A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google creates App Defense Alliance to fight bad apps (Google, Nov 11 2019)
Announcing a partnership between Google, ESET, Lookout, and Zimperium. It’s called the App Defense Alliance and together, we’re working to stop bad apps before they reach users’ devices.

Evaluating the Digital Standard (New America, Nov 11 2019)
In 2018, New America’s Open Technology Institute (OTI) launched a project to educate people about the Digital Standard,⁠ a new framework for evaluating the privacy and security of internet-connected consumer products and software. The Standard was developed by a group of organizations including Ranking Digital Rights, in collaboration with Consumer Reports.

Facebook is secretly using your iPhone’s camera as you scroll your feed (The Next Web, Nov 12 2019)
The issue has come to light after a user going by the name Joshua Maddux took to Twitter to report the unusual behavior, which occurs in the Facebook app for iOS. In footage he shared, you can see his camera actively working in the background as he scrolls through his feed.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Researchers develop machine learning-based detector that stops lateral phishing attacks (Help Net Security, Nov 05 2019)
Lateral phishing attacks – scams targeting users from compromised email accounts within an organization – are becoming an increasing concern in the U.S.

Anti-Deepfake Law in California Is Far Too Feeble (Wired, Nov 05 2019)
Opinion: While well intentioned, the law has too many loopholes for malicious actors and puts too little responsibility on platforms.

Report: The Government and Tech Need to Cooperate on AI (Wired, Nov 06 2019)
It also warns that AI-enhanced national security apparatus like autonomous weapons and surveillance systems will raise ethical questions.

AI wordsmith too dangerous to be released… has been released (Naked Security – Sophos, Nov 11 2019)
The text-generating AI has only been released in neutered forms until now, for fear it would be used to mass-produce fake news and spam.

Twitter wants your feedback on its proposed deepfakes policy (Ars Technica, Nov 11 2019)
The company proposes warning labels—is that enough?

Only 47% of cybersecurity pros are prepared to deal with attacks on their IoT devices (Help Net Security, Nov 08 2019)
Fewer than half (47%) of cybersecurity professionals have a plan in place to deal with attacks on their IoT devices and equipment, despite that fact that nine out of ten express concerns over future threats, according to the Neustar International Security Council (NISC) research.

Ring-a-ding: IoT doorbell exposed customer Wi-Fi passwords to eavesdroppers (Ars Technica, Nov 08 2019)
Bitdefender report in July led to patch of code that sent credentials in plaintext.

xHelper Malware for Android (Schneier on Security, Nov 08 2019)
“xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It’s not interesting because of its payload; it seems to do nothing more than show unwanted ads. it’s interesting because of its persistence…”

Google patches bug that let nearby hackers send malware to your phone (Naked Security – Sophos, Nov 05 2019)
Google has patched an Android bug that could have allowed attackers to use NFC to send over a malicious file to the victim’s phone

Bug Hunters Earn $195,000 for Hacking TVs, Routers, Phones at Pwn2Own (SecurityWeek, Nov 06 2019)
White hat hackers have earned a total of $195,000 for demonstrating vulnerabilities in TVs, routers and smartphones on the first day of the Pwn2Own Tokyo 2019 contest taking place these days alongside the PacSec conference.

Security by Sector: How Smartphone Biometric Risks Threaten the Banking Industry (Infosecurity Magazine, Nov 07 2019)
New research shows just how easy it is to bypass smartphone fingerprint tech

Sextortionist whisks away sex tapes using just a phone number (Naked Security – Sophos, Nov 12 2019)
The SIM-swap victim knew he was in trouble when he got a 3:30 a.m. message about his phone service being cut off.

As 5G Rolls Out, Troubling New Security Flaws Emerge (Wired, Nov 12 2019)
Researchers have identified 11 new vulnerabilities in 5G—with time running out to fix them.