A Review of the Best News of the Week on AI, IoT, & Mobile Security

Contact Tracing COVID-19 Infections via Smartphone Apps (Schneier on Security, Apr 13 2020)
“Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It’s similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It’s nice seeing the privacy protections; they’re well thought out. I was going to write a long essay…”

How Google Plans to Push Its Coronavirus Tracing Feature to Android Phones (VICE, Apr 14 2020)
Android has a notoriously patchy update cycle, so Google is using another method to push a new coronavirus tracing feature to phones without user interaction.

12k+ Android apps contain master passwords, secret access keys, secret commands (ZDNet, Apr 07 2020)
Comprehensive academic study finds hidden backdoor-like behavior in 6,800 Play Store apps, 1,000 apps from third-party app stores, and almost 4,800 apps pre-installed on user devices.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Four ways cyber-criminals fly under the radar (Darktrace Blog, Apr 08 2020)
As adversaries adopt a collection of techniques to escape detection, the challenge of reliably attributing cyber-threats intensifies.

Why the information security of your company depends on machine learning (SC Media, Apr 13 2020)
Machine learning operations (MLOps) technology and practices enable IT teams to deploy, monitor, manage, and govern machine learning projects in production. Much like DevOps for software, MLOps provides the tools you need to maintain dynamic machine learning-driven applications.

Microsoft project proposed to aid Linux IoT code integrity (Naked Security – Sophos, Apr 08 2020)
Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. The time is now.

Medical Devices on the IoT Put Lives at Risk (Dark Reading, Apr 09 2020)
Device security must become as important a product design feature as safety and efficacy.

Potent ‘dark_nexus’ IoT Botnet Emerges (SecurityWeek, Apr 09 2020)
A recently identified Internet of Things (IoT) botnet has modules developed in a manner that makes it significantly more “potent and robust” than other IoT botnets, Bitdefender’s security researchers say.

Avast Secure Browser for Android released, includes a built-in VPN (Help Net Security, Apr 08 2020)
Avast has released an Android version of Avast Secure Browser to extend its platform support beyond Windows and Mac on desktop to mobile.

Google makes seamless update support mandatory in Android 11 (Ars Technica, Apr 08 2020)
Dual system partitions significantly cut down on update downtime.

Unkillable’ Android Malware App Continues to Infect Devices Worldwide (Dark Reading, Apr 08 2020)
The xHelper Trojan has compromised over 55,000 devices so far, Kaspersky says.

Fleeceware on your iPhone? Don’t get caught out while penned up at home (Naked Security – Sophos, Apr 09 2020)
The app’s free. But the subscription most certainly isn’t!

Google removes Android VPN with ‘critical vulnerability’ from Play Store (Naked Security – Sophos, Apr 09 2020)
Google has removed the SuperVPN program from the Google Play store after researchers notified it of a critical vulnerability.

Attacking the Organism: Telecom Service Providers (SecurityWeek, Apr 08 2020)
Securing the Massive Netwoks of Telecom Service Providers is a Major Challenge and Becoming More Complex

The Rise and Spread of a 5G Coronavirus Conspiracy Theory (Wired, Apr 09 2020)
From an interview with an obscure Belgian doctor to apparent arson attacks in the UK, the unfounded claim that the pandemic is linked to 5G has spread unlike any other.

TikTok users beware: Hackers could swap your videos with their own (Naked Security – Sophos, Apr 14 2020)
TikTok doesn’t use HTTPS for its images and videos – so crooks could swap out the videos you see and you would never know.