AI, IoT, Mobile Security

A Review of the Best News of the Week on AI, IoT, & Mobile Security

SIM Hijacking – new study shows measures aren’t helping (Schneier on Security, Jan 21 2020)
Phone companies have added security measures since this attack became popular and public, but a new study (news article) shows that the measures aren’t helping

Mobile Apps Sharing Personal Data Illegally, Consumer Group Claims (Infosecurity Magazine, Jan 15 2020)
Norwegian Consumer Council names dating apps Grindr, OKCupid and Tinder among offenders in damning report

As Justice Department Pressures Apple, Investigators Say iPhone Easier to Crack (WSJ, Jan 15 2020)
The escalation of a long-running encryption conflict between the Justice Department and Apple has puzzled security experts who say that new hacking tools have made it possible to gain access to many of the company’s devices in criminal investigations.

---

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

Glenn Greenwald Charged With Cybercrimes in Brazil (The New York Times, Jan 21 2020)
Mr. Greenwald is accused of being part of a “criminal investigation” that hacked into the cellphones of prosecutors and public officials.

Consumer Reports Calls for IoT Manufacturers to Raise Security Standards (Dark Reading, Jan 14 2020)
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.

IoT cybersecurity’s worst kept secret (Help Net Security, Jan 17 2020)
By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming…

An Open Source Effort to Encrypt the Internet of Things (Wired, Jan 20 2020)
IoT is a security hellscape. One cryptography company has a plan to make it a little bit less so.

A 101 guide to mobile device management (Help Net Security, Jan 14 2020)
Extending beyond the traditional company network, mobile connectivity has become an extension of doing business and IT staff need to not just rethink how existing activities, operations, and business models can fit into mobile constructs, but rethink how mobility can fundamentally transform the business itself. MDM solution components A mobile device management (MDM) solution provides similar features that you would expect a systems management solution would use to manage PCs.

Play Store Still Peppered with Fleeceware Apps (Infosecurity Magazine, Jan 14 2020)
Risk of being suckered by overpriced app subscriptions persists for Android users

5G Security (Schneier on Security, Jan 14 2020)
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.

High-risk Google account owners can now use their iPhone as a security key (Help Net Security, Jan 15 2020)
Google users who opt for the Advanced Protection Program (APP) to secure their accounts are now able to use their iPhone as a security key. About Google’s Advanced Protection Program Google introduced the Advanced Protection Program in late 2017, to help high-risk users – journalists, human rights activists, IT admins, executives, etc. keep their Google accounts safe from targeted attacks. APP is available to both consumer (Google Account) and enterprise users (G Suite).

Mobile Banking Malware Up 50% in First Half of 2019 (Dark Reading, Jan 17 2020)
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.

Teen Charged Over $50m SIM-Swapping Scam on Blockchain Experts (Infosecurity Magazine, Jan 17 2020)
Teen charged in connection with SIM-swapping scam targeting head of Blockchain Research Institute and his son

Scottish Police Deploy Tech That Extracts Data from Locked Smartphones (Infosecurity Magazine, Jan 21 2020)
Police Scotland is using Cellebrite machines to retrieve data from locked devices

A Review of the Best News of the Week on AI, IoT, & Mobile Security

Barr Asks Apple to Unlock Pensacola Killer’s Phones (The New York Times, Jan 14 2020)
The request set up a collision between law enforcement and big technology firms in the latest battle over privacy and security.

Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers (VICE, Jan 10 2020)
SIM swappers have escalated from bribing employees to using remote desktop software to get direct access to internal T-Mobile, AT&T, and Sprint tools.

Facebook Says Encrypting Messenger by Default Will Take Years (Wired, Jan 10 2020)
Mark Zuckerberg promised default end-to-end encryption throughout Facebook’s platforms. Nearly a year later, Messenger’s not even close.

---

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

Artificial Personas and Public Discourse (Schneier on Security, Jan 13 2020)
Presidential campaign season is officially, officially, upon us now, which means it’s time to confront the weird and insidious ways in which technology is warping politics. One of the biggest threats on the horizon: artificial personas are coming, and they’re poised to take over political debate. The risk arises from two separate threads coming together: artificial intelligence-driven text generation and social media chatbots. These computer-generated “people” will drown out actual human discussions on the Internet.

California’s IoT cybersecurity bill: What it gets right and wrong (Help Net Security, Jan 09 2020)
California state lawmakers should be lauded for SB 327, their well-intentioned legislative attempt at tackling one of the most pressing issues in the tech sector: IoT security. But as the law went into effect at the start of the year, they will also (unfortunately) soon be faced with the reality that it is inadequate for today’s security threat landscape.

Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking (Help Net Security, Jan 13 2020)
A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned.

