A Review of the Best News of the Week on AI, IoT, & Mobile Security

How Police Secretly Took Over a Global Phone Network for Organized Crime (VICE, Jul 02 2020)
Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren’t really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users’ communications for months. Investigators then shared those messages with agencies around Europe.

Android Apps Stealing Facebook Credentials (Schneier on Security, Jun 30 2020)
Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to a report from French cyber-security…

Early Covid-19 tracking apps easy prey for hackers, and it might get worse before it gets better (Politico, Jul 07 2020)
The apps could prove vital to curtailing the virus’s spread as states reopen, but security fears may make them unpopular with users.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New Cybersecurity Standard for IoT Devices Established By ETSI (Infosecurity Magazine, Jun 30 2020)
New security standard aims to prevent attacks against smart devices

Securing the International IoT Supply Chain (Schneier on Security, Jul 01 2020)
Together with Nate Kim (former student) and Trey Herr (Atlantic Council Cyber Statecraft Initiative), I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company…

7 IoT Tips for Home Users (Dark Reading, Jul 02 2020)
Whether for business or pleasure, you’re on your own once you walk into the house with a new Internet of Things device. Here’s how to keep every one secure.

How to Assess More Sophisticated IoT Threats (Dark Reading, Jul 06 2020)
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.

FCC Designates Huawei & ZTE as National Security Threats (Dark Reading, Jun 30 2020)
Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.

Google Details Memory-Related Security Improvements in Android 11 (SecurityWeek, Jul 01 2020)
Google this week shared details on how it is fighting memory bugs in Android 11, as well as on other security improvements that the upcoming platform version will deliver.

How to Passcode Lock Any App on Your Phone (Wired, Jul 05 2020)
Letting someone see your phone shouldn’t also mean letting them snoop on your texts, photos, or emails. Here’s how to stop it from happening.

Android Adware Tied to Undeletable Malware (Dark Reading, Jul 06 2020)
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.