A Review of the Best News of the Week on AI, IoT, & Mobile Security
Hacker’s guide to deep-learning side-channel attacks: the theory (Elie Bursztein, May 21 2021)
Learn the concepts behind deep-learning side-channels attack, a powerful cryptanalysis technique, by using it to recover AES cryptographic keys from a hardware device.
Recycle Your Phone, Sure, But Maybe Not Your Number (Krebs on Security, May 19 2021)
Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating.
Mobile stalkerware is on the rise (Help Net Security, May 21 2021)
Mobile stalkerware, which is software silently installed by stalkers onto victims’ mobile devices without their knowledge, is on the rise, an ESET research finds. In 2019, ESET telemetry recorded almost five times more Android stalkerware detections than in 2018, and in 2020, almost 1.5 times more were recorded than in 2019. In addition, serious vulnerabilities were discovred in Android stalkerware apps and their monitoring servers that could result in serious user impact if exploited.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
AIs and Fake Comments (Schneier on Security, May 24 2021)
This month, the New York state attorney general issued a report on a scheme by “U.S. Companies and Partisans [to] Hack Democracy.” This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US democracy – the ability of citizens to express their voice to their political representatives.
Happy birthday GDPR: IoT impact and practical tips for compliance (Help Net Security, May 25 2021)
With the GDPR now in its third year, compliance with the EU data privacy regulation is still a significant issue for organizations to tackle, especially especially when it comes to the Internet of Things (IoT). Additionally, with remote work currently being the norm and the subsequent mass integration of personal devices into organizational networks, shadow IoT will be widely deployed by individuals in the enterprise.
Android 12 Will Let You Fine-Tune Permissions for Apps (Wired, May 18 2021)
A new privacy dashboard and “app hibernation” are coming to Google’s mobile operating system.
Android Apps Expose Sensitive Data Due to Misconfigured Third-Party Services (SecurityWeek, May 24 2021)
Researchers at cybersecurity firm Check Point discovered that many Android applications publicly expose sensitive user data through misconfigured third-party services.