A Review of the Best News of the Week on AI, IoT, & Mobile Security

Barr Asks Apple to Unlock Pensacola Killer’s Phones (The New York Times, Jan 14 2020)
The request set up a collision between law enforcement and big technology firms in the latest battle over privacy and security.

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers (VICE, Jan 10 2020)
SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

Facebook Says Encrypting Messenger by Default Will Take Years (Wired, Jan 10 2020)
Mark Zuckerberg promised default end-to-end encryption throughout Facebook’s platforms. Nearly a year later, Messenger’s not even close.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Artificial Personas and Public Discourse (Schneier on Security, Jan 13 2020)
Presidential campaign season is officially, officially, upon us now, which means it’s time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they’re poised to take over political debate. The risk arises from two separate threads coming together: artificial intelligence-driven text generation and social media chatbots. These computer-generated “people” will drown out actual human discussions on the Internet.

California’s IoT cybersecurity bill: What it gets right and wrong (Help Net Security, Jan 09 2020)
California state lawmakers should be lauded for SB 327, their well-intentioned legislative attempt at tackling one of the most pressing issues in the tech sector: IoT security. But as the law went into effect at the start of the year, they will also (unfortunately) soon be faced with the reality that it is inadequate for today’s security threat landscape.

Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking (Help Net Security, Jan 13 2020)
A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned.

Chinese Malware Found Preinstalled on US Government-Funded Phones (Dark Reading, Jan 09 2020)
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

NGOs Demand Google Crackdown on Pre-Installed Apps (Infosecurity Magazine, Jan 08 2020)
Uninstallable Android apps on budget devices introduce privacy and security risks

Lawmakers Prod FCC to Act on SIM Swapping (Krebs on Security, Jan 09 2020)
“Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via “SIM swapping,” a particularly invasive form of fraud that involves tricking a target’s mobile carrier into transferring someone’s wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.”

Number of 5G connections to reach 1.5 billion globally by 2025 (Help Net Security, Jan 13 2020)
The total number of 5G connections will reach 1.5 billion globally by 2025, rising from only 5 million in 2019, according to Juniper Research. This is an annual average growth of 150% over the next 6 years. The new study forecast that the US and South Korea will be the fastest adopters of 5G, with 75% of all 5G subscribers attributable to these two countries by the end of 2020.

Google urged to tame privacy-killing Android bloatware (Naked Security – Sophos, Jan 13 2020)
A letter sent to the Google CEO by Privacy International claims bloatware has allowed a privacy and security hole to open almost unnoticed.

Google Removes Trove of Risky ‘Bread’ Apps From Play Store (SecurityWeek, Jan 12 2020)
Google has removed roughly 1,700 unique applications from its Google Play app store that were part of a family of potentially unwanted programs. 

SIM-Swapping Indictments Pile Up as Congress Begs the FCC to Do More (VICE, Jan 10 2020)
Victims and lawmakers say wireless carriers and the Trump FCC aren’t doing enough to protect consumers from the threat of SIM hijacking.