A Review of the Best News of the Week on AI, IoT, & Mobile Security

Bezos Hack Report Puzzles Cyberexperts (WSJ, Jan 27 2020)
A report concluding Saudi Arabia likely hacked into Jeff Bezos’ phone has spurred questions among cybersecurity experts, who say the audit left several major technical questions unexplained and in need of more examination.

Prosecutors Have Evidence Bezos’ Girlfriend Gave Texts to Brother Who Leaked to National Enquirer (WSJ, Jan 27 2020)
Manhattan federal prosecutors have evidence indicating the Amazon CEO’s girlfriend provided text messages to her brother that he then sold to the publisher for its article about Jeff Bezos’ affair.

Government Report Reveals Its Favorite Way to Hack iPhones, Without Backdoors (VICE, Jan 28 2020)
Feds are once again demanding encryption backdoors, but its own data shows it can extract data from phones without them.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

There is no easy fix to AI privacy problems (Help Net Security, Jan 23 2020)
Not only does ML require vast amounts of data for the training process, but the derived system is also provided with access to even greater volumes of data as part of the inference processing while in operation. T

CIOs using AI to bridge gap between IT resources and cloud complexity (Help Net Security, Jan 23 2020)
There’s a widening gap between IT resources and the demands of managing the increasing scale and complexity of enterprise cloud ecosystems, a Dynatrace survey of 800 CIOs reveals.

New Deepfake Method Can Put Words In Anyone’s Mouth (VICE, Jan 24 2020)
The new method makes a deepfake video from an audio source.

Pentagon Blocks Clampdown on Huawei Sales (WSJ, Jan 27 2020)
The Commerce Department has withdrawn proposed regulations making it harder for U.S. companies to sell to Huawei from their overseas facilities after objections from the Pentagon and the Treasury Department.

Spies Like AI: The Future of Artificial Intelligence for the US Intelligence Community (Defense One, Jan 27 2020)
“Imagine that your job is to read every newspaper in the world, in every language; watch every television news show in every language around the world. You don’t know what’s important, but you need to keep up with all the trends and events…”

Half a Million IoT Device Passwords Published (Schneier on Security, Jan 22 2020)
“It’s a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. Useful for anyone putting together a bot network: A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices.”

7 Steps to IoT Security in 2020 (Dark Reading, Jan 24 2020)
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.

UK’s IoT Law Hopes to Drive Security-by-Design (Infosecurity Magazine, Jan 28 2020)
Proposed legislation seeks to protect consumers from cyber risk

Cisco Launches Industrial IoT Security Solution (SecurityWeek, Jan 28 2020)
Cisco on Tuesday announced the launch of a security solution for the Industrial Internet of Things (IIoT) that is designed to help organizations identify threats across their IT and OT environments.

Teenager charged over $50 million SIM-swap cryptocurrency theft (Graham Cluley, Jan 22 2020)
Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam.

Ignoring Security Experts, Washington State Eyes Voting by Smartphone (VICE, Jan 22 2020)
Security experts still widely agree that online voting can’t be adequately secured or transparently audited. Yet the siren song of ‘easier voting’ appears irresistible.

Who Made the Spyware Used to Hack Jeff Bezos’ Phone? (VICE, Jan 22 2020)
Experts are debating who helped Saudi Arabia hack the phone of the richest man on Earth.

Apple Addresses iPhone 11 Location Privacy Concern (Krebs on Security, Jan 22 2020)
Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month.

UK Approves Restricted Huawei Role in 5G Network (SecurityWeek, Jan 28 2020)
Britain on Tuesday greenlighted a limited role for Chinese telecoms giant Huawei in the country’s 5G network, but underscored that “high risk vendors” would be excluded from “sensitive” core infrastructure.

SIM Swappers Are Phishing Telecom Company Employees to Access Internal Tools (VICE, Jan 28 2020)
SIM swappers are particularly interested in a tool called Omni from Verizon that allows hackers to take over phone numbers.

One Small Fix Would Curb Stingray Surveillance (Wired, Jan 27 2020)
The technology needed to limit stingrays is clear—but good luck getting telecoms on board.

Mike Rogers, former Republican House Intel chief, blasts Congress for not taking action on Huawei (Washington Post, Jan 28 2020)
Mike Rogers says partisan warfare has so handicapped Congress that it’s not doing nearly enough to stop a major world threat: Chinese telecom Huawei controlling large portions of next-generation telecommunication networks.