A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google discovers websites exploiting iPhones (Help Net Security, Aug 30 2019)
Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and deliver a stealthy implant capable of collecting much of the sensitive information found on users’ iOS-powered devices.

TrickBot Comes to Cellular Carriers (Dark Reading, Aug 28 2019)
TrickBot is using its traditional techniques — a man-in-the-middle attack that captures a web session, routes it to a command-and-control server where code is injected to request user credentials, then sends the page to the victim — in requests to the websites run by the three cellular networks. According to the report, the PIN requested by the malicious form indicates that the criminals are interested in perpetrating SIM-swap fraud.

Why 5G requires new approaches to cybersecurity (Brookings Institute, Sep 03 2019)
There are five ways in which 5G networks are more vulnerable to cyberattacks than their predecessors…

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

AI Emotion-Detection Arms Race (Schneier on Security, Aug 29 2019)
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words.

How artificial intelligence is enhancing enterprise security (SC Magazine, Sep 03 2019)
As enterprises realize that cyber threats are too great to manage without advanced technology, artificial intelligence (AI) is being introduced to monitor networks, manage risks, detect threats, and identify fraud. In fact, the market for AI in security is expected to reach more than $35 billion by 2024.

Ring Says It’s Partnered With 405 Police Departments, Here’s What We Still Don’t Know (VICE, Aug 28 2019)
Ring said in a blog post that it’s partnered with 405 law enforcement agencies, after months of refusing to disclose this information to reporters. We still have a lot of questions.

Researchers develop cheaper, more efficient Internet connectivity for IoT devices (Help Net Security, Sep 03 2019)
With 75 billion Internet of Things devices expected to be in place by 2025, a growing strain will be placed on requirements of wireless networks. Contemporary WiFi and cellular networks won’t be enough to support the influx of IoT devices, the researchers highlighted in their new study. Millimeter wave (mmWave), a network that offers multi-gigahertz of unlicensed bandwidth – more than 200 times that allocated to today’s WiFi and cellular networks, can be used to address the looming issue.

New Botnet Targets Android Set-Top Boxes (Dark Reading, Aug 29 2019)
ARES has already infected thousands of devices and is growing, IoT security firm says.

@jack’s twitter attacked, phone number hacked (Naked Security – Sophos, Aug 31 2019)
Twitter founder and CEO Jack Dorsey’s Twitter account was compromised. Twitter Comms later confirmed that the attack was possible because “the phone number associated with the account was compromised”, suggesting that Dorsey may have been the victim of a SIM swap attack.

Google Play app with 100 million downloads executed secret payloads (Ars Technica, Aug 27 2019)
Then, at some point things changed. The app was updated to add an advertising library that contained a malicious module. This component was what’s known as a “Trojan dropper,” meaning it regularly downloaded encrypted code from a developer-designated server at https://abc.abcdserver[.]com and then decrypted and executed it on infected devices.

Android 10 coming soon, with important privacy upgrades (Naked Security – Sophos, Aug 28 2019)
It’s semi-official: Android 10 (née Q), the next version of the Android operating system, could start shipping 3 September.

Huawei Faces Android Blackout on 5G Smartphone (Infosecurity Magazine, Aug 30 2019)
Google says it will not be able to supply flagship Mate 30

This Has Been the Worst Year for iPhone Security Yet (VICE, Aug 30 2019)
After several high profile attacks and embarrassing slip-ups, Apple’s perception as the secure consumer device is starting to crack.

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking (Wired, Aug 30 2019)
For two years, a handful of websites have indiscriminately hacked thousands of iPhones.

Confirmed: Google’s Android Suffers Sustained Attacks By Anti-Uighur Hackers (Forbes, Sep 03 2019)
it’s been confirmed that Androids of the target Muslim communities have been under heavy attack. And the hacks were launched in a similar way as those on iPhones: Websites serving news and information for the Uighur community would try to snoop on any visiting device.

Android RAT Exclusively Targets Brazil (Infosec Island, Sep 02 2019)
A newly discovered Android remote access Trojan (RAT) is specifically targeting users in Brazil…

iPhone attack may have targeted Android and Windows too (Naked Security – Sophos, Sep 03 2019)
A sophisticated and sustained watering hole attack affecting iPhones may have targeted Windows and Android too.