A Review of the Best News of the Week on AI, IoT, & Mobile Security
Mobile providers exposing sensitive data to leakage and theft (Help Net Security, Apr 01 2021)
Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and share sensitive personal data, according to research by Tala Security. Mobile providers are exposing sensitive data Sensitive data is at significant risk via form data exposure: Forms used to capture credentials, banking details, passport numbers, etc., are exposed to an average of 19 third-parties.
Ubiquiti All But Confirms Breach Response Iniquity (Krebs on Security, Apr 04 2021)
For four days this past week, Internet-of-Things giant Ubiquiti did not respond to requests for comment on a whistleblower’s allegations the company had massively downplayed a “catastrophic” two-month breach ending in January to save its stock price, and that Ubiquiti’s insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday’s story on the whistleblower’s claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.
New Play Store rules block most apps from scanning your entire app list (Ars Technica, Apr 02 2021)
Your app list can contain sensitive data, so Google is locking down access.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Utah Gave $20 Million Contract to AI Surveillance Firm That Didn’t Have AI (VICE, Mar 30 2021)
The state audit of Banjo came after investigations by Motherboard and OneZero.
ACLU Files AI FOIA Request (Infosecurity Magazine, Apr 01 2021)
American Civil Liberties Union requests artificial intelligence documents from national security agencies
AI is Security’s Best Defense (SecurityWeek, Mar 30 2021)
Automation, Artificial Intelligence and Machine-learning Should be on the Radar for Any Modern SOC
How to Build a Resilient IoT Framework (Dark Reading, Apr 01 2021)
For all of their benefits, IoT devices weren’t built with security in mind — and that can pose huge challenges.
99% of security pros concerned about their IoT and IIoT security (Help Net Security, Apr 05 2021)
More than three quarters of those surveyed said that connected devices do not easily fit into their existing security approach, and 88% required (or still require) additional resources to meet their IoT and IIoT security needs. This is of particular concern for those in the industrial space, as 53% said they are unable to fully monitor connected systems entering their controlled environment, and 61% have limited visibility into changes in security vendors within their supply chain.
The Rise of Industrial IoT and How to Mitigate Risk (SecurityWeek, Apr 06 2021)
With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools for companies in sectors including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage.
How SASE is Key to 5G Security Success (Infosecurity Magazine, Apr 06 2021)
With the SASE model, orgs will have the opportunity to offer more secure 5G networks
Phone Cloning Scam (Schneier on Security, Apr 06 2021)
“A newspaper in Malaysia is reporting on a cell phone cloning scam. The scammer convinces the victim to lend them their cell phone, and the scammer quickly clones it. What’s clever about this scam is that the victim is an Uber driver and the scammer is the passenger, so the driver is naturally busy and can’t see what the scammer is doing.”
Number of eSIMs installed in connected devices to reach 3.4B in 2025 (Help Net Security, Apr 04 2021)
The number of eSIMs installed in connected devices will increase from 1.2 billion in 2021, to 3.4 billion in 2025; representing growth of 180%, a Juniper Research study found. eSIMs are modules embedded directly into devices; providing cellular connectivity and storing multiple network operator profiles.
Worldwide 5G connections to reach 619 million by the end of 2021 (Help Net Security, Mar 31 2021)
5G networks are now nearing a critical mass of global commercial network deployments and subscribers, suggesting a rapid upward curve of technology adoption over the next few years, according to 5G Americas.