A Review of the Best News of the Week on AI, IoT, & Mobile Security
Data, Surveillance, and the AI Arms Race (Schneier on Security, Jun 17 2019)
Since Western countries can’t or won’t reap such a comprehensive harvest of data from their citizens, China will win the AI arms race and dominate the next century. This idea makes for a compelling narrative, especially for those trying to justify surveillance — whether government- or corporate-run. But it ignores some fundamental realities about how AI works and how AI research is conducted.
Google Adds Two-Factor Authentication For Its Apps on iOS (Dark Reading, Jun 13 2019)
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
Mirai tries to hook its tentacles into SD-WAN (Network World Security, Jun 14 2019)
Mirai – the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks – now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Predicting Vulnerability Weaponization (Dark Reading, Jun 12 2019)
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
These are the Internet of Things devices that are most targeted by hackers (ZDNet, Jun 12 2019)
You may not believe your smart device is of interest to hackers – but it can provide a gateway that breaks your network wide open.
Why cybercriminals are eyeing smart buildings (WeLiveSecurity, Jun 12 2019)
A recent talk by ESET’s Global Security Evangelist Tony Anscombe looks at the key security challenges facing intelligent buildings
Car alarm hackers open eyes to cybersecurity issues in automotive supply chain (Automotive News, Jun 15 2019)
The success of “white hat” hackers in remotely penetrating vehicle controls through aftermarket car-alarm systems has sounded a new warning in cybersecurity circles.
Widely used medical infusion pump can be remotely hijacked (Naked Security – Sophos, Jun 17 2019)
These vulnerable infusion pumps can be remotely hacked to alter the delivery of IV fluids and medications such as painkillers or insulin.
Mirai Offspring “Echobot” Uses 26 Different Exploits (SecurityWeek, Jun 17 2019)
A recently discovered variant of the Mirai Internet of Things (IoT) malware uses a total of 26 different exploits for the infection phase, Akamai reports.
Spain’s top soccer league fined over its app’s ‘tactics’ (WeLiveSecurity, Jun 12 2019)
La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy
5G subscriptions to reach 1.9 billion in 2024, critical IoT connections on the rise (Help Net Security, Jun 14 2019)
Rapid early momentum and enthusiasm for 5G has led Ericsson to forecast an extra 400 million enhanced mobile broadband subscriptions globally by the end of 2024.
iOS 13 Will Finally Support NFC ID Scanning in a Few Countries (Gizmodo, Jun 17 2019)
iPhones have had NFC chips since the iPhone 6, but previously, Apple only allowed NFC to be used for making purchases with Apple Pay. But in iOS 13, Apple is expanding the use of NFC to other apps, and even though iOS won’t officially be available until later this fall, countries including Japan and Germany are already planning to allow citizens to scan in their ID cards via NFC on their iPhones.
Android phones can now be security keys for iOS devices (Naked Security – Sophos, Jun 14 2019)
Hey, iOS users. Got a spare Android phone lying around? Now, you can use it as a secure access key for online services.
AT&T, Sprint, Verizon, T-Mobile Hit With FCC Complaint Over Sale of Phone Location Data (VICE, Jun 14 2019)
The Open Technology Institute, Free Press, and the Georgetown Law Center on Privacy & Technology filed the complaint Friday after multiple Motherboard and New York Times investigations.
Cellebrite Now Says It Can Unlock Any iPhone for Cops (Wired, Jun 14 2019)
In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.
China is poised to lead in 5G. That’s partly Washington’s fault, Sen. Warner says. (The Washington Post, Jun 18 2019)
“We are not doing our job if we don’t find ways to declassify more of this information and get it out to American business, American policymakers, American academia,” he said.
Android Apps Target Bitcoin, By-Passing 2FA (SecurityWeek, Jun 17 2019)
Last week researchers reported on apps abusing the Android push notifications feature to deliver spam. Now other researchers have described apps using a similar but more advanced approach to by-pass two-factor authentication.
Push Technology Used in Mobile Attacks (SecurityWeek, Jun 17 2019)
Researchers have detected an Android trojan that abuses the web push technology. In its benign use, web push is used by legitimate websites — such as news sites — to send out new event notifications. The less benign use is to employ the technology to send out what amounts to phishing notifications.