A Review of the Best News of the Week on AI, IoT, & Mobile Security
Security researcher successfully jailbreaks an Apple AirTag (Ars Technica, May 10 2021)
Successful jailbreak increases existing AirTag security and privacy concerns.
Apple brass discussed disclosing 128-million iPhone hack, then decided not to (Ars Technica, May 08 2021)
Emails entered into Epic Games lawsuit show execs contradicting Apple talking points.
Apple Is Having a Really Bad Time With iPhone Security Bugs This Year (VICE, May 05 2021)
A week after iOS 14.5, there’s a new emergency update to fix two new serious vulnerabilities.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Counterfit: Open-source tool for testing the security of AI systems (Help Net Security, May 05 2021)
After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations verify that that the algorithms they use are “robust, reliable, and trustworthy.” Counterfit started as a collection of attack scripts written to target individual AI models, but Microsoft turned it into an automation tool to attack multiple AI systems at scale.
Securing the Internet of Things in the Age of Quantum Computing (Dark Reading, May 06 2021)
Internet security, privacy, and authentication aren’t new issues, but IoT presents unique security challenges.
MIT artificial intelligence tech can generate 3D holograms in real-time (MIT, May 11 2021)
A new method called tensor holography could enable the creation of holograms for virtual reality, 3D printing, medical imaging, and more — and it can run on a smartphone.
AI Security Risk Assessment Tool (Schneier on Security, May 11 2021)
Microsoft researchers just released an open-source automation tool for security testing AI systems: “Counterfit.” Details on their blog.
Android Updates for May 2021 Patch Over 40 Vulnerabilities (SecurityWeek, May 05 2021)
The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.
Financial Services Experience 125% Rise in Exposure to Mobile Phishing (Infosecurity Magazine, May 06 2021)
Cyber-criminals have ramped up their targeting of phones, tablets, and Chromebooks
Firefox for Android gets critical update to block cookie-stealing hole (Naked Security – Sophos, May 06 2021)
This browser update is for everyone, but it’s for Android users particularly.
Bitcoin Security Rectifier app aims to make Bitcoin more secure (Help Net Security, May 10 2021)
A computer science engineer at Michigan State University has a word of advice for the millions of bitcoin owners who use smartphone apps to manage their cryptocurrency: don’t. Or at least, be careful. Researchers are developing a mobile app to act as a safeguard for popular but vulnerable “wallet” applications used to manage cryptocurrency.
Android App Developers Required by Google to Share More Info on Data Handling (SecurityWeek, May 07 2021)
Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices.
Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (SecurityWeek, May 06 2021)
Billions of Android devices are exposed to a vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip A vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within Android.