A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google Authenticator Can Now Transfer 2SV Secrets Between Devices (SecurityWeek, May 08 2020)
The new feature is meant to make it easier for users to manage their Google Authenticator 2SV codes across multiple devices.

iOS XML Bug (Schneier on Security, May 07 2020)
“This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza’s explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists, and Plists are used everywhere in iOS (and MacOS).”

NSO Group Pitched Phone Hacking Tech to American Police (VICE, May 12 2020)
A brochure and emails obtained by Motherboard show how Westbridge, the U.S. arm of NSO, wanted U.S. cops to buy a tool called Phantom.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Malicious Use of AI Poses a Real Cybersecurity Threat (Dark Reading, May 05 2020)
We should prepare for a future in which artificially intelligent cyberattacks become more common.

Clearview AI won’t sell vast faceprint collection to private companies (Naked Security – Sophos, May 11 2020)
… nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.

Kaiji – a new strain of IoT malware seizing control and launching DDoS attacks (Graham Cluley, May 05 2020)
Kaiji, a new botnet campaign, created from scratch rather than resting on the shoulders of those that went before it, is infecting Linux-based servers and IoT devices with the intention of launching distributed denial-of-service (DDoS) attacks.

Microsoft opens IoT bug bounty program (Naked Security – Sophos, May 11 2020)
Microsoft really wants to secure the Internet of Things (IoT), and it’s enlisting citizen hackers’ help to do it.

Could this be the world’s most harmless IoT botnet? (Graham Cluley, May 08 2020)
When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

More Than 30 Firms Join Alliance Calling for ‘Open’ 5G systems (SecurityWeek, May 05 2020)
More than 30 technology and telecom firms unveiled an alliance Tuesday to press for “open and interoperable” 5G wireless systems that eliminate the need for a single supplier.

‘About Coronavirus’ app locks Android screens with repackaged malware (SC Media, May 05 2020)
An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites.

How a Facebook Bug Took Down Spotify, TikTok, and Other Major iOS Apps (Wired, May 07 2020)
Thank a tiny change to a software development kit for widespread crashes Wednesday, including the Spotify and TikTok apps.

The 5G Coronavirus Conspiracy Theory Has Taken a Dark Turn (Wired, May 09 2020)
Though social networks have pledged to take more concerted action against it, the theory has continued to spread, inspiring a surge of attacks.