A Review of the Best News of the Week on AI, IoT, & Mobile Security
iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever (Ars, Dec 01 2020)
Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.
Trump Signs IoT Security Bill into Law (Dark Reading, Dec 07 2020)
The Internet of Things Cybersecurity Improvement Act of 2020 is now official.
Many Android Apps Expose Users to Attacks Due to Failure to Patch Google Library (SecurityWeek, Dec 04 2020)
A vulnerability in the Google Play Core Library continues to impact many applications several months after official patches were released.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
This Company Uses AI to Outwit Malicious AI (Wired, Dec 02 2020)
Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.
Google parts with top AI researcher after blocking paper, faces blowback (Ars Technica, Dec 04 2020)
Timnit Gebru’s exit reignites debate over diversity and free speech at tech group.
iOS Exploit Allows ‘Unfettered Access’ to iPhone User Data Over Wi-Fi (SecurityWeek, Dec 02 2020)
Google Details iPhone Zero-Click Exploit Allowing Theft of User Data, Including Photos, Emails
Watch This Google Hacker Pwn 26 iPhones With a ‘WiFi Broadcast Packet of Death’ (VICE, Dec 02 2020)
A Google security researcher found bugs that allowed him to take over nearby iPhones with a Raspberry Pi and just $100 in WiFi gear.
A ‘Magical Bug’ Exposed Any iPhone in a Hacker’s Wi-Fi Range (Wired, Dec 03 2020)
A Google researcher found flaws in Apple’s AWDL protocol that would have allowed for a complete device takeover.
Samsung finally starts its Android 11 rollout, three months after release (Ars Technica, Dec 04 2020)
Android 11 brings a new media player, new one-time permissions, and more.
Android apps with millions of downloads are vulnerable to serious attacks (Ars Technica, Dec 04 2020)
Flaw allows malicious apps to steal credentials, private messages and much more.
Most pros are concerned about cybersecurity risks related to 5G adoption (Help Net Security, Dec 07 2020)
Most professionals say their organizations are concerned about cybersecurity risks related to 5G adoption (76.4% of professionals at organizations currently use 5G and 80.7% of professionals at organizations plan to adopt 5G in the year ahead), according to a Deloitte poll. “U.S. 5G bandwidth availability has expanded and accelerated considerably in recent months, offering competitive advantages technologically, financially and otherwise to early adopters,” said Wendy Frank…
Critical Flaws in Millions of IoT Devices May Never Get Fixed (Wired, Dec 08 2020)
Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.