A Review of the Best News of the Week on AI, IoT, & Mobile Security
Google Play has been spreading advanced Android malware for years (Ars Technica, Apr 29 2020)
Attackers behind the campaign used several effective techniques to repeatedly bypass the vetting process Google uses in an attempt to keep malicious apps out of Play. One method was to initially submit a benign version of an app and add the backdoor only after the app was accepted. Another approach was to require few or even no permissions during installation and to later request them dynamically using code hidden inside an executable file. One of the recent apps posed as a browser cleaner.
Google and Apple Reveal How Covid-19 Alert Apps Might Look (Wired, May 04 2020)
As contract tracing plans firm up, the tech giants are sharing new details for their framework—and a potential app interface.
European Virus Tracing Apps Highlight Battle for Privacy (SecurityWeek, May 05 2020)
As governments race to develop mobile tracing apps to help contain infections, attention is turning to how officials will ensure users’ privacy. The debate is especially urgent in Europe, which has been one of the hardest-hit regions in the world, with nearly 140,000 people killed by COVID-19.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Artificial Intelligence Cannot Be Inventors, US Patent Office Rules (VICE, Apr 28 2020)
An AI system called DABUS “invented” two new devices, but the USPTO says only humans can do that.
Fooling NLP Systems Through Word Swapping (Schneier on Security, Apr 28 2020)
MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms…
Senator questions Clearview AI over coronavirus tracking plans (CNET, May 02 2020)
Sen. Edward Markey says COVID-19 contact tracing can’t be “used as cover by companies like Clearview to build shadowy surveillance networks.”
Australian military gets first drone that can fly with artificial intelligence (CNN, May 05 2020)
Australian military gets first drone that can fly with artificial intelligence CNN
Leveling up: Augmenting the adversary with AI (Darktrace Blog, Apr 27 2020)
AI is being used by cyber-criminals to augment their attacks at every stage in the kill-chain, ensuring their campaigns are fast, numerous and stealthy.
NSO Employee Abused Phone Hacking Tech to Target a Love Interest (VICE, Apr 28 2020)
The previously unreported news is a serious abuse of NSO’s products, which are typically used by governments and authoritarian regimes.
As companies rely on digital revenue, the need for web and mobile app security skyrockets (Help Net Security, Apr 30 2020)
As non-essential businesses have been forced to shut their doors around the world, many companies that previously relied heavily on the brick-and-mortar side of the business are now leaning more on revenue from their digital platforms. By 2023, according to research performed by Statista, applications may generate nearly $935 billion in revenue. With increased reliance on these applications and increasing customer traffic, security will play a critical role.
Android Ransomware Asks for Victim’s Credit Card Info (SecurityWeek, Apr 30 2020)
A piece of Android ransomware uses a scareware tactic to extort money from victims: it asks them to provide their credit card information to pay a “fine,” Check Point reveals.
Android Phone Makers Improve Patching Practices (SecurityWeek, Apr 29 2020)
Android smartphone manufacturers have significantly improved their patching hygiene over the past couple of years, a new report from Security Research Labs reveals.
Newly-discovered Android malware steals banking passwords and 2FA codes (Graham Cluley, Apr 30 2020)
Security researchers are warning of a new mobile banking trojan that steals details from over 200 financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.
“Zero-click” mobile phone attacks – and how to avoid them (Naked Security – Sophos, Apr 30 2020)
What if a messaging app has to show you an unwanted message so you can decide whether you want it shown to you?
Android’s May 2020 Patches Fix Critical System Vulnerability (SecurityWeek, May 05 2020)
Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component.