A Review of the Best News of the Week on AI, IoT, & Mobile Security

The iPhone 11 Pro’s Location Data Puzzler (Krebs on Security, Dec 03 2019)
“One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.”

Apple Explains Mysterious iPhone 11 Location Requests (Krebs on Security, Dec 05 2019)
“KrebsOnSecurity ran a story this week that puzzled over Apple‘s response to inquiries about a potential privacy leak in its new iPhone 11 line, in which the devices appear to intermittently seek the user’s location even when all applications and system services are individually set never to request this data. Today, Apple disclosed that this behavior is tied to the inclusion of a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature, and that a future version of its mobile operating system will allow users to disable it.”

The RCS Texting Protocol Is Way Too Easy to Hack (Wired, Dec 04 2019)
Rich Communication Services promises to be the new standard for texting. Thanks to sloppy implementation, it’s also a security mess.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Looking Back at Microsoft Ignite 2019 – Tech Intensity, End to End Security and AI (Infosecurity Magazine, Dec 03 2019)

Microsoft hosted their annual flagship Ignite conference in Orlando Florida in early November. The event attracted over 30,000 attendees and consists of over 1800 sessions across a wide range of topics such as DevOps, coding, identity, security and many product deep dives. Among the headlines, the main trends and talking points were on technical advancements, security additions and company strategies.

Cybersecurity in the Age of AI (Harvard Business Review, Dec 04 2019)
AI is reshaping the landscape of cyber defense. As new security fissures open up, threat analysts deploy more powerful tools to prevent and respond to attacks. Nicole Eagan, CEO of Darktrace, joins Azeem Azhar to discuss the escalating arms race in this new cybersecurity landscape.

Failure Modes in Machine Learning (Schneier on Security, Dec 09 2019)
Interesting taxonomy of machine-learning failures (pdf) that encompasses both mistakes and attacks, or — in their words — intentional and unintentional failure modes. It’s a good basis for threat modeling….

FBI Issues Smart TV Cybersecurity Warning (Infosecurity Magazine, Dec 03 2019)
Feds advise that smart TV owners might not be the only ones who are watching

Failure to secure IoT networks has far-reaching consequences, and transportation is a bullseye target (SC Magazine, Dec 10 2019)
Recent reports estimate that 250 million IoT-enabled vehicles will be on the road by 2020 as demand for tools like smart driving assistance, car monitoring and geolocation services, predictive maintenance, improved fleet management, and more, continue to rise.

Mobile industry has stifled eSIM—and the DOJ is demanding change (Ars Technica, Dec 03 2019)
US warns GSMA, says it must change eSIM standard that blocks competition.

Google: 80% of Android Apps Encrypt Traffic by Default (SecurityWeek, Dec 03 2019)
Google has shared some data on the adoption of Transport Layer Security (TLS) by Android applications and it seems that significant progress has been made over the past two years

FBI: FaceApp Potential Spy Risk (Infosecurity Magazine, Dec 04 2019)
Russian-made app raises counter-intelligence concerns

TikTok Sued in US Over Alleged China Data Transfer (SecurityWeek, Dec 04 2019)
A university student in California has filed a class-action lawsuit against video app TikTok, which she accuses of harvesting large amounts of user data and storing it in China.

Google Patches Critical DoS Flaw in Android 10 (SecurityWeek, Dec 04 2019)
One of the vulnerabilities Google addressed in Android with the December 2019 set of monthly patches is a critical vulnerability that could result in a permanent denial of service.

A Saudi Telecom Exposed a Streaming List of GPS Locations (VICE, Dec 09 2019)
The company, STCS, uploaded a constantly updating list of GPS coordinates in Saudi Arabia, China, and west Africa.

The FCC’s Push to Purge Huawei From US Networks (Wired, Dec 10 2019)
The rural carriers who rely on Huawei are wary of a costly “rip and replace” effort.