A Review of the Best News of the Week on AI, IoT, & Mobile Security

Ripple20 Bugs Put Hundreds of Millions of IoT Devices at Risk (Wired, Jun 16 2020)
The so-called Ripple20 vulnerabilities affect equipment found in data centers, power grids, and more.

GTP Vulnerabilities Expose 4G/5G Networks to High-Impact Attacks (SecurityWeek, Jun 12 2020)
Vulnerabilities in the GPRS Tunnelling Protocol (GTP) expose 4G and 5G cellular networks to a variety of attacks, including denial-of-service, user impersonation, and fraud, Positive Technologies security researchers warn.

T-Mobile Outage Mistaken for Massive DDoS Attack on U.S. (SecurityWeek, Jun 16 2020)
Wireless carrier T-Mobile on Monday suffered a major outage in the United States that impacted service at other carriers as well, and it ended up being reported as a “massive” distributed denial of service (DDoS) attack.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

FCC failed to monitor Chinese telecoms for almost 20 years: Senate report (Ars Technica, Jun 09 2020)
Senate report blasts FCC and other agencies for two decades of inaction.

Trustworthy AI Initiative Launched (Infosecurity Magazine, Jun 09 2020)
Initiative launched to promote the development of trustworthy artificial intelligence technology

Availability Attacks against Neural Networks (Schneier on Security, Jun 10 2020)
New research on using specially crafted inputs to slow down machine-learning neural network systems:

Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause a DNN to burn more energy, take more time, or both. They affect a wide range of DNN applications, from image recognition to natural language processing (NLP). Adversaries might use these examples for all sorts of mischief — from draining mobile phone batteries, though degrading the machine-vision systems on which self-driving cars rely, to jamming cognitive radar.

There is a direct correlation between AI adoption and superior business outcomes (Help Net Security, Jun 14 2020)
Adoption of artificial intelligence (AI) is growing worldwide, according to an IDC survey of more than 2,000 IT and line of business (LoB) decision makers. Over a quarter of all AI initiatives are already in production and more than one third are in advanced development stages. And organizations are reporting an increase in their AI spending this year.

NeoML: Open source library for building, training, and deploying machine learning models (Help Net Security, Jun 16 2020)
ABBYY launched NeoML, an open source library for building, training, and deploying machine learning models. Available now on GitHub, NeoML supports both deep learning and traditional machine learning algorithms.

5 IoT Security Tips for Stay-At-Home Workers (SC Media, Jun 10 2020)
As millions of employees across the world work from home because of the COVID-19 pandemic, IoT security has become more critical than ever as cybercriminals look to exploit the situation. Over the past few years, many organizations already have put security controls and measures in place that ensure only authorized users can access and configure…

CallStranger bug in billions of devices can enable data exfiltration, DoS attacks (SC Media, Jun 09 2020)
Billions of Internet of Things and Local Area Network devices that rely on the Universal Plug and Play (UPnP) protocol for discovery of and interaction with other devices are vulnerable to “CallStranger,” a bug that can be exploited to exfiltrate data, launch a denial of service attack or scan ports.

IoT Security Trends & Challenges in the Wake of COVID-19 (Dark Reading, Jun 16 2020)
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here’s why.

Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack (Help Net Security, Jun 16 2020)
19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT devices deployed by organizations in a wide variety of industries and sectors. “Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors,” say the researchers who discovered…

As IoT devices evolve, risk management needs improvement (Help Net Security, Jun 15 2020)
There’s an acute need for IoT risk management improvement, as most organizations do not know what tracking and safeguards their third parties have in place, according to the Shared Assessments Program and the Ponemon Institute.

New Eavesdropping Technique Relies on Light Bulb Vibrations (SecurityWeek, Jun 15 2020)
A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb’s frequency response to sound.

Warning issued over hackable security cameras (WeLiveSecurity, Jun 15 2020)
The owners of the vulnerable indoor cameras are advised to unplug the devices immediately

Babylon mobile health app mixes up patient consultation videos (Naked Security – Sophos, Jun 10 2020)
Mobile health app Babylon, which states its company mission as putting “an accessible and affordable health service in the hands of every person on earth”, has admitted to a software bug that went one step further than that.

According to a BBC report, an app user in the UK ended up with other people’s health service data in his hands.

LAPD Got Tech Demos from Israeli Phone Hacking Firm NSO Group (VICE, Jun 09 2020)
Emails obtained by Motherboard also reveal new details about previously unreported NSO Group products.

FBI warns hackers are targeting mobile banking apps (TheHill, Jun 11 2020)
The FBI on Wednesday warned that malicious cyber actors were targeting mobile banking apps in an attempt to steal money as more Americans have moved to online banking during the coronavirus pandemic.

Android 11 Will Help You Rein In Zombie App Permissions (Wired, Jun 10 2020)
The latest update to Google’s operating system has a host of privacy and security improvements.