A Review of the Best News of the Week on AI, IoT, & Mobile Security

How the FBI Got Into the San Bernardino Shooter’s iPhone (Wired, Apr 17 2021)
This week, The Washington Post revealed that the company that sold the tool isn’t one of the better-known players, but instead a small Australian company known as Azimuth that is now owned by the US defense contractor L3Harris. The news provides a helpful detail as companies weigh resisting other such orders that may come from the US Justice Department or other governments in the future.

WhatsApp flaw lets anyone lock you out of your account (WeLiveSecurity, Apr 13 2021)
An attacker can lock you out of the app using just your phone number and without requiring any action on your part

Google Trumpets New Mobile App Security Standard (Infosecurity Magazine, Apr 19 2021)
Tech giant encourages developers to get on board

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

100 million more IoT devices are exposed—and they won’t be the last (Ars Technica, Apr 14 2021)
Name:Wreck flaws in TCP/IP have global implications.

The blueprint to securely solve the elusive zero-touch provisioning of IoT devices at scale (Microsoft Azure Blog, Apr 13 2021)
A seamless and comprehensive approach to securely onboard and operate IoT devices using certificate-based credentials.

The parallels of pandemic response and IoT security (Help Net Security, Apr 16 2021)
While adjusting to life under a pandemic, we’ve become familiar with a host of medical and safety terminology that either didn’t exist before or was of little interest to anyone not in the medical or scientific community. Phrases like social distancing, contact tracing, and super-spreader have now become part of the common lexicon.

Security Gaps in IoT Access Control Threaten Devices and Users (Dark Reading, Apr 16 2021)
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.

Bad bot traffic reaching an all-time high over the past year (Help Net Security, Apr 18 2021)
In 2020, Imperva saw the highest percentage of bad bot traffic (25.6%) since 2014, while traffic from humans fell by 5.7%. More than 40% of all web traffic requests originated from a bot last year, suggesting the growing scale and widespread impact of bots in daily life. Advanced Persistent Bots remained the majority of bad bot traffic over the past year, amounting to 57.1%.

TCP/IP stack vulnerabilities threaten IoT devices (Network World Security, Apr 16 2021)
A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three popular real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially affect 100 million devices in the wild.

WhatsApp Spying Site Blames WhatsApp for Letting It Spy (VICE, Apr 19 2021)
A WhatsApp tracking site marketed to catching suspected cheating spouses blames WhatsApp for facilitating the service with its always-on online status feature.

Google Play apps steal texts and pepper you with unauthorized purchases (Ars Technica, Apr 20 2021)
Google removes eight apps after receiving report from researchers.