A Review of the Best News of the Week on AI, IoT, & Mobile Security
Hackers Just Dropped a Jailbreak They Say Works for All iPhones (VICE, May 23 2020)
The new unc0ver jailbreak relies on a vulnerability that the researcher who found it says Apple is unaware of.
Samsung Unveils New Security Chip for Mobile Devices (SecurityWeek, May 26 2020)
Samsung on Tuesday unveiled a new security solution — composed of a secure element (SE) chip and security software — designed to enhance data protection on mobile devices.
How iPhone Hackers Got Their Hands on the New iOS Months Before Its Release (VICE, May 22 2020)
Several people, including security researchers, hackers, and bloggers, have had access to an early version of the new iOS 14 for months.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How Britain’s oldest universities are trying to protect humanity from risky A.I. (CNBC, May 25 2020)
If AI somehow became much more powerful, there are three main ways in which it could end up causing harm, according to Bostrom. They are:
– AI could do something bad to humans.
– Humans could do something bad to each other using AI.
– Humans could do bad things to AI (in this scenario, AI would have some sort of moral status).
Realizing the Potential of AI-Driven Security Operations (SecurityWeek, May 21 2020)
Traditionally, ML and AI are used by organizations to perform mundane tasks that bog down security teams, such as correlating log files or performing device patching and updating. But that only scratches the surface of their potential. But Machine Learning (ML) and Artificial Intelligence (AI) can also help fill the cybersecurity skills gap by reducing the complexity and overhead that comes from an expanding security infrastructure.
The Problem with Artificial Intelligence in Security (Dark Reading, May 26 2020)
Any notion that AI is going to solve the cyber skills crisis is very wide of the mark. Here’s why.
Illuminating AWS cloud environments with Darktrace Cyber AI (Darktrace Blog, May 22 2020)
This blog post explains how enterprise-wide and real-time analysis enables self-learning AI to uniquely detect and investigate threats in AWS environments at an early stage.
COVID-19 pandemic ratchets up threats to medical IoT (Network World Security, May 22 2020)
The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head – cyberattacks, particularly those based on ransomware, have become more common as the disease spread, targeting medical IoT devices and healthcare networks.
Number of active IoT devices expected to reach 24.1 billion in 2030 (Help Net Security, May 21 2020)
At the end of 2019 there were 7.6 billion active IoT devices, a figure which will grow to 24.1 billion in 2030, a CAGR of 11%, according to a research published by Transforma Insights. Short range technologies, such as Wi-Fi, Bluetooth and Zigbee, will dominate connections, accounting for 72% in 2030, largely unchanged compared to the 74% it accounts for today.
IoT security: In 2020, action needs to match awareness (Help Net Security, May 26 2020)
As the power of IoT devices increases, security has failed to follow suit. This is a direct result of the drive to the bottom for price of network enabling all devices. But small steps can greatly increase the overall security of IoT. A better IoT security story has to be one of the most urgent priorities in all of technology.
WolfRAT malware targets WhatsApp, Messenger (SC Media, May 19 2020)
A new malware called “WolfRAT is targeting messaging apps, such as WhatsApp, Facebook Messenger and Line on Thai Android devices. WolfRAT, according to the Cisco Talos intelligence team, is based on a leak of the previously leaked DenDroid malware family.
COVID-19 contact tracing hits Apple devices with iOS and iPadOS 13.5 (Ars Technica, May 20 2020)
Apple also pushed out small updates for HomePods and Apple TVs.
Facebook Messenger Adds Safety Alerts—Even in Encrypted Chats (Wired, May 21 2020)
By using metadata instead of content to spot suspicious behavior, the social network can keep privacy intact.
Mitsubishi hackers may have stolen details of prototype missile (Graham Cluley, May 21 2020)
Hackers exploited vulnerabilities in one of Trend Micro’s anti-virus products last year to steal information from Japanese manufacturer Mitsubishi Electric.
10 iOS Security Tips to Lock Down Your iPhone (Dark Reading, May 22 2020)
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
BlockFi hacked following SIM swap attack, but says no funds lost (Graham Cluley, May 21 2020)
For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.
Insidious Android malware gives up all malicious features but one to gain stealth (WeLiveSecurity, May 22 2020)
ESET researchers detect a new way of misusing Accessibility Service, the Achilles’ heel of Android security
The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories (Wired, May 24 2020)
The claim that 5G can spread the coronavirus has led to dozens of cell-tower burnings in Europe. Now, the US telecom industry is on alert as well.
Customized Android Builds Drive Global Security Inequality (Infosecurity Magazine, May 26 2020)
F-Secure researchers warn of security gaps from local configurations
FTC Settles With Canadian Smart Lock Maker Over Security Practices (SecurityWeek, May 26 2020)
The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.”