A Review of the Best News of the Week on AI, IoT, & Mobile Security
Reverse Location Search Warrants (Schneier on Security, Feb 21 2019)
The police are increasingly getting search warrants for information about all cell phones in a certain location at a certain time: Police departments across the country have been knocking at Google’s door for at least the last two years with warrants to tap into the company’s extensive stores of cellphone location data. Known as “reverse location search warrants,” these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area.
Facebook apps secretly sending sensitive data back to the mothership (Naked Security – Sophos, Feb 26 2019)
New York governor Andrew Cuomo has ordered an investigation into how Facebook is still allowing blabby apps to violate its privacy policies.
Android Is Helping Make Passwords Obsolete on a Billion Devices (Wired, Feb 25 2019)
By officially embracing the FIDO2 standard, Android will soon let you log into sites and services without having to remember a password.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
ML-era in cybersecurity: A step toward a safer world or the brink of chaos? (WeLiveSecurity, Feb 22 2019)
Tampering with the ML model by feeding it poisoned inputs – aka adversarial machine learning – is another risk that will become more pressing in the future, especially in the cybersecurity field.
Huawei Says US Has ‘No Evidence’ of 5G Spying Allegations (SecurityWeek, Feb 26 2019)
Huawei’s chairman said Tuesday that the United States has “no evidence” that its equipment to build next-generation 5G wireless networks could be used as a vehicle for Chinese spy operations.
Sorry, we didn’t mean to keep that secret microphone a secret, says Google (Naked Security – Sophos, Feb 21 2019)
It’s been off by default, Google says – not much consolation to those who don’t cotton to the notion of a “secret” listening gadget.
Criminals Weaponize Open Source Tools, Target IoT (Infosecurity Magazine, Feb 20 2019)
The convergence of cyber and physical worlds has created more risk.
IoT Flaws Reveal Need to Work with Researchers (Infosecurity Magazine, Feb 25 2019)
McAfee researchers disclose two vulnerabilities in common IoT devices.
Global mobile networks to support 12.3 billion devices and IoT connections by 2022 (Help Net Security, Feb 21 2019)
In 2017, there were five billion mobile users worldwide, but over the next five years, that number will increase by half a billion to 5.5 billion users, which represents about 71 percent of the global population.
New Arm Certification Aims to Secure IoT Devices (Dark Reading, Feb 25 2019)
Arm, which designs processors used in devices from smart doorbells to supercomputers, is partnering with five laboratories and consulting firms to develop a certification for adherence to the Platform Security Architecture (PSA).
Google’s New Play Store Rules Are Breaking an App Sex Workers Use to Keep Safe (Motherboard, Feb 20 2019)
Ugly Mugs, a UK-based call screening app that helps workers avoid dangerous clients, is at risk for being shut down.
18,000 Android Apps Violate Google’s Ad ID Policies: Analysis (SecurityWeek, Feb 19 2019)
Mobile privacy reasearch group AppCensus has discovered 18,000 Android applications that violate Google Play’s advertising identifier (ad ID) policies and users’ privacy.
Android Users: Check This Facebook Location Privacy Setting ASAP (Wired, Feb 20 2019)
Android users can now stop Facebook from tracking their location when they aren’t using the Facebook app.
How Android, the world’s most popular mobile OS, is preparing for eSIM (Gemalto, Feb 20 2019)
eSIM support by Android-friendly device manufacturers will foster eSIM expansion worldwide.
Lessons From the War on Malicious Mobile Apps (Dark Reading, Feb 22 2019)
Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter.
New privacy-breaking attacks against phones on 4G and 5G cellular networks (Help Net Security, Feb 25 2019)
Three new attacks can be used to track the location and intercept calls of phone users connected to 4G and 5G cellular networks, researchers from Purdue University and The University of Iowa have revealed.
Verizon says phone-sale fraud is up, wants to lock new phones to fight it (Ars Technica, Feb 25 2019)
Verizon needs OK from FCC for 60-day locks because of 700MHz open-access rules.