networks vulnerability

​Last week, a new vulnerability which could allow remote compromise of F5 Networks BIG-IP networking devices was disclosed. In the days following the initial disclosure, NCC Group’s Research Intelligence Fusion Team (RIFT) has closely monitored the vulnerability – setting up a honeypot to learn more about the behavior of threat actors.

Shutterstock Royalty-free stock vector ID: 1095727148

NCC Group sponsors aviation security research project at Cranfield University

We’ve launched a research project with Cranfield University aimed at enhancing security across smart airports by identifying new approaches for detecting vulnerabilities and threats facing the aviation industry.

Building a secure future for smart cities

Building a secure future for smart cities

We’ve pooled our expertise to present 'A Blueprint for Secure Smart Cities’, exploring why security should be built into every individual component of a smart city from the start, and the importance of town planners being transparent about privacy and safety.

Royalty-free stock illustration ID: 1338342212

Online Casino Roulette: spinning the wheel of misfortune

In our latest research, we turn our attention to the online roulette industry with a useful guide for those who build, maintain and test online roulette systems, detailing different types of online roulette, their potential vulnerabilities and the ways to detect them.

NCC Group Annual Research Report

NCC Group Annual Research Report

We’ve published our 2020 Annual Research Report, summarizing our security research findings from across the nearly 200 conference publications, blog posts, and tool releases published by our researchers between January 1, 2020 and December 31, 2020.

Shutterstock ID: 1430528573

Exploring deepfake capabilities and mitigation strategies with University College London

In this research blog Matt Lewis, research director at NCC Group, gives an overview of his work exploring deepfake capabilities and mitigation strategies with University College London.

Royalty-free stock illustration ID: 1196754286

Research spotlight: Hardware and embedded systems

We recently published our annual research report – a look back at our work over the last year. In our follow up research spotlight series, we’re looking into some of the key areas in a little more detail – and in this instalment, we hear from Rob Wood, technical vice president at NCC Group, for more on our research into hardware and embedded systems.

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom
NCC Group customer website
NCC Group corporate website
NCC Group Cyberstore