A Review of the Best News of the Week on AI, IoT, & Mobile Security
DoJ Again Asks for Backdoors After Hacking Shooter’s iPhones (SecurityWeek, May 19 2020)
The U.S. Department of Justice announced on Monday that the FBI managed to gain access to the data stored on two iPhones belonging to an individual who last year killed and wounded several people at a United States naval base.
Cell-tower attacks by idiots who claim 5G spreads COVID-19 reportedly hit US (Ars Technica, May 18 2020)
US warns carriers to boost security, citing reports of attacks in several states.
AI and Cybersecurity (Schneier on Security, May 19 2020)
“Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Thousands of Android Apps Leak Data Due to Firebase Misconfigurations (SecurityWeek, May 13 2020)
Comparitech security researchers have discovered that thousands of Android applications distributed through Google Play leak sensitive information due to Firebase misconfigurations.
Security and the rapidly growing importance of mobile apps (Help Net Security, May 18 2020)
Organizations are under more pressure than ever before to rapidly produce both new apps and updates to existing apps, not only because it’s essentially the only way they can interact with their customers, but also because there will be a flood of new users who previously relied on physical locations to conduct their business.
Mandrake’ Android Spyware Remained Undetected for 4 Years (SecurityWeek, May 18 2020)
Security researchers at Bitdefender have identified a highly sophisticated Android spyware platform that managed to remain undetected for four years.
Over 6,400 Edison Mail Users Hit by Security Bug in iOS App (SecurityWeek, May 18 2020)
An update rolled out recently by Edison Mail for its iOS application resulted in some users being given access to other people’s email accounts. The company acted quickly to resolve the issue, but thousands may have been impacted.
Did LAPD Follow San Diego Lead in Mulling Smartphone Hacking Tech? (Times of San Diego, May 18 2020)
But suspicions arise that Westbridge Technologies was trying to sell LAPD its smartphone-hacking technology as it tried to do with the San Diego Police Department in 2016.
Military And Intelligence Personnel Can Be Tracked With The Untappd Beer App (bellingcat, May 19 2020)
Surprise! The beer-rating app Untappd can be used to track the location history of military personnel. The social network has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world.
Bluetooth Vulnerability Allows Attackers to Impersonate Previously Paired Devices (SecurityWeek, May 19 2020)
A vulnerability related to pairing in Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) connections could be exploited to impersonate a previously paired device, researchers have discovered.
Increased Focus on iOS Hacking Leads to Drop in Exploit Prices (SecurityWeek, May 19 2020)
The price of some iOS exploits has dropped recently and at least one exploit acquisition company is no longer buying certain types of vulnerabilities. Experts believe this is a result of security researchers increasingly focusing on finding vulnerabilities in iOS.