A Review of the Best News of the Week on AI, IoT, & Mobile Security
WhatsApp Delays Data Sharing Change After Backlash (SecurityWeek, Jan 18 2021)
WhatsApp on Friday postponed a data-sharing change as users concerned about privacy fled the Facebook-owned messaging service and flocked to rivals Telegram and Signal.
TikTok Harvested MAC Addresses By Exploiting Android Loophole (SecurityWeek, Jan 14 2021)
The ongoing controversies surrounding TikTok hit a new gear on Thursday with a bombshell report accusing the Chinese company of spying on millions of Android users using a technique banned by Google.
How Law Enforcement Gets Around Your Smartphone’s Encryption (Wired, Jan 13 2021)
New research has dug into the openings that iOS and Android security provide for anyone with the right tools.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
#CES2021: AI and Quantum Technologies Set to Disrupt Cybersecurity Industry (Infosecurity Magazine, Jan 15 2021)
Orgs must prepare cyber-defenses for surge in AI and quantum tech
AI-powered text from this program could fool the government (Ars Technica, Jan 17 2021)
Volunteers couldn’t tell AI-generated comments from those penned by humans.
Deploying AI-powered cybersecurity directly on drones (Help Net Security, Jan 19 2021)
SparkCognition and SkyGrid announced a new collaboration to deploy AI-powered cybersecurity directly on drones, protecting them from zero-day attacks during flight. Equipped with SparkCognition’s DeepArmor cybersecurity product, SkyGrid is the first airspace management system to enable drone protection powered by AI.
Understanding TCP/IP Stack Vulnerabilities in the IoT (Dark Reading, Jan 13 2021)
Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here’s an overview of what you need to know to mitigate risks.
Ring launches video End-to-End Encryption for compatible Ring Doorbells and Cams (Help Net Security, Jan 14 2021)
Ring announced the launch of video End-to-End Encryption for compatible Ring Doorbells and Cams, providing an advanced, opt-in security feature for customers who want to add an additional layer of security to their videos. Ring is the first major smart home security provider to offer customers this advanced security option.
Rogue’ Android RAT Can Take Control of Devices, Steal Data (SecurityWeek, Jan 13 2021)
A recently discovered Mobile Remote Access Trojan (MRAT) can take control of the infected Android devices and exfiltrate a trove of user data, Check Point security researchers warn.
Google: Attacker ‘likely’ had access to Android zero-day vulnerabilities (SC Media, Jan 13 2021)
Google’s Project Zero this week introduced a six-part series that offers an analysis of four zero-day vulnerabilities on Windows and Chrome, and known-day Android exploits it found during the team’s extensive research last year.
Thousands of Users Unknowingly Joined Signal Because of 12-Year-Old’s App (VICE, Jan 14 2021)
“Calls Chat” is essentially Signal with a different coat of paint.
Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers (SC Media, Jan 14 2021)
The software essentially exempted Apple’s own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.
Cell Phone Location Privacy (Schneier on Security, Jan 15 2021)
We all know that our cell phones constantly give our location away to our mobile network operators; that’s how they work. A group of researchers has figured out a way to fix that. “Pretty Good Phone Privacy” (PGPP) protects both user identity and user location using the existing cellular networks. It protects users from fake cell phone towers (IMSI-catchers) and surveillance by cell providers.