A Review of the Best News of the Week on AI, IoT, & Mobile Security
0-click iMessage 0-day used to hack the iPhones of 36 journalists (Ars Technica, Dec 21 2020)
Three dozen journalists had their iPhones hacked in July and August using what at the time was an iMessage zero-day exploit that didn’t require the victims to take any action to be infected, researchers said.
Cybercriminals Steal Millions by Spoofing Thousands of Mobile Devices (SecurityWeek, Dec 16 2020)
A group of cybercriminals used mobile emulators to spoof thousands of mobile devices , which enabled them to steal millions of dollars within days. Targeting financial institutions in Europe and the United States, the mobile banking fraud operation relied on over 20 emulators to spoof more than 16,000 mobile devices and access compromised accounts.
Eavesdropping on Phone Taps from Voice Assistants (Schneier on Security, Dec 22 2020)
“The microphones on voice assistants are very sensitive, and can snoop on all sorts of data:
In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
How AI stopped a WastedLocker intrusion before ransomware deployed (Darktrace Blog, Dec 22 2020)
Darktrace recently detected and investigated a WastedLocker attack. This blog explores how this high-speed, high-stakes ransomware uses ‘living off the land’ techniques to bypass traditional security tools, and how Darktrace Antigena can autonomously stop this threat in its earliest stages, before encryption has begun.
Researchers develop tool that automates device programming in the IoT (Help Net Security, Dec 15 2020)
The Internet of Things (IoT) has ushered in a new era, with everyday items evolving into what we now refer to as cyber-physical systems. These systems are physical mechanisms controlled or monitored by computer algorithms and deeply intertwined through the internet. Such systems have pierced their way into industry and are being deployed and used above all to manage and control industrial processes, thus giving rise to the so-called Industry 4.0.
iOS Spyware Emerges in Longstanding Extortion Campaign (SecurityWeek, Dec 16 2020)
An extortion campaign targeting Chinese, Korean, and Japanese speakers recently started using a new piece of spyware, mobile security firm Lookout reported on Wednesday.
Qualcomm promises three years of Android updates for its entire SoC lineup (Ars Technica, Dec 16 2020)
The new plan is three years of major OS updates and four years of security updates.
Analysis of 5G Network Security Reveals Attack Possibilities (Infosecurity Magazine, Dec 17 2020)
5G security research discloses exploit opportunities
5G connections reach 229 million, adoption 4x as fast as LTE (Help Net Security, Dec 20 2020)
Despite a global pandemic and economic challenges, the fifth generation of wireless 5G powered ahead at four times the speed of subscriber growth as 4G LTE, according to 5G Americas. 5G connections The world added 225 million 5G subscribers between Q3 2019 and Q3 2020, a feat which required 4G LTE four years to attain. As of December 2020, there were 229 million 5G subscriptions globally…
US Schools Are Buying Cell Phone Unlocking Systems (Schneier on Security, Dec 18 2020)
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices
Migrating to standalone networks won’t secure 5G (SC Media, Dec 21 2020)
The stack of technologies that 5G uses could allow attacks aimed at operator networks as well as subscribers, launched from international roaming networks, operator networks or even partner networks providing access to services.
Tech Giants Show Support for WhatsApp in Lawsuit Against Spyware Firm (SecurityWeek, Dec 22 2020)
Microsoft, Cisco, GitHub, Google, LinkedIn, VMware and the Internet Association have filed an amicus brief in support of WhatsApp in the legal case against the NSO Group.