A Review of the Best News of the Week on AI, IoT, & Mobile Security
Google considering an iOS-style anti-tracking feature for Android (Ars Technica, Feb 05 2021)
Android could get tracking controls after “seeking” from ad companies.
NoxPlayer Android Emulator Supply-Chain Attack (Schneier on Security, Feb 08 2021)
“It seems to be the season of sophisticated supply-chain attacks.
This one is in the NoxPlayer Android emulator:
ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com).
Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users.”
Android barcode scanner with 10 million+ downloads infects users (Ars Technica, Feb 08 2021)
Researcher says Google hasn’t removed the malicious app, so onus is on end users.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Canada Probe Concludes Clearview AI Breached Privacy Laws (SecurityWeek, Feb 04 2021)
US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians’ privacy rights, Canada’s privacy commissioner said Wednesday following an investigation.
AI and APIs: The A+ Answers to Keeping Data Secure and Private (Dark Reading, Feb 05 2021)
Many security leaders view regulations and internal processes designed to manage and secure data as red tape that hampers innovation. Nothing could be further from the truth.
Microsoft Says It’s Time to Attack Your Machine-Learning Models (Dark Reading, Feb 04 2021)
With access to some training data, Microsoft’s red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.
Apple’s updated App Store guidelines clarify positions on recent controversies (Ars Technica, Feb 02 2021)
Among the changes: game-streaming clarification, payment requirements, and more.
Attackers Continue to Nibble at Apple’s iOS Security (Dark Reading, Feb 02 2021)
For the second time in less than three months, Apple has patched vulnerabilities in the software for iPhone and iPad, warning that the issues are already being targeted by attackers.
Google Patches Over a Dozen High-Severity Privilege Escalation Flaws in Android (SecurityWeek, Feb 02 2021)
Google this week published its Android security bulletin for February 2021, which includes information on more than 40 vulnerabilities, most of which could lead to elevation of privilege.
A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets (VICE, Feb 03 2021)
Technical analyses by Citizen Lab and Motherboard found links between a fake version of WhatsApp and Cy4Gate, an Italian surveillance firm that works with cops and intelligence agencies.