Chinese Malware Found Preinstalled on US Government-Funded Phones (Dark Reading, Jan 09 2020)
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

NGOs Demand Google Crackdown on Pre-Installed Apps (Infosecurity Magazine, Jan 08 2020)
Uninstallable Android apps on budget devices introduce privacy and security risks

Lawmakers Prod FCC to Act on SIM Swapping (Krebs on Security, Jan 09 2020)
“Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via “SIM swapping,” a particularly invasive form of fraud that involves tricking a target’s mobile carrier into transferring someone’s wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.”

Number of 5G connections to reach 1.5 billion globally by 2025 (Help Net Security, Jan 13 2020)
The total number of 5G connections will reach 1.5 billion globally by 2025, rising from only 5 million in 2019, according to Juniper Research. This is an annual average growth of 150% over the next 6 years. The new study forecast that the US and South Korea will be the fastest adopters of 5G, with 75% of all 5G subscribers attributable to these two countries by the end of 2020.

Google urged to tame privacy-killing Android bloatware (Naked Security – Sophos, Jan 13 2020)
A letter sent to the Google CEO by Privacy International claims bloatware has allowed a privacy and security hole to open almost unnoticed.

Google Removes Trove of Risky ‘Bread’ Apps From Play Store (SecurityWeek, Jan 12 2020)
Google has removed roughly 1,700 unique applications from its Google Play app store that were part of a family of potentially unwanted programs. 

SIM-Swapping Indictments Pile Up as Congress Begs the FCC to Do More (VICE, Jan 10 2020)
Victims and lawmakers say wireless carriers and the Trump FCC aren’t doing enough to protect consumers from the threat of SIM hijacking.

A Review of the Best News of the Week on AI, IoT, & Mobile Security

Facebook Says It Will Ban ‘Deepfakes’ (The New York Times, Jan 07 2020)
The company said it would remove videos altered by artificial intelligence in ways meant to mislead viewers.

Burner phones are an eavesdropping risk for international travelers (Help Net Security, Jan 07 2020)
Unfortunately, even savvy travelers who do the right things – disabling Bluetooth, not connecting to unknown networks, never leaving their phone out of sight – are still at risk of conversations being eavesdropped on through their burner phones. But instead of choosing a “dumb” phone or asking users to not bring their phones into critical meetings, security teams have the following options at their disposal for mitigating the risk of high-level conversations being captured.

Google shutting down Xiaomi access to Assistant following Nest Hub picking up strangers’ camera feeds (Android Police, Jan 03 2020)
So-called “smart” security cameras have had some pretty dumb security problems recently, but a recent report regarding a Xiaomi camera linked to a Google

---

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

Automation And AI: The New Frontier In Cybersecurity (Forbes, Jan 06 2020)
Facing an increasingly complex security landscape, IT organizations cannot rely on manual processes and internal expertise alone

White House proposes regulatory principles to govern AI use (Reuters, Jan 07 2020)
The White House on Tuesday proposed regulatory principles to govern the development and use of artificial intelligence (AI) aimed at limiting authorities’ “overreach”, and said it wants European officials to likewise avoid aggressive approaches.

First international smart home standard ensures secure connectivity between devices (Help Net Security, Jan 05 2020)
The Open Connectivity Foundation (OCF) announced that products from BSC Computer GmbH, COMMAX, Haier, LG Electronics, Resideo, Samsung Electronics and SURE Universal will complete OCF 2.1 certification in 2020, ensuring robust and secure connectivity between devices.

Apple targets jailbreaking in lawsuit against iOS virtualization company (Ars Technica, Jan 03 2020)
Corellium responds, says Apple is “demonizing” jailbreaking with new DMCA claim.

Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency (Dark Reading, Jan 02 2020)
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges’ and email providers’ variable implementation of 2FA.

Popular Mideast App Accused of Spying Back on Google Play (SecurityWeek, Jan 06 2020)
The popular UAE-developed mobile application ToTok has returned to the Google Play Store after it was removed on claims it was being used for government spying, the company said Saturday.

Researchers unearth malicious Google Play apps linked to active exploit hackers (Ars Technica, Jan 06 2020)
Apps used a variety of tricks to covertly install well-written espionage software.

Android’s January 2020 Update Patches 40 Vulnerabilities (SecurityWeek, Jan 07 2020)
Google on Monday published the first Android security bulletin for 2020, with patches for 40 vulnerabilities, including a critical flaw in the Media framework

A Review of the Best News of the Week on AI, IoT, & Mobile Security

AI can protect old equipment from cyberattack (Houston Chronicle, Dec 30 2019)
“The energy vertical really faces what I would call the perfect storm,” said Leo Simonovich, global head of industrial cyber and digital security for Siemens.

“On the one hand, there’s a vast brownfield of assets that were never designed with security in mind,” he told me on the sidelines of Time Machine 2019, an artificial intelligence conference. “On the other hand, the energy vertical is undergoing a massive transformation with the introduction of renewables through digitalization and connectivity.”

