A Review of the Best News of the Week on AI, IoT, & Mobile Security

Cell Networks Hacked by (Probable) Nation-State Attackers (Schneier on Security, Jul 09 2019)
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: “The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.”

Hey, Google, why are your contractors listening to me? (Naked Security – Sophos, Jul 12 2019)
Humans are listening to our recordings – some made by mistake – to improve speech recognition. But they’re not as anonymous as Google says.

German banks to stop using SMS to deliver second authentication/verification factor (Help Net Security, Jul 12 2019)
German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure.


One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


GitHub Removed Open Source Versions of DeepNude (VICE, Jul 09 2019)
After the creator of DeepNude shuttered its app that digitally undressed women, multiple people uploaded their own versions to GitHub.

Shining a light on Shamoon 3: What cyber AI revealed about the data-wiping malware (Darktrace Blog, Jul 10 2019)
During an extended trial in the network of a global company, Darktrace observed a Shamoon-powered cyber-attack.

Adoption of AI-enhanced Cybersecurity is Growing Rapidly: Report (SecurityWeek, Jul 12 2019)
While around 20% of firms used ML prior to 2019, closer to 60% will be using it by the end of the year.

Only 25% of organizations using AI have an enterprise-wide AI strategy (Help Net Security, Jul 15 2019)
Only 25% of global organizations that are already using artificial intelligence (AI) solutions, have developed an enterprise-wide AI strategy, according to IDC.

Cybersecurity Considerations for IoT Product Design (IoT for All, Jul 09 2019)
This article looks at the considerations that need to be made, applicable standards, testing options and best practices for designing secure IoT products.

Global IoT market projected to reach $1111.3 billion by 2026 (Help Net Security, Jul 12 2019)
As per the report, the global market was valued at $190.0 Bn in the year 2018 and is anticipated to reach $1111.3 Bn by 2026. The analysts in the report predict that the global market will expand at a ferocious CAGR of 24.7% throughout the forecast years.

Did a hacked smart TV upload footage of couple having sofa sex to a porn website? (Graham Cluley, Jul 10 2019)
A news report claims that hackers were able to secretly capture intimate footage of a married couple and upload it to a porn website.

Hacked Hair Straightener Could Set a Fire (, Jul 12 2019)
Researchers hack a Bluetooth Glamoriser hair straightener.

EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters (VICE, Jul 16 2019)
The lawsuit, which comes after multiple Motherboard investigations into phone location data selling, is seeking an injunction against AT&T which would try to enforce the deletion of any sold data.

Eavesdropping flaw prompts Apple to suspend Walkie-Talkie app (Ars Technica, Jul 11 2019)
Apple Watch app can let attackers listen to iPhone mic without permission.

Financial Firms Face Threats from Employee Mobile Devices (Dark Reading:, Jul 10 2019)
A new report says that phishing and man-in-the-middle attacks are major risks to financial institutions – via mobile devices in the hands of their employees.

Agent Smith Android Malware Downloaded 25m+ Times (, Jul 11 2019)
Researchers are warning of a new Android malware campaign that has already compromised a staggering 25 million devices via a popular third-party app store. Dubbed “Agent Smith” by Check Point, the threat spreads by disguising itself as a legitimate Google application made available on the 9Apps marketplace run by Alibaba’s UCWeb.

New Version of FinSpy Steals Info on iOS, Android (, Jul 10 2019)
Advanced surveillance tool used in targeted attacks on governments, law enforcement and NGOs.

Rogue Android apps ignore your permissions (Naked Security – Sophos, Jul 10 2019)
New research has revealed that apps are snooping on data such as location and unique ID number – even when users haven’t given permission.

Researchers Find 17,490 Anubis Android Malware Samples (SecurityWeek, Jul 10 2019)
Two related servers were recently found hosting 17,490 samples of the same Android malware, Trend Micro’s security researchers say.

FCC underwhelmed by carriers’ sluggish robocall efforts (Naked Security – Sophos, Jul 15 2019)
The head of the Federal Communications Commission (FCC), Geoffrey Starks, has published the responses he’s received from major voice service providers after calling for them all to give customers free, on-by-default robocall blocking services last month.

Hackers Can Manipulate Media Files Transferred via WhatsApp, Telegram (SecurityWeek, Jul 15 2019)
Hackers can manipulate media files transferred by users through the WhatsApp and Telegram messaging applications due to the way the Android operating system allows apps to access files in external storage, Symantec warned on Monday.