A Review of the Best News of the Week on AI, IoT, & Mobile Security
Justice Dept. expands Huawei indictment, charging 5G espionage (SC Media, Feb 14 2020)
The U.S. government expanded its year-old lawsuit against Chinese tech firm Huawei, alleging the company conducted cyber espionage on six American competitors in an attempt to steal trade secrets to gain an unfair advantage.
Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws (VICE, Feb 13 2020)
MIT researchers say an attacker could intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker.
Google Play Protect Scans 100 Billion Android Apps Daily (SecurityWeek, Feb 12 2020)
Google Play Protect now scans over 100 billion applications on Android devices daily, according to new figures disclosed by Google this week.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Using AI to detect a bitcoin mining campaign leveraging Citrix Netscaler vulnerabilities (Darktrace Blog, Jan 27 2020)
Recently discovered Citrix vulnerability strengthens the case for Autonomous Response and its proven ability to prevent novel attacks.
AI filter launched to block Twitter cyberflashing (Naked Security – Sophos, Feb 18 2020)
A small but determined group of Twitter users think it is a good idea to direct message (DM) pictures to complete strangers.
Babel of IoT Authentication Poses Security Challenges (Dark Reading, Feb 13 2020)
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
The challenges of cyber research and vulnerability disclosure for connected healthcare devices (Help Net Security, Feb 18 2020)
From a purely research perspective, there are challenges to do with access. For example, device procurement costs that can be prohibitively expensive, laws and policies that prevent vendors from selling to non-hospitals, sometimes difficult-to-accommodate spatial prerequisites, as well as installation, configuration, and calibration complexities, or even networking codependencies.
Huawei cyber security chief says no operator gives it access to intercept equipment (Reuters, Feb 16 2020)
Huawei’s cyber security chief said on Friday that he was not aware of any mobile operator ever having given the Chinese company access to the equipment used to intercept calls when required to do so by security services.
5G Adoption Should Change How Organizations Approach Security (Dark Reading, Feb 12 2020)
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications.
Nasty Android malware reinfects its targets, and no one knows how (Ars Technica, Feb 13 2020)
Users report that xHelper is so resilient it survives factory resets.
Apps Remain Favorite Mobile Attack Vector (Dark Reading, Feb 13 2020)
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
Google: Protections Added by Samsung to Android Kernel Increase Attack Surface (SecurityWeek, Feb 13 2020)
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don’t provide meaningful protection and they actually increase the attack surface.
WhatsApp Defends Encryption as It Tops 2 Billion Users (SecurityWeek, Feb 13 2020)
The Facebook-owned messaging service WhatsApp said Wednesday it now has more than two billion users around the world as it reaffirmed its commitment to strong encryption to protect privacy.
Phishing Campaign Targets Mobile Banking Users (Dark Reading, Feb 14 2020)
Consumers in dozens of countries were targeted, Lookout says.
PhotoSquared: App Leaks Data on Thousands of Users (Infosecurity Magazine, Feb 17 2020)
Researchers find another unsecured S3 bucket