2020 Predictions: Mobile Security (SC Magazine, Dec 26 2019)
2020 will be the year of 5G, bringing with it not only faster speeds and bandwidth capabilities to our mobile devices, but also making them highly coveted targets by DDoS attackers. While mobile devices have always been targeted by financial or personal data thieves, 5G’s increased bandwidth allows attackers to take control over a relatively small number of mobile handsets and unleash a tremendous amount of damage.

Popular Mideast App Pulled After Report it Was Spying Tool (SecurityWeek, Dec 24 2019)
A popular mobile application developed in the United Arab Emirates has been removed from both Apple and Google’s online marketplaces following a report it was used for widespread government spying.

---

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

How AI and Cybersecurity Will Intersect in 2020 (Dark Reading, Dec 30 2019)
Understanding the new risks and threats posed by increased use of artificial intelligence.

Top 10 Languages for Artificial Intelligence and Machine Learning (IT Pro, Dec 29 2019)
Here are the 10 most important programming languages for machine learning and artificial intelligence.

IoT Security: How Far We’ve Come, How Far We Have to Go (Dark Reading, Dec 24 2019)
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.

Employee error to blame for massive data leak, Wyze says (Ars Technica, Dec 30 2019)
Yet another cloud-based service left a big pile of data sitting around unlocked.

Two information-disclosing bugs found in Twitter Android (SC Magazine, Dec 26 2019)
In a Dec. 20 blog post, Twitter noted that it issued an app update to fix the first bug, which can be exploited via a “complicated process involving the insertion of malicious code into restricted storage areas of the Twitter app.” Successfully performing this exploit would allow a malicious actor to access information such as direct messages, protected tweets and location information. However, Twitter said there is no evidence to suggest that anyone has successfully executed such an attack.

A Review of the Best News of the Week on AI, IoT, & Mobile Security

Smartphone location data can be used to identify and track anyone (NYTimes, Dec 23 2019)
In today’s smartphone economy, hiding your location has become a major challenge.

The Pentagon’s AI Chief Prepares for Battle (Wired, Dec 18 2019)
Lt. Gen. Jack Shanahan doesn’t want killer robots—but he does want artificial intelligence to occupy a central role in warfighting.

Facebook removes accounts with AI-generated profile photos (Ars Technica, Dec 23 2019)
Likely the first use of AI to support an inauthentic social media campaign.

---

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

---

Brazil to create national artificial intelligence strategy (ZDNet, Dec 24 2019)
The plan aims to use AI to boost competitiveness and productivity and address issues such as social inequality.

Top 25 AI Startups Who Raised The Most Money In 2019 (Forbes, Dec 22 2019)
SparkCognition – Raised $100M from a Series C round on October 8th. QOMPLX – Raised $78.6M from a Series A round on July 23rd.

We Tested Ring’s Security. It’s Awful (VICE, Dec 17 2019)
Ring lacks basic security features, making it easy for hackers to turn the company’s cameras against its customers.

Apple, Google, and Amazon team up to create “CHIP,” a new smart home standard (Ars Technica, Dec 18 2019)
Will this be the one smart home standard to rule them all or just another entry?

The Hacker In My Ring Camera: A Tale of Trolls (VICE, Dec 19 2019)
You installed the camera to keep your family secure, then hackers took over.

Lousy IoT Security (Schneier on Security, Dec 19 2019)
DTEN makes smart screens and whiteboards for videoconferencing systems. Forescout found that their security is terrible:
“In total, our researchers discovered five vulnerabilities of four different kinds:
Data exposure: PDF files of shared whiteboards (e.g. meeting notes) and other sensitive files (e.g., OTA — over-the-air updates) were stored in a publicly accessible AWS S3 bucket that also lacked TLS encryption (CVE-2019-16270, CVE-2019-16274)….”

5G connections to grow from 10 million in 2019 to 1.01 billion in 2023 (Help Net Security, Dec 19 2019)
The number of 5G connections is forecast to grow from roughly 10 million in 2019 to 1.01 billion in 2023, IDC reveals. This represents a compound annual growth rate (CAGR) of 217.2% over the 2019-2023 forecast period. By 2023, 5G is expected to represent 8.9% of all mobile device connections.

Apple wants to bypass carriers and beam internet data directly to iPhones via satellites (Fast Company, Dec 20 2019)
By creating its own data delivery system, Apple could give its customers a more uniform experience across its devices, as well as create another recurring, subscription-based revenue source.

SIM Swapping Attacks: What They Are & How to Stop Them (Dark Reading, Dec 23 2019)
Fraudsters with social engineering skills are hijacking cell phone SIM cards to access victims’ bitcoin and social media accounts.

US Navy Bans TikTok, Citing ‘Cybersecurity Threat’ (PCMag, Dec 22 2019)
Both the United States Navy and the Army are instructing service members to avoid ByteDance’s TikTok on government-issued smartphones. Lawmakers suggest the popular app poses a threat to national security. ByteDance, however, denies any close relationship with the Chinese government.