A Review of the Best News of the Week on AI, IoT, & Mobile Security
A hacker’s paradise? 5G and cyber security (Financial Times, Oct 14 2019)
The problem is unlikely to be the security of 5G technology itself. Despite researchers uncovering apparent flaws in 5G’s security — such as the ability for attackers to use fake mobile base stations to steal information — 5G’s stronger encryption of data and better verification of network users are widely considered to be a significant improvement on 4G. Experts say that the weak link in 5G’s security is likely to be communication between devices connected to the internet…These devices, known as the Internet of Things (IoT)…
Activists’ phones targeted by one of the world’s most advanced spyware apps (Ars Technica, Oct 12 2019)
“Pegasus,” developed by Israel-based NSO Group, stalks 2 Moroccan, researchers say.
EU warns of cyber‑risks as 5G looms (WeLiveSecurity, Oct 11 2019)
What are the scenarios that may prove to be challenging to manage in the 5G world?
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
New ISF Paper Attempts to Demystify AI in Information Security (Infosecurity Magazine, Oct 10 2019)
“What we do know is that attackers can already use AI tools to identify vulnerabilities—although human hackers are still better at exploiting them. As soon as that intelligent malware emerges, AI tools will be required to spot anomalous activity on the network and identify well-hidden malware.
This Technique Can Make It Easier for AI to Understand Videos (Wired, Oct 15 2019)
A staggering amount of video is shared online. Researchers are teaching artificial intelligence to process more—while using less power.
AI development has major security, privacy and ethical blind spots (Help Net Security, Oct 15 2019)
Security, privacy and ethics are low-priority issues for developers when modeling their machine learning solutions, according to O’Reilly.
Deepfakes and their potential impact on society (SC Magazine, Oct 14 2019)
The rise of deepfakes and the risks they pose is creating questions around who should be held responsible for the spreading of these videos. These questions have become so frequent that earlier this month, the House of Representatives held its first hearing focused specifically on national security threats posed by deepfake technology. As a result of the hearing, the House proposed a change for Section 230 of the Communications Decency Act to be amended to hold social and digital platforms responsible for the content posted on their sites.
How concerned are you about the privacy challenges of your IoT devices? (WeLiveSecurity, Oct 09 2019)
An ESET survey of thousands of people in North America provides a peek into how they perceive the privacy and security of their smart home connected devices
New data analysis approach could strengthen the security of IoT devices (Help Net Security, Oct 14 2019)
A multi-pronged data analysis approach that can strengthen the security of IoT devices, such as smart TVs, home video cameras and baby monitors, against current risks and threats has been created by a team of Penn State World Campus students.
Can microsegmentation help IoT security? (Network World Security, Oct 11 2019)
Deploying microsegmentation as part of a broad IoT security strategy can enable more granular control of network systems and better isolation if a security flaw is exploited.
Researchers Discover Spy Platform with GSM Fingerprinting (Infosecurity Magazine, Oct 10 2019)
Attor targets governments and diplomats in Eastern Europe. According to the analysis, the attacks were conducted using a previously unreported cyber-espionage platform, which is notable for its modular architecture, along with two prominent features: the AT protocol used by one of its plugins for GSM fingerprinting, and Tor, which is employed for its network communications. Given these features, ESET researchers have named the platform Attor.
EU Hints at Huawei Risk in 5G Security Assessment (SecurityWeek, Oct 09 2019)
The European Union hinted strongly it viewed Chinese tech group Huawei as a security risk to its roll-out of 5G networks in a report released Wednesday
AT&T and Verizon Don’t Want You To Know Where 5G Really Is (VICE, Oct 10 2019)
Big Telecom is resisting efforts by the government to require it to include 5G availability in broadband maps.
#SecTorCa: Millions of Phones Leaking Information Via Tor (Infosecurity Magazine, Oct 11 2019)
Researchers claim 30% of all Android devices are transmitting data that could be used to track and profile users
Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico (SecurityWeek, Oct 14 2019)
Researchers believe hundreds of millions of SIM cards may be vulnerable to Simjacker attacks after determining that the targeted technology, despite being very old, is still used by at least 61 mobile operators across 29 countries.