A Review of the Best News of the Week on AI, IoT, & Mobile Security

An explosive spyware report shows limits of iOS, Android security (Ars Technica, Jul 24 2021)
Amnesty International sheds alarming light on an NSO Group surveillance tool.

A princess raced to escape Dubai’s powerful ruler. Then her phone appeared on the list. (Washington Post, Jul 21 2021)
In the days before commandos dragged Princess Latifa from her getaway yacht in the Indian Ocean, her number was added to a list that included targets of a powerful spyware, a new investigation shows.

Hiding Malware in ML Models (Schneier on Security, Jul 27 2021)
“Interesting research: “EvilModel: Hiding Malware Inside of Neural Network Models”.

Abstract: Delivering malware covertly and detection-evadingly is critical to advanced malware campaigns. In this paper, we present a method that delivers malware covertly and detection-evadingly through neural network models. Neural network models are poorly explainable and have a good generalization ability. By embedding malware into the neurons, malware can be delivered covertly with minor or even no impact…”

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Researchers Hid Malware Inside an AI’s ‘Neurons’ And It Worked Scarily Well (VICE, Jul 22 2021)
In a proof-of-concept, researchers reported they could embed malware in up to half of an AI model’s nodes and still obtain very high accuracy.

Edge AI software market to expand significantly by 2030 (Help Net Security, Jul 21 2021)
The surging number of applications being deployed on the cloud in several industries, rapid improvements being made in the internet of things (IoT) domain, advancements in numerous smart applications, and growing popularity of AI software are the major factors driving the expansion of the global edge AI software market.

Researchers demonstrate that malware can be hidden inside AI models (Ars Technica, Jul 23 2021)
Hiding data inside an image classifier is much like hiding it within an image.

IoT ML and AI services to reach $3.6 billion in 2026 (Help Net Security, Jul 22 2021)
The next wave of Internet of Things (IoT) analytics development will fully converge with the big data domain. Simultaneously, the value in the technology stack is shifting beyond the hardware and middleware to analytics and value-added services, such as machine-learning (ML) and artificial intelligence (AI).

Apple under pressure over iPhone security after NSO spyware claims (Ars Technica, Jul 20 2021)
Apple urged to work with rivals after alleged surveillance of journalists, activists.

NSO Says ‘Enough Is Enough,’ Will No Longer Talk to the Press About Damning Reports (VICE, Jul 21 2021)
The Isreali surveillance technology maker denied that the list, which underpins a series of bombshell stories in several media outlets, has anything to do with the company.

Some URL shortener services distribute Android malware, including banking or SMS trojans (WeLiveSecurity, Jul 20 2021)
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.

Apple security updates: iOS 14.7 fixes WiFiDemon flaw (Help Net Security, Jul 22 2021)
Apple has released security updates for macOS Big Sur (11.5), Catalina (10.15) and Mojave (10.14), as well as iOS (14.7) and iPadOS (14.7). There is no indication that Apple has fixed any vulnerabilities that may be exploited to deliver NSO Group’s Pegasus spyware via “zero-click” iMessage attacks. macOS security updates macOS Big Sur (11.5) comes with fixes for a multitude of security issues.

Apple Patches ‘Actively Exploited’ Mac, iOS Security Flaw (SecurityWeek, Jul 26 2021)
Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices.