A Review of the Best News of the Week on AI, IoT, & Mobile Security
Why Checkm8 iDevice jailbreak exploit is a game changer (Ars Technica, Sep 28 2019)
Unpatchable vulnerability is a game-changer that even Apple will be unable to stop.
Researchers Think They Know How Many Phones Are Vulnerable to ‘SIMjacker’ Attacks (VICE, Sep 27 2019)
They also created a tool to determine whether your phone’s SIM card is vulnerable.
Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold (VICE, Sep 30 2019)
Their creation has been successfully fully outsourced to a factory, the security researcher behind the cables said.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google made thousands of deepfakes to aid detection efforts (Naked Security – Sophos, Sep 27 2019)
It’s an arms race: as detection methods improve, deepfake-generating algorithms are quickly updated to correct the flaws.
New ‘Gucci’ IoT Botnet Targets Europe (SecurityWeek, Sep 30 2019)
Security researchers with SecNiche Security Labs have discovered a new piece of malware that attempts to ensnare Internet of Things (IoT) devices in Europe into a distributed denial-of-service (DDoS)-capable botnet.
Poison Carp cyberespionage group targeting Tibetan officials with mobile malware (SC Magazine, Sep 24 2019)
A newly designated threat group dubbed Poison Carp has been found using Android exploits to plant spyware on devices operated by the leadership of various Tibetan leaders.
Android apps with scores of downloads serve up annoying ads, unwanted subscriptions (SC Magazine, Sep 24 2019)
Hundreds of millions of Android devices have potentially been compromised by malicious adware and ad fraud apps that on the surface appear to offer harmless services such as selfie filters, weather forecasts or VPN security, according to a trio of recently released research reports.
218M Words with Friends Players Compromised in Data Breach (Dark Reading, Sep 30 2019)
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
New Spyware Threatens Telegram’s 200 Million Users (Infosecurity Magazine, Sep 27 2019)
Trojan-delivered spyware uses messaging app to exfiltrate stolen information
Checkm8 jailbreak and AltStore put cracks in Apple’s walled garden (Naked Security – Sophos, Sep 30 2019)
People are taking different tacks to get around Apple’s tightly controlled phone rules.
Illegal gambling apps snuck into Apple and Google stores (SC Magazine, Sep 26 2019)
Google and Apple recently removed hundreds of apps from their respective app stores after being informed they were actually fronts for gambling operations. While it’s not unusual to find malicious apps, this operation was different in that many of the apps passed through Google and Apple’s vetting process, Trend Micro reported.
Apple updates software, fixes flaw affecting third-party keyboard apps (SC Magazine, Sep 26 2019)
Apple last week released a series of software updates that repaired vulnerabilities in iOS, iPadOS, macOS Mojave, macOS High Sierra, macOS Sierra, watchOS, tvOS, Apple TV Software and Safari.
Cloudflare Launches Its Security-Focused Mobile VPN, Again (Wired, Sep 25 2019)
When the company first launched the Warp VPN, “all hell broke loose,” its CEO says. After a few months of tinkering, Cloudflare wants a do-over.