A Review of the Best News of the Week on AI, IoT, & Mobile Security
What security and privacy enhancements has iOS 13 brought? (Help Net Security, Sep 23 2019)
With the release of iPhone 11 and its two Pro variants, Apple has released iOS 13, a substantial functional update of its popular mobile operating system. But while many users are happy to finally get a complete Dark Mode for the device or a better phone camera, some are more interested in security and privacy enhancements.
Verizon Makes SIM Swapping Hard. Why Doesn’t AT&T, Sprint, and T-Mobile? (VICE, Sep 19 2019)
Verizon employs different security procedures when porting a phone number to a different SIM card than the other carriers. This is making SIM swapping attacks harder to perform against Verizon customers.
Huawei Suspended From Global Forum Aimed at Combating Cybersecurity Breaches (WSJ, Sep 18 2019)
A group formed to respond quickly to hacks and other cyber threats has temporarily expelled the Chinese company after legal advice
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Report: Use of AI surveillance is growing around the world (Naked Security – Sophos, Sep 20 2019)
It’s not just China: at least 75 out of 176 countries globally are actively using AI technologies for surveillance purposes, research shows.
Government Report Warns of AI Policing Bias (Infosecurity Magazine, Sep 18 2019)
Forces also need a clear Code of Practice, says think tank
Japan seeks AI system for predicting cyberattacks (Inquirer, Sep 23 2019)
The hope is that sharing early-warning information among relevant institutions will lead to rapid responses. Work could start within the month, with plans to conduct verification experiments in fiscal 2022 and have working technology as early as possible.
Protocol found in webcams and DVRs is fueling a new round of big DDoSes (Ars Technica, Sep 18 2019)
WSD is supposed to be confined to local networks. It’s not, and researchers are concerned.
Improving the security, privacy and safety of future connected vehicles (Help Net Security, Sep 19 2019)
The security, privacy and safety of connected autonomous vehicles (CAVs) has been improved thanks to testing at WMG, University of Warwick. Four new innovations…
A Safer IoT Future Must Be a Joint Effort (Dark Reading, Sep 20 2019)
We’re just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
California’s IoT Security Law Causing Confusion (Dark Reading, Sep 19 2019)
The law, which goes into effect January 1, requires manufacturers to equip devices with ‘reasonable security feature(s).’ What that entails is still an open question.
15,000 private webcams left open to snooping, no password required (Graham Cluley, Sep 19 2019)
Once again concerns are being raised about the sorry state of IoT security, after a security researcher discovered over 15,000 private webcams that have been left wide open for anyone with an internet connection to spy upon.
How a hacked Jeep Cherokee led to increased security from cyber carjackers (Autoblog, Sep 21 2019)
When researchers remotely hacked a Jeep Cherokee in 2015, slowing it to a crawl in the middle of a U.S. highway, the portal the hackers used was an infotainment system made by supplier Harman International. Harman, now part of Samsung Electronics, has since developed its own cybersecurity product, and bought Israel-based cybersecurity company TowerSec for $70 million to help it overhaul manufacturing processes and scrutinize third-party supplier software.
iOS 13 ships with known lockscreen bypass flaw that exposes contacts (Ars Technica, Sep 20 2019)
Vulnerability was demonstrated one week ago, when iOS 13 was still in beta.
Apple iOS 13.1 will fix location privacy bug, lockscreen bypass exploit (SC Magazine, Sep 23 2019)
A location privacy bug in iOS 13 that apparently doesn’t honor users’ privacy settings in some apps should be fixed in the Tuesday launch of iOS 13.1.
The FBI Tried to Plant a Backdoor in an Encrypted Phone Network (VICE, Sep 18 2019)
The FBI wanted a backdoor in Phantom Secure, an encrypted phone company that sold to members of the Sinaloa cartel, and which is linked to the alleged leaking of sensitive law enforcement information in Canada.
Deconstructing an iPhone Spearphishing Attack (Dark Reading, Sep 19 2019)
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
AT&T Says Customers Can’t Sue the Company for Selling Location Data to Bounty Hunters (VICE, Sep 19 2019)
Due to the contract fine print, AT&T says customers must instead deal with the company privately rather than in court.
Hackers Tried to Compromise Phones of Tibetans Working for Dalai Lama (VICE, Sep 24 2019)
Citizen Lab details new hacking campaigns against high-profile Tibetans using iPhones and Android smartphones.