20 years of research at NCC Group

Over the years, research has formed a big part of NCC Group’s mission to make the world safer and more secure.

From format string vulnerabilities discovered in Windows 2000, and an exploration of quantum cryptography from 2003, to more recent deep dives into the worlds IoT and biometric security, our research has spanned almost every type of technology and their associated security issues.

Searching the archives

We’ve waded through the NCC Group research archives to put together an extensive overview of over 200 whitepapers and conference presentations we’ve delivered over the past 20 years.

While much of the research may not be so relevant anymore due to changes in technology landscapes and a maturation of the cyber security industry; the whitepapers and presentations chronicle much of the foundation of our industry, and at many times show the genesis of ideas and techniques, classes of vulnerability, methods of attack and defence, open source tooling and public reports on key Internet components, and much more. This research has helped our clients with their cyber security assurance needs, and has positively contributed to the security of the Internet as we all know and use it.

You can find a full round up over on our Research blog here.

2019 - 2020 - a year in review

And this last year has been no different – our global research teams have delivered valuable insights across a range of key themes and facets of modern society, including smart cities, connected health, AI and ML, 5G and telecoms, cryptography and many more.

We wanted to take a step back to review these research outputs and how the work of our global research teams is helping us to deliver on our mission.

Enterprise Printers

And what better way to kick off than with our enterprise printers research released and presented at a number of industry conferences last year.

While printers may not automatically come to mind when you think about IoT, the fact that they are embedded devices that connect to sensitive corporate networks should be a cause for concern, which is why our researchers decided to test six leading enterprise printers.

Over 35 vulnerabilities were discovered and ranged in severity, including the ability to launch denial of service attacks leading to the crash of printers, add backdoors within compromised printers to maintain attacker persistence on a network, as well as snoop on every print job sent to vulnerable printers and forward them to an external internet-based attacker.

This is just one facet of a landscape that is hugely complex, but many advancements are being made across the globe to improve IoT security standards which set out the responsibilities of the stakeholders involved in developing and putting these products to market.

Open source security

NCC Group is committed to working with the open source community to improve security. Last year, it was announced that we were joining the Open Source Security Coalition, otherwise known as the GitHub Security Lab. The coalition of global leaders was brought together to secure the world’s open source software, by improving vulnerability disclosure, creating large scale tooling to help identify vulnerabilities.

Since joining, we have dedicated 10% of our global research capacity to understand and resolve common issues in the open source community.

DeepFakes

At NCC Group, we are also committed to forming collaborations across the academia, standard bodies, B2B and consortia spaces. Our partnership with the University College London (UCL) saw us explore the world of DeepFakes.

This work resulted in an in-depth paper that delved into how the technology could be used and abused by adversaries in the near future, and how we can get ahead of the game by way of defensive measures, and the provision of guidance to legislation and regulation around the use of DeepFake technology.

Sniffle

In September last year, we released the world’s first open source sniffer for Bluetooth 5, Sniffle. Developed by Sultan Qasim Khan, it provides a reliable and easy to use sniffer that can greatly facilitate the development, debugging, testing, and reverse engineering of devices using Bluetooth 5 and 4.x LE.

But what does this mean? Put simply, it can help researchers understand how devices that have a Bluetooth connection could be compromised, and what needs to be done to ensure these issues are resolved.

Connected health

The healthcare landscape is constantly evolving – major advancements are happening every day, and technology has played a significant role in advancing this space, but what are the security implications of the innovations in this space?

Our whitepaper on connected health explores the security challenges that face the current and future landscape, as well the considerations required to deliver a Connected Health ecosystem that works for all in a secure and safe way.

A global blog dedicated to research

We launched our global research blog launched late last year, which houses all our research, talks, technical advisories and tools in one place.

Since the launch, the blog has built up a monthly readership in the thousands and we will continue to post a range of whitepapers, conference talks, technical advisories and tooling in the coming months.

Building on our capabilities

It’s been a great year of research across all of our focus areas and we’re looking forward to building our capabilities even further with some exciting research projects, partnerships and developments.

But for now head over to the blog if you’d like to read up on our research.