A Review of the Best News of the Week on AI, IoT, & Mobile Security

Simjacker silent phone hack could affect a billion users (Naked Security-Sophos, Sep 16 2019)
The shadowy world of phone-surveillance-for-hire became a little clearer last week following the discovery of a phone exploit called Simjacker.

T-Mobile Has a Secret Setting to Protect Your Account From Hackers That It Refuses to Talk About (VICE, Sep 13 2019)
T-Mobile’s little known NOPORT setting can protect your phone number from SIM swapping.

How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks (Entrepreneur, Sep 14 2019)
The world is going digital at an unprecedentedly fast pace, and the change is only going to go even faster. The digitalization means everything is moving at lightning speed – business, entertainment, trends, new products, etc. The consumer gets what he or she wants instantly because the service provider has the means to deliver it.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Security Pros’ Painless Guide to Machine Intelligence, AI, ML & DL (Dark Reading, Sep 10 2019)
Artificial intelligence, machine learning, or deep learning? Knowing what the major terms really mean will help you sort through the morass of words on the subject and the security uses of each.

Off the hook: How AI catches phishing emails even if we take the bait (Darktrace Blog, Sep 06 2019)
By uniting email security with enterprise security, we can autonomously fight back against phishing attacks — even those we fall for hook, line, and sinker.

How a Hacked Light Bulb Could Lead to Your Bank Account Being Drained (Observer, Sep 11 2019)
“As time passes and we continue to have unpatched connected devices in our homes with dated software full of known bugs, we are just waiting to be exploited by hackers,” said Ashkenazi.

IoT attacks increasing in the cyber underground (Help Net Security, Sep 11 2019)
Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes, according to Trend Micro.

New Passive RFID Tech Poses Threat to Enterprise IoT (Infosec Island, Sep 11 2019)
Although passive RFID technology shows much promise for streamlining and improving the management of IoT, unresolved vulnerabilities in the technology’s security remain a bottleneck for both the implementation of RFID and the growth of the IoT industry.

IIoT security challenges: Dealing with cutting edge technologies (Help Net Security, Sep 12 2019)
“My advice is to “unlock” data at the edge for use in IT decision making in a way that is scalable and does not alter manufacturing processes. Smart manufacturing requires a rethinking of most manufacturing networks, which are too often “spaghetti networks,” full of devices and computers with specific functions in the plant but whose internal data flows have never been properly evaluated within the framework of a strong security policy.”

It’s Time for IoT Security’s Next Big Step (Wired, Sep 11 2019)
Connected devices are more secure than ever. That’s still not nearly enough.

Shining light on dark data, shadow IT and shadow IoT (Network World Security, Sep 13 2019)
What’s lurking in the shadows of YOUR organization? What you don’t know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.

Securing a Connected Future: 5G and IoT Security (SecurityWeek, Sep 12 2019)
Organizations Must be Wary of the Security Implications of Transitioning to 5G 

Preventing GPS spoofing is hard—but you can at least detect it (Ars Technica, Sep 12 2019)
This GPS spoofing defense software looks promising, but it’s short on detail.

Error-laden phone location data suspended from use in Danish courts (Naked Security – Sophos, Sep 12 2019)
10,700 cases will be reviewed over 2 months, and 32 detainees have already been released after finding bugs in software and raw telecom data.

Telegram Failed to Delete Removed Images From Local Storage (SecurityWeek, Sep 11 2019)
The Telegram secure messaging application was found to breach users’ privacy by failing to properly remove images from a device’s local storage when the sender selects to delete them for all recipients.

The Biggest iPhone Hack in History, Explained (VICE, Sep 12 2019)
Inside a hack that targeted thousands of people a week. (Audio)

#44CON: GPS Trackers Hacked to Make Premium Rate Calls (Infosecurity Magazine, Sep 13 2019)
How consistent API flaws allowed IoT devices to be hacked

iPhone lockscreen bypass: iOS 13 tricked into showing your contacts (Naked Security – Sophos, Sep 16 2019)
This time, José Rodríguez came up with a way to trick the iOS 13 beta into showing its address book without the need to unlock the screen.

Recycled Source Code Used to Create New MobiHok Android RAT (SecurityWeek, Sep 16 2019)
MobiHok is a new Android RAT marketed by the actor known as mobeebom. It is a recycled version of the older, established SpyNote RAT

Android Flashlight Apps Request up to 77 Permissions (SecurityWeek, Sep 13 2019)
An analysis of Android flashlight applications available in Google Play has revealed that they request an average of 25 permissions, with some requesting up to 77 permissions when installed.