A Review of the Best News of the Week on AI, IoT, & Mobile Security
2020 Unit 42 IoT Threat Report (Unit42, Mar 11 2020)
Unit 42’s new report analyze 1.2 million IoT devices to better understand the current IoT threat landscape and identify the top IoT threats.
Our Full Report on the Voatz Mobile Voting Platform (Trail of Bits Blog, Mar 16 2020)
Trail of Bits has performed the first-ever “white-box” security assessment of the platform, with access to the Voatz Core Server and backend software. Our assessment confirmed the issues flagged in previous reports by MIT and others, discovered more, and made recommendations to fix issues and prevent bugs from compromising voting security.
iPhone Unlocking Tech GrayKey Went Up in Price Because Hacking iPhones Got Harder (VICE, Mar 17 2020)
The cost of an annual license for the online version of GrayKey increased to $18,000, according to emails obtained by Motherboard.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
What Cybersecurity Pros Really Think About Artificial Intelligence (Dark Reading, Mar 13 2020)
While there’s a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
How the Rise of IoT Is Changing the CISO Role (Dark Reading, Mar 11 2020)
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile (Dark Reading, Mar 13 2020)
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
Some mobile ad-blockers and VPNs siphoning user data, report finds (Ars Technica, Mar 10 2020)
Sensor Tower, the firm behind the apps, apparently helped itself to the data.
We Built a Database of Over 500 iPhones Cops Have Tried to Unlock (VICE, Mar 11 2020)
“It is the world we are in today, and so have to deal with it,” former FBI general counsel Jim Baker said about device encryption.
U.S. Senators Seek to Ban TikTok on Government Devices (SecurityWeek, Mar 13 2020)
Sen. Josh Hawley (R-MO) and Sen. Rick Scott (R-FL) this week introduced a bill aimed at banning the use of the China-made TikTok application on government devices.
Cookiethief’ Android Malware Hijacks Facebook Accounts (SecurityWeek, Mar 13 2020)
A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app.
Trump Signs Bill to Help Telecoms Replace Huawei Equipment (SecurityWeek, Mar 13 2020)
President Donald Trump on Thursday signed into law a bill that provides $1 billion to help small telecom providers replace equipment made by China’s Huawei and ZTE.
Can 5G make you more vulnerable to cyberattacks? (Help Net Security, Mar 16 2020)
Many enterprises and sectors are unaware of the 5G security vulnerabilities that exist today. Choice IoT says it’s critical for businesses to have a plan for discovering and overcoming them at the outset of a 5G/IoT platform rollout to avoid future cybersecurity disasters.
Rail Thieves Prosper as Mobile Device Thefts Jump 62% (Infosecurity Magazine, Mar 16 2020)
FOI data reveals nearly 9000 devices went missing on UK trains last year
Coronavirus tracking app locks up Android phones for ransom (SC Media, Mar 13 2020)
A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access. Dubbed CovidLock, the newly discovered ransomware performs a screen-lock attack by forcing a change in the password required to unlock a phone…
Europol busts up two SIM-swapping hacking rings (Naked Security – Sophos, Mar 17 2020)
The suspected SIM-jackers were between the ages of 22 and 52 and hailed from Italy, Romania, Colombia and Spain. Europol says the gang hit over 100 times, stealing between €6,000 (£5,480, USD $6,700) and €137,000 (USD $152,880, £125,210) per attack from bank accounts of unsuspecting victims.
Rare Android Stalkerware Can Steal Data, Control Devices (SecurityWeek, Mar 17 2020)
A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices.