A Review of the Best News of the Week on AI, IoT, & Mobile Security
T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation (VICE, Mar 25 2021)
All the mobile carriers have mitigated a major SMS security loophole that allowed a hacker to hijack text messages for just $16.
5G network slicing vulnerability leaves enterprises exposed to cyberattacks (Help Net Security, Mar 24 2021)
AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, leaving enterprise customers exposed to malicious cyberattack.
System Update: New Android Malware (Schneier on Security, Mar 30 2021)
“Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article:
The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; pictures and videos; all of your text messages; and information on pretty much everything else that is on your phone…”
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Sierra Wireless Website Still Down After Ransomware Attack (Dark Reading:, Mar 24 2021)
The company believes the attack’s impact is limited to its internal IT systems and corporate websites.
Facebook Disrupts Chinese Spies Using iPhone, Android Malware (SecurityWeek, Mar 24 2021)
Facebook’s threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world.
Nearly Half of Popular Android Apps Built With High-Risk Components (Dark Reading:, Mar 25 2021)
Information leakage and applications asking for too many permissions were also major issues, according to a survey of more than 3,300 popular mobile applications.
New Android malware with full range of spying capabilities has been found (Ars Technica, Mar 26 2021)
Despite its sophistication, the app can be easy for more experienced users to spot.
Google wants to standardize digital car key and ID support on Android (Ars Technica, Mar 26 2021)
Google will certify Secure Element chips and software as “Android Ready SE.”
Apple patches zero-day targeted for iPhones, iPads and its popular watches (SC Media, Mar 29 2021)
Apple on Friday said it patched a zero-day cross-site scripting vulnerability affecting iPhones, iPads, the iPod touch and Apple watches that was actively exploited in the wild – the company’s seventh such announcement of a zero-day patch in the past five months.