A Review of the Best News of the Week on AI, IoT, & Mobile Security
U.K. Bans Huawei From 5G Network, Raising Tensions With China (New York Times, Jul 14 2020)
Banning the use of the Chinese tech giant’s equipment in high-speed wireless infrastructure is a major reversal by Prime Minister Boris Johnson — and a big victory for the Trump administration.
Half a Million IoT Passwords Leaked (Schneier on Security, Jul 08 2020)
“It is amazing that this sort of thing can still happen: …the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations. Telnet? Default passwords? In 2020? We have a long way to go to secure…”
iPhone Hackers Grayshift Sell ‘Mobile’ GrayKey (VICE, Jul 13 2020)
Grayshift, the company behind iPhone unlocking technology GrayKey, also sells a “mobile” version of its technology, according to emails obtained by Motherboard.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Researchers Use AI to Spot Drone Pilots (Infosecurity Magazine, Jul 07 2020)
A good drone pilot is hard to find, unless you happen to be a researcher from Ben-Gurion University of the Negev
Brits Desire Greater Regulation of AI (Infosecurity Magazine, Jul 09 2020)
Britons want increased regulation and more accountability concerning artificial intelligence
Mounting IIoT cyber risks must be addressed now to prevent catastrophe: report (SC Media, Jul 07 2020)
Critical infrastructure globally across sectors are at a particularly vulnerable state due to the continued heightened pace of cyberattacks on the Industrial Internet of Things (IIoT), according to a report from Lloyd’s Register Foundation, the U.K.-based global safety charity.
IoT Security Principles (Schneier on Security, Jul 07 2020)
The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published “Policy Principles for Building a Secure and Trustworthy Internet of Things.” They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and international policies. Establishing regularly updated…
Traffic Analysis of Home Security Cameras (Schneier on Security, Jul 09 2020)
“Interesting research on home security cameras with cloud storage. Basically, attackers can learn very basic information about what’s going on in front of the camera, and infer when there is someone home.”
AWS IoT SiteWise: Collecting, organizing, and monitoring data from industrial equipment (Help Net Security, Jul 12 2020)
Amazon Web Services, an Amazon.com company, announced the general availability of AWS IoT SiteWise, a managed service that collects data from the plant floor, structures and labels the data, and generates real-time key performance indicators (KPIs) and metrics to help industrial customers make better, data-driven decisions.
New Mirai Variant Surfaces With Exploits for 9 Vulnerabilities Products (Dark Reading, Jul 14 2020)
Impacted products include routers, IP cameras, DVRs, and smart TVs.
Fake TikTok App Targets Indian Users (Infosecurity Magazine, Jul 09 2020)
Fake ‘professional’ version of TikTok spread via SMS to Indian users
Amazon Says Email to Employees Banning TikTok Was a Mistake (SecurityWeek, Jul 13 2020)
Roughly five hours after an internal email went out Friday to Amazon employees telling them to delete the popular video app TikTok from their phones, the online retailing giant appeared to backtrack, calling the ban a mistake.
Darktrace email finds: Chase fraud alert (Darktrace Blog, Jul 13 2020)
Darktrace’s AI email security recently stopped a malicious email attempting to impersonate Chase bank, coaxing the recipient into handing over their credentials. This blog covers why the attack evaded traditional security tools at the gateway, and how Darktrace spotted and neutralized the threat in real time.
Google Patches Critical Android Vulnerabilities With July 2020 Updates (SecurityWeek, Jul 08 2020)
Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components.
Verizon Adds Protection Against SIM Swapping Hacks in Mobile App (VICE, Jul 09 2020)
Verizon’s new feature ‘Number Lock’ add an extra layer of security, but it’s not foolproof.
Joker’ Android Malware Pulls Another Trick to Land on Google’s Play Store (Dark Reading, Jul 09 2020)
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
Signal’s New PIN Feature Worries Cybersecurity Experts (VICE, Jul 10 2020)
The popular encrypted app is now going to store your contacts in the cloud. Experts are worried this compromises users’ privacy.
Comments on the National Strategy to Secure 5G Implementation Plan | National Telecommunications and Information Administration (U.S. Department of Commerce, Jul 12 2020)
NTIA requested comments in accordance with the Secure 5G and Beyond Act of 2020 to inform the development of an Implementation Plan for the National Strategy to Secure 5G. The comment period ended on 06/25/2020.