IoT Security Principles
July 7 2020The BSA -- also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) -- is an industry lobbying group. They just published "Policy Principles...
Read moreEncroChat Hacked by Police
July 3 2020French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android...
Read moreAnalyzing IoT Security Best Practices
June 25 2020New research: "Best Practices for IoT Security: What Does That Even Mean?" by Christopher Bellman and Paul C. van Oorschot: Abstract: Best practices for Internet of Things (IoT) security...
Read moreZoom Will Be End-to-End Encrypted for All Users
June 17 2020Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. (This is a change; I wrote about the initial decision here.) ...we...
Read moreAvailability Attacks against Neural Networks
June 10 2020New research on using specially crafted inputs to slow down machine-learning neural network systems: Sponge Examples: Energy-Latency Attacks on Neural Networks shows how to find adversarial examples that cause...
Read more"Sign in with Apple" Vulnerability
June 2 2020Researcher Bhavuk Jain discovered a vulnerability in the "Sign in with Apple" feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty...
Read moreNote that this is "announced," so we don't know when it's actually going to be implemented. Facebook today announced new features for Messenger that will alert you when messages...
Read moreBluetooth Vulnerability: BIAS
May 26 2020This is new research on a Bluetooth vulnerability (called BIAS) that allows someone to impersonate a trusted device: Abstract: Bluetooth (BR/EDR) is a pervasive technology for wireless communication used...
Read more
Recent Comments