A Review of the Best News of the Week on AI, IoT, & Mobile Security
Who Owns Your Wireless Service? Crooks Do. (Krebs on Security, Aug 07 2019)
“Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists.”
Google Hackers Found 10 Ways to Hack an iPhone Without Touching It (VICE, Aug 12 2019)
Many of the vulnerabilities relied on using iMessage to own the rest of the phone, Google’s Project Zero said.
More than 2m AT&T phones illegally unlocked by bribed insiders (Naked Security – Sophos, Aug 08 2019)
The alleged, now indicted ringleader paid more than $1m in bribes to insiders who planted malware and hardware for remote unlocking.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Black Hat Talk About ‘Time AI’ Causes Uproar, Is Deleted By Conference (VICE, Aug 10 2019)
A controversial sponsored talk at the Black Hat security conference caused an uproar among security professionals and prompted the conference to delete the talk from the internet.
Microsoft catches Russian state hackers using IoT devices to breach networks (Ars Technica, Aug 05 2019)
Fancy Bear servers are communicating with compromised devices inside corporate networks.
A Model Hospital Where the Devices Get Hacked—on Purpose (Wired, Aug 06 2019)
At this year’s Defcon Medical Device Village, hackers will attack real medical devices at a pretend hospital.
Ring Told People to Snitch on Their Neighbors in Exchange for Free Stuff (VICE, Aug 09 2019)
Ring helped people form private ‘Digital Neighborhood Watches’ where they report ‘suspicious activity’ in exchange for free Ring products and discounts, according to a presentation obtained by Motherboard.
This Tesla Mod Turns a Model S Into a Mobile ‘Surveillance Station’ (Wired, Aug 09 2019)
The Surveillance Detection Scout can track license plates and faces near your Tesla—with all the privacy concerns that implies.
Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons (Wired, Aug 11 2019)
A security researcher has demonstrated how to force everyday commercial speakers to emit harmful sounds.
Watch a Drone Take Over a Nearby Smart TV (Wired, Aug 11 2019)
Smart TVs continue to look dumber by the day.
Apple Gives Hackers a Special iPhone—And a Bigger Bug Bounty (Wired, Aug 08 2019)
The company’s sometimes rocky relationship with security researchers just got a whole lot smoother.
WhatsApp Messages Can Be Intercepted, Manipulated (Dark Reading, Aug 08 2019)
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
Children’s Tablet Revealed Location, Researchers Found (Infosecurity Magazine, Aug 07 2019)
LeapFrog’s Pet Chat app was leaking children’s location, say researchers.
Latest Android patches fix critical ‘QualPwn’ Wi-Fi flaws (Naked Security – Sophos, Aug 07 2019)
The August 2019 security bulletin is out – and two of the critical flaws could allow an attacker to compromise the Android system kernel.
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer (VICE, Aug 10 2019)
It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
Hackers Could Decrypt Your GSM Phone Calls (Wired, Aug 10 2019)
Researchers have discovered a flaw in the GSM standard used by AT&T and T-Mobile that would allow hackers to listen in.
Inside the Hidden World of Elevator Phone Phreaking (Wired, Aug 09 2019)
Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes.
Android users menaced by pre-installed malware (Naked Security – Sophos, Aug 13 2019)
Google Project Zero researcher Maddie Stone has found a new and concerning route for malware to find its way on to Android devices – malicious apps that have been factory pre-installed.
Hacking 4G hotspots – when did you last update? (Naked Security – Sophos, Aug 12 2019)
Your 4G hotspot might seem very basic and low risk compared to your phone, but you need to keep it patched just as carefully!