Four short links: 8 August 2019
Counterfeit Security, Poses in Art, Content Moderation, and iPhone Remote Attack Surface
- From The Depths Of Counterfeit Smartphones — security look at the counterfeit phones. Spoiler: they’re nasty, stay away. Both the Galaxy S10 and iPhone 6 counterfeits we assessed contained malware and rootkits. And that’s the most straightforward nastiness: even if you removed the rootkit they’d still be shocking. In the case of the “iPhone,” further digging revealed that it runs a far older version of Android: Kitkat 4.4.0. Kitkat’s last update came in 2014.
- Linking Art through Human Poses — arXiv paper that finds artwork with matching poses using OpenPose. (via MIT TR)
- A Framework for Content Moderation (Ben Thompson) — pretty good post, tackling why and where the different levels of moderation make sense.
- Fully Remote Attack Surface of the iPhone (Google Project Zero) — very interesting read, showing the detail and dead ends of a security tester. The method […] processes incoming MIME messages, and sends them to specific decoders based on the MIME type. Unfortunately, the implementation did this by appending the MIME type string from an incoming message to the string ‘decode’ and calling the resulting method. This meant that an unintended selector could be called, leading to memory corruption.