A Review of the Best News of the Week on AI, IoT, & Mobile Security
Detecting Deepfake Picture Editing (Schneier on Security, Jun 10 2021)
“‘Markpainting’ is a clever technique to watermark photos in such a way that makes it easier to detect ML-based manipulation:
An image owner can modify their image in subtle ways which are not themselves very visible, but will sabotage any attempt to inpaint it by adding visible information determined in advance by the markpainter.
One application is tamper-resistant marks. For example, a photo agency that makes stock photos available on its website with copyright watermarks can markpaint them in such a way that anyone using common editing software to remove a watermark will fail; the copyright mark will be markpainted right back. So watermarks can be made a lot more robust.”
US Launches National AI Task Force (Infosecurity Magazine, Jun 11 2021)
Biden administration creates national artificial intelligence research resource task force
Apple: WebKit Bugs Exploited to Hack Older iPhones (SecurityWeek, Jun 14 2021)
Apple late Monday shipped an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on Twitter Facebook LinkedIn
For CISOs and artificial intelligence to evolve, trust is a must (Help Net Security, Jun 09 2021)
Artificial Intelligence (AI) is no longer the future – it is already in use in our homes, cars, and, often, our pockets. As the technology continues to expand its role in our lives, an important question has emerged: what level of trust can—and should—we place in AI systems? That is the very question that the EU Commission has set out to answer with its newly proposed EU Artificial Intelligence Act. “On artificial intelligence, trust is …
Why security teams need to understand the risks of Deepfakes (SC Media, Jun 10 2021)
World Economic Forum Annual Meeting 2020 in Davos on deepfakes. Today’s columnist, Alex Romero of Constella Intelligence, warns that security teams need to watch for groups that use the technology to spread misinformation.
Most mobile finance apps vulnerable to data breaches (Help Net Security, Jun 08 2021)
77% of financial apps have at least one serious vulnerability that could lead to a data breach, an Intertrust report reveals. This report comes at a time where finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware.
Bachelorette Contestant Caught in FBI’s Fake Encrypted Phone Operation (VICE, Jun 10 2021)
Former Bachelorette Australia and Ninja Warrior contestants were among over two-hundred arrests in Australia connected to the Trojan Shield Operation.
Many Mobile Apps Intentionally Using Insecure Connections for Sending Data (Dark Reading, Jun 11 2021)
A new analysis of iOS and Android apps released to Apple’s and Google’s app stores over the past five years found many to be deliberately breaking HTTPS protections.
TikTok Can Now Collect Biometric Data (Schneier on Security, Jun 14 2021)
“This is probably worth paying attention to:
A change to TikTok’s U.S. privacy policy on Wednesday introduced a new section that says the social video app “may collect biometric identifiers and biometric information” from its users’ content. This includes things like “faceprints and voiceprints,” the policy explained. Reached for comment, TikTok could not confirm what product developments necessitated the addition of biometric data to its list of disclosures about the information…”