A Review of the Best News of the Week on AI, IoT, & Mobile Security
Saudis suspected of phone spying campaign in US (The Guardian, Mar 29 2020)
Whistleblower’s data suggests millions of tracking requests sent over four-month period
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account (VICE, Mar 26 2020)
Hackers accessed Telegram messaging accounts in Iran – researchers (Reuters, Mar 31 2020)
Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Researchers use AI and create early warning system to identify disinformation online (Help Net Security, Mar 27 2020)
Researchers at the University of Notre Dame are using artificial intelligence to develop an early warning system that will identify manipulated images, deepfake videos and disinformation online. The project is an effort to combat the rise of coordinated social media campaigns to incite violence, sew discord and threaten the integrity of democratic elections.
Why we need to secure IoT connections sooner than later (Help Net Security, Mar 30 2020)
IoT products offer many conveniences but there are massive amounts of data being transferred to and from these services vulnerable to attack if left unsecured.
Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits (SecurityWeek, Mar 26 2020)
A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take over devices, Trend Micro reports.
Hong Kong targeted in new sweeping mobile malware campaign (CyberScoop, Mar 30 2020)
A new spate of iOS and Android mobile malware attacks has been targeting Hong Kong residents, according to Kaspersky and Trend Micro.
>4,000 Android apps silently access your installed software (Ars Technica, Mar 28 2020)
Android API lets apps collect a list of all other installed apps, no permission needed.
Hackers target mobile users in Italy and Spain, taking advantage of coronavirus hot spots (CyberScoop, Mar 31 2020)
Attackers laced mobile apps with malware to try to steal data from Italian and Spanish residents looking for updates on the pandemic, according to ESET.
Report: 42M Iranian “Telegram” User IDs & Phone Numbers Leaked Online (Comparitech, Mar 31 2020)
42 million user IDs and phone numbers for a third-party version of Telegram were exposed online without a password. The accounts belong to users in Iran, where the official Telegram app is blocked.
Google Play’s malicious app problem infects 1.7 million more devices (Ars Technica, Mar 24 2020)
Apps went undetected by Google and antivirus scanners.
Android Malware Takes Payment for ‘Coronavirus Finder’ Map (Infosecurity Magazine, Mar 25 2020)
Ginp banking Trojan touts non-existent tracker to trick users
All 4G Networks Susceptible to DoS Attacks (Infosecurity Magazine, Mar 26 2020)
New research finds that all 4G and some 5G networks are vulnerable to DoS attacks
Android apps are snooping on your installed software (Naked Security – Sophos, Mar 27 2020)
Android apps are snooping on other software on your device – and that could tell shady advertising companies more about you than you’d like.
No Patch for VPN Bypass Flaw Discovered in iOS (SecurityWeek, Mar 26 2020)
Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple’s iOS mobile operating system that prevents VPN applications from encrypting all traffic.
Saudi spies tracked phones using flaws the FCC failed to fix for years (TechCrunch, Mar 30 2020)
One lawmaker on the Senate Intelligence Committee put the blame firmly at the FCC’s door.
VoIP Carriers Investigated Over Fraudulent Robocalls (Infosecurity Magazine, Mar 30 2020)
US court orders injunctions against two telecom carriers that facilitated millions of fraudulent robocalls
Apple’s iOS 13.4 hit by VPN bypass vulnerability (Naked Security – Sophos, Mar 30 2020)
It’s less than a week since iOS 13.4 appeared and already researchers have discovered a bug that puts at risk the privacy of VPN connections.
Google Bans Infowars Android App Over Coronavirus Claims (Wired, Mar 27 2020)
Apple kicked Alex Jones out of the App Store in 2018. The Google Play Store has finally followed suit.
HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers (CyberScoop, Mar 31 2020)
HackerOne has kicked mobile voting vendor Voatz off its platform, citing the vendor’s hostile interactions with security researchers.