A Review of the Best News of the Week on AI, IoT, & Mobile Security

SIM Hijacking – new study shows measures aren’t helping (Schneier on Security, Jan 21 2020)
Phone companies have added security measures since this attack became popular and public, but a new study (news article) shows that the measures aren’t helping

Mobile Apps Sharing Personal Data Illegally, Consumer Group Claims (Infosecurity Magazine, Jan 15 2020)
Norwegian Consumer Council names dating apps Grindr, OKCupid and Tinder among offenders in damning report

As Justice Department Pressures Apple, Investigators Say iPhone Easier to Crack (WSJ, Jan 15 2020)
The escalation of a long-running encryption conflict between the Justice Department and Apple has puzzled security experts who say that new hacking tools have made it possible to gain access to many of the company’s devices in criminal investigations.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Glenn Greenwald Charged With Cybercrimes in Brazil (The New York Times, Jan 21 2020)
Mr. Greenwald is accused of being part of a “criminal investigation” that hacked into the cellphones of prosecutors and public officials.

Consumer Reports Calls for IoT Manufacturers to Raise Security Standards (Dark Reading, Jan 14 2020)
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.

IoT cybersecurity’s worst kept secret (Help Net Security, Jan 17 2020)
By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming…

An Open Source Effort to Encrypt the Internet of Things (Wired, Jan 20 2020)
IoT is a security hellscape. One cryptography company has a plan to make it a little bit less so.

A 101 guide to mobile device management (Help Net Security, Jan 14 2020)
Extending beyond the traditional company network, mobile connectivity has become an extension of doing business and IT staff need to not just rethink how existing activities, operations, and business models can fit into mobile constructs, but rethink how mobility can fundamentally transform the business itself. MDM solution components A mobile device management (MDM) solution provides similar features that you would expect a systems management solution would use to manage PCs.

Play Store Still Peppered with Fleeceware Apps (Infosecurity Magazine, Jan 14 2020)
Risk of being suckered by overpriced app subscriptions persists for Android users

5G Security (Schneier on Security, Jan 14 2020)
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.

High-risk Google account owners can now use their iPhone as a security key (Help Net Security, Jan 15 2020)
Google users who opt for the Advanced Protection Program (APP) to secure their accounts are now able to use their iPhone as a security key. About Google’s Advanced Protection Program Google introduced the Advanced Protection Program in late 2017, to help high-risk users – journalists, human rights activists, IT admins, executives, etc. keep their Google accounts safe from targeted attacks. APP is available to both consumer (Google Account) and enterprise users (G Suite).

Mobile Banking Malware Up 50% in First Half of 2019 (Dark Reading, Jan 17 2020)
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.

Teen Charged Over $50m SIM-Swapping Scam on Blockchain Experts (Infosecurity Magazine, Jan 17 2020)
Teen charged in connection with SIM-swapping scam targeting head of Blockchain Research Institute and his son

Scottish Police Deploy Tech That Extracts Data from Locked Smartphones (Infosecurity Magazine, Jan 21 2020)
Police Scotland is using Cellebrite machines to retrieve data from locked devices