A Review of the Best News of the Week on AI, IoT, & Mobile Security
World-first mobile phone detection cameras rolled out in Australia (the Guardian, Dec 03 2019)
New South Wales hopes to cut fatalities on the state’s roads by a third with devices that operate day and night in all weather
Millions of SMS messages exposed in database security lapse (TechCrunch, Dec 02 2019)
The database is run by TrueDialog, a business SMS provider for businesses and higher education providers, which lets companies, colleges, and universities send bulk text messages to their customers and students. The Austin, Texas-based company says one of the advantages to its service is that recipients can also text back, allowing them to have two-way conversations with brands or businesses.
Crooks are exploiting unpatched Android flaw to drain users’ bank accounts (Help Net Security, Dec 03 2019)
Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned. “Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
New Amazon capabilities put machine learning in reach of more developers (TechCrunch, Nov 26 2019)
Amazon announced a new approach that it says will put machine learning technology in reach of more developers and line of business users.
Bill Gates Says Open Research Beats Erecting Borders in AI (IT Pro, Nov 21 2019)
“AI is very hard to put back in the bottle,” Gates said, and “whoever has an open system will get massively ahead” by virtue of being able to integrate more insights from more sources.
5G IoT security: Opportunity comes with risks (Help Net Security, Dec 02 2019)
Slowly but surely, 5G digital cellular networks are being set up around the world. It will take years for widespread coverage and use to be achieved, so what better time than now for finding a way to ease into it while keeping security in mind? Opportunity comes with risks “Without a doubt 5G opens up a whole new world of opportunities for services that take advantage of the higher speeds and lower latencies that 5G…
Finns Label Cyber-Secure IoT Devices (Infosecurity Magazine, Nov 27 2019)
Finland has introduced a cybersecurity certification labeling system for IoT devices
Smartwatch exposes locations and other data on thousands of children (WeLiveSecurity, Nov 29 2019)
A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device
#InfosecNA: Security Risks of 5G, and How to Fix Them (Infosecurity Magazine, Nov 26 2019)
5G’s success will depend on it’s ability to resist, survive and recover from cyber-threats
Facebook, Twitter profiles slurped by mobile apps using malicious SDKs (Naked Security – Sophos, Nov 27 2019)
Hundreds of users gave permission to these third-party apps to access their social media accounts, but the apps got more handsy than that.
Patched WhatsApp vulnerability still impacting thousands of apps (SC Magazine, Nov 26 2019)
A vulnerability in the WhatsApp for Android that was found, disclosed and patched can still affect thousands of additional apps that have not been patched. CVE-2019-11932 allows attackers to use a maliciously coded GIF files to remotely execute code was made public on Oct. 2, 2019 and then patched in WhatsApp version 2.19.244…
New Free Emulator Challenges Apple’s Control of iOS (Dark Reading, Nov 27 2019)
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system – and gives Apple a new headache.
Authorities Arrest Alleged Member of Group That Hacked Jack Dorsey (VICE, Dec 02 2019)
The alleged member was arrested around two weeks ago, another member of the hacking group told Motherboard.
Fake Android apps uploaded to Play store by notorious Sandworm hackers (Naked Security – Sophos, Dec 02 2019)
The Russian ‘Sandworm’ hacking group has been caught repeatedly uploading fake and modified Android apps to Google’s Play Store.
TikTok owner to separate company over US national security worries (Naked Security – Sophos, Dec 02 2019)
Chinese-owned video-sharing app TikTok might be under fire from US politicians but it’s not going to go down without a fight.
SMS Replacement is Exposing Users to Text, Call Interception Thanks to Sloppy Telecos (VICE, Nov 29 2019)
Researchers from SRLabs found that telecos are implementing the RCS standard in vulnerable ways, which bring back techniques to attack phone networks.
Samsung starts Android 10 update at a record pace: Only three months late (Ars Technica, Dec 02 2019)
International Exynos models get Android 10, but the US will have to wait.