A Review of the Best News of the Week on AI, IoT, & Mobile Security
Well-funded surveillance operation infected both iOS & Android (Ars Technica, Apr 08 2019)
Malware that stole contacts, audio, location and more was under development for years.
Major Vulnerability Potentially Impacted 150 Million Smartphone Users Worldwide (Motherboard, Apr 04 2019)
Researchers discovered a since-patched vulnerability in an app pre-installed on smartphones made by Xiaomi.
How Android Fought the Chamois Botnet—and Won (Wired, Apr 09 2019)
The Chamois botnet once infected 20 million Android devices. Here’s how Google finally tore it up.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
Adversarial Machine Learning against Tesla’s Autopilot (Schneier on Security, Apr 04 2019)
Researchers have been able to fool Tesla’s autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road.
The basics of modern AI—how does it work and will it destroy society this year? (Ars Technica, Apr 09 2019)
Today’s AI is technically “weak”—but it’s complex and can have a great societal impact.
Why ‘PWNED!’ is appearing on some GPS smartwatches (Naked Security – Sophos, Apr 04 2019)
Over 20 models of smartwatches, some bought for kids, allow for creeps to eavesdrop and track users, in spite of a ban.
Securing your home increasingly means securing all of your IoT devices (Help Net Security, Apr 03 2019)
…threats and the number of attacks continue to increase, but still rely on well-known security weaknesses, such as unpatched software and weak passwords.
Zingbox now part of the Microsoft Active Protections Program (Help Net Security, Apr 07 2019)
Internet of Things (IoT) security and analytics platform, is now part of the Microsoft Active Protections Program (MAPP). Participation in MAPP is an important part of Zingbox’s continuing efforts to provide real-time proactive security for IoT devices. MAPP is a program through which security vendors identify vulnerabilities in Microsoft software, pooling research to enhance the overall security of devices leveraging Microsoft software.
Mirai botnet upgraded to work with new IoT processors (SC Magazine, Apr 09 2019)
The developers behind the Mirai botnet have recompiled the malware so it can take advantage of a wider group of processors/architectures and upgraded with a new encryption algorithm.
Major Mobile Financial Apps Harbor Built-in Vulnerabilities (Dark Reading, Apr 02 2019)
A wide variety of financial services companies’ apps suffer from poor programing practices and unshielded data.
Google Patches Critical Vulnerabilities in Android’s Media Framework (SecurityWeek, Apr 02 2019)
Google has released its April 2019 set of security patches for the Android platform, which fixes three Critical vulnerabilities, including two that affect the Media framework component.
Verizon phishing scam takes a mobile-first approach (SC Magazine, Apr 03 2019)
Verizon customers are being targeted by a phishing campaign which researchers described as having a sophisticated, mobile-first approach that optimizes its phoney sites for mobile devices and demonstrating awareness of Verizon infrastructure.
How iOS App Permissions Open Holes for Hackers (Dark Reading, Apr 04 2019)
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
Brazilian Banking Trojan BasBanke spreads via Facebook and WhatApp promos (SC Magazine, Apr 04 2019)
A new Brazilian banking trojan, dubbed BasBanke, is setting trends in Brazil with over 10,000 installations from the official Google Play Store alone.
The robocall crisis will never totally be fixed (Ars Technica, Apr 08 2019)
Like spam, we’ll be able to manage it but not eliminate it.
Adhering to the mobility requirements of NIST 800-171 does not have to keep you awake at night (Help Net Security, Apr 09 2019)
The key to finding an applicable solution that satisfies the mobility requirements of NIST SP 800-171 is to ensure that the solution leverages multi-factor authentication, biometric and other password management solutions, and combines it with 256-bit encryption to secure and protect the data – no matter what device it’s on. With these types of solutions available, BYOD is now a more viable option, and is more secure than the MDM/EMM solutions that most companies and organizations are currently using.
Hacker unlocks Samsung S10 with 3D-printed fingerprint (Naked Security – Sophos, Apr 09 2019)
According to a video posted on the Imgur site Friday, it’s possible to bypass the biometrics on the new Galaxy S10 range using a 3D-printed fingerprint in minutes.