A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google Offering Up to $1.5 Million for Pixel Titan M Exploits (SecurityWeek, Nov 21 2019)
Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5 million

Data breach compromises T-Mobile prepaid accounts (SC Magazine, Nov 22 2019)
Wireless communications company T-Mobile has disclosed a data breach incident that impacts certain customers with pre-paid service accounts. “Our cybersecurity team discovered and shut down malicious, unauthorized access to some information related to your T-Mobile prepaid wireless account.

The U.S. is racking up tactical victories in Huawei fight (Washington Post, Nov 25 2019)
Only a handful of nations, meanwhile, have followed the U.S. push for a full Huawei ban including Australia, New Zealand and Japan. Britain previously decided to limit Hauwei contracts to the periphery of its 5G networks rather than core systems, but U.S. officials have argued that still gives the company far too much access.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Ongoing Research Project Examines Application of AI to Cybersecurity (SecurityWeek, Nov 21 2019)
Project Blackfin: Multi-Year Research Project Aims to Unlock the Potential of Machine Intelligence in Cybersecurity

Data security and automation top IT projects for 2020, AI not a priority (Help Net Security, Nov 25 2019)
Data security and automation are the top IT projects for 2020, while artificial intelligence projects are not in the top 10 for IT professionals, according to Netwrix. The online survey asked 1045 IT professionals worldwide to name their top five IT projects for the next year; they could pick from a predefined list or specify their own descriptions.

AWS expands its IoT services, brings Alexa to devices with only 1MB of RAM (TechCrunch, Nov 25 2019)
AWS announced a number of IoT-related updates that, for the most part, aim to make getting started with its IoT services easier, especially for companies that are trying to deploy a large fleet of devices.

California IoT security law: What it means and why it matters (Help Net Security, Nov 20 2019)
In September, California Governor Jerry Brown signed into law a new bill aimed at regulating the security of IoT devices, and it’s set to go into effect in a few short months on January 1, 2020. While the goal of the law is to better address the risks that increased connectivity brings into the workplace, it instead leaves us with more questions than answers.

Securing the Internet of Things (IoT) in Today’s Connected Society (Infosec Island, Nov 19 2019)
The rush to adoption has highlighted serious deficiencies in both the security design of Internet of Things (IoT) devices and their implementation.

#InfosecNA: The Impact of AI, IoT and Emerging Tech (Infosecurity Magazine, Nov 20 2019)
Theresa Payton reflects on the evolving digital and cyber-threat landscape

Botnet and IoT Security Guide 2020 (Help Net Security, Nov 26 2019)
The Council to Secure the Digital Economy (CSDE), a partnership between global technology, communications, and internet companies supported by USTelecom—The Broadband Association and the Consumer Technology Association (CTA), released the International Botnet and IoT Security Guide 2020, a comprehensive set of strategies to protect the global digital ecosystem from the growing threat posed by botnets, malware and distributed attacks.

I ‘Hacked’ My Accounts Using My Mobile Number: Here’s What I Learned (Dark Reading, Nov 19 2019)
A feature that’s supposed to make your account more secure — adding a cellphone number — has become a vector of attack in SIM-swapping incidents. Here’s how it’s done and how you can protect yourself.

Android camera apps could be hijacked to spy on users (Help Net Security, Nov 19 2019)
A vulnerability in the Google Camera app may have allowed attackers to surreptitiously take pictures and record videos even if the phone is locked or the screen is off, Checkmarx researchers have discovered.

Apple Tells Congress You’ll Hurt Yourself if You Try to Fix Your iPhone (VICE, Nov 20 2019)
Apple tries to put a nice face on its anticonsumer policies.

Russia’s ‘Sandworm’ Hackers Also Targeted Android Phones (Wired, Nov 21 2019)
The Kremlin’s uniquely dangerous hacker group has been trying new tricks.

The White House needs a 5G czar to win the race to secure next-generation networks, senators warn (Washington Post, Nov 20 2019)
The U.S. risks losing the next generation of telecommunications systems to China if the White House doesn’t create a new position to oversee 5G policy, the Senate’s top security leaders are warning.

Google plans to take Android back to ‘mainline’ Linux kernel (Naked Security – Sophos, Nov 22 2019)
Android could be returning to its roots.

DOD joins fight against 5G spectrum proposal, citing risks to GPS (Ars Technica, Nov 22 2019)
In letter to FCC’s Pai, secretary of defense notes risks to military operations.

New ‘Ginp’ Android Trojan Targets Credentials, Payment Card Data (SecurityWeek, Nov 26 2019)
A recently discovered Android banking Trojan that features a narrow target list and two-step overlays is capable of stealing both login credentials and credit card data, ThreatFabric reports.

Many Apps Impacted by GIF Processing Flaw Patched Recently in WhatsApp (SecurityWeek, Nov 26 2019)
Trend Micro security researchers have discovered thousands of Android applications impacted by the GIF processing vulnerability that was patched recently in WhatsApp.

Long-known Vulnerabilities in High-Profile Android Applications – Check Point Research (Check Point Research, Nov 26 2019)
A popular mobile app typically uses dozens of reusable components written in a low-level language such as C. These components, called native libraries, are often derived from open-source projects, or incorporate fragments of code from open-source projects.