A Review of the Best News of the Week on AI, IoT, & Mobile Security
iPhone Apps Stealing Clipboard Data (Schneier on Security, Jun 29 2020)
iOS apps are repeatedly reading clipboard data, which can include all sorts of sensitive information. While Haj Bakry and Mysk published their research in March, the invasive apps made headlines again this week with the developer beta release of iOS 14. A novel feature Apple added provides a banner warning every time an app reads clipboard contents. As large numbers of people began testing the beta release, they quickly came to appreciate just how many apps engage in the practice and just how often they do it.
Is It Legal for Cops to Force You to Unlock Your Phone? (Wired, Jun 27 2020)
Because the relevant Supreme Court precedents predate the smartphone era, the courts are divided on how to apply the Fifth Amendment.
Analyzing IoT Security Best Practices (Schneier on Security, Jun 25 2020)
“Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what (generically) “best practice” means, independent of meaningfully identifying specific individual practices.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Bug Hunters Confident They Will Continue to Outperform AI: Study (SecurityWeek, Jun 24 2020)
Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers — just the security team. The other side includes every blackhat hacker in the world — that is, many, many thousands. The blackhats only need to succeed once; the defenders need to succeed many times every day. Bugcrowd seeks to reverse this impossible mathematics.
Over 1,000 AI Experts Condemn Racist Algorithms That Claim to Predict Crime (VICE, Jun 23 2020)
Technologists from MIT, Harvard, and Google say research claiming to predict crime based on human faces creates a "tech-to-prison pipeline" that reinforces racist policing.
IoT adds value, risk but management within reach (SC Media, Jun 29 2020)
Along with the tremendous opportunity brought to the enterprise by the gadgets that hang off of the Internet of Things (IoT) comes sizable risk that organizations must assess and manage. “Value should be considered while determining risk,” said Paul Rohmeyer, associate industry professors at the Stevens Institute of Technology, who led the “Managing Cybersecurity and…
The post IoT adds value, risk but management within reach appeared first on SC Media.
New Charges, Sentencing in Satori IoT Botnet Conspiracy (Krebs on Security, Jun 25 2020)
The U.S. Justice Department today criminally charged a Canadian and a Northern Ireland man for allegedly conspiring to build multiple botnets that enslaved hundreds of thousands of routers and other Internet of Things (IoT) devices for use in large-scale distributed denial-of-service (DDoS) attacks. In addition, a defendant in the United States was sentenced to drug treatment and 18 months community confinement for his admitted role in the conspiracy.
Microsoft Previews Windows Defender ATP for Android (Dark Reading, Jun 23 2020)
In addition, the first release of Defender ATP for Linux is now generally available.
COVID-Themed Ransomware Attack on Android Users Revealed (Infosecurity Magazine, Jun 25 2020)
Android users were lured into downloading a ransomware app disguised as an official COVID-19 tracing tool
Apple Acquires Device Management Company Fleetsmith (SecurityWeek, Jun 25 2020)
Apple has acquired Fleetsmith, a San Francisco-based company that specializes in solutions designed to help organizations manage the Apple devices used by their employees.
Fleetsmith’s enterprise device management solution automates setup, patching, intelligence and security for Macs, iPhones, iPads and Apple TV devices.
Opinion | America Is Facing 5 Epic Crises All at Once (The New York Times, Jun 29 2020)
This is not the time to obsess about symbolism.
Indian Government Bans TikTok and 50+ Chinese Apps (Infosecurity Magazine, Jun 30 2020)
New Delhi concerned over reports of privacy and security concerns