A Review of the Best News of the Week on AI, IoT, & Mobile Security

Android Oreo’s Security Improvements Will Have a Lasting Impact (Wired, Sep 01 2017)
“Though many security features are conceptually broad to protect against a variety of both present and future unknown threats, Android Security developers note that they have some additional foresight into where attackers will focus simply because they know where they have already bolstered their defenses and made attacks impractical.”

Machine learning for malware: what could possibly go wrong? (Naked Security – Sophos, Aug 31 2017)
“Relying on labels can make or break machine learning-based malware analysis – here’s how to mitigate that”

Security chatbot empowers junior analysts, helps fill cybersecurity gap (CSO Online, Aug 31 2017)
“Endgame’s Artemis eliminate syntax or query language, allowing junior analysts to communicate with the network more intuitively to find security issues.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Facial recognition: how many rogue drivers has it stopped in New York? (Naked Security – Sophos, Aug 29 2017)
“During a recent, scathing US House oversight committee hearing on the FBI’s use of FR technology, it emerged that 80% of the people in the FBI database don’t have any sort of arrest record. Yet the system’s recognition algorithm inaccurately identifies them during criminal searches 15% of the time, with black women most often being misidentified.”

IoTCandyJar: A HoneyPot For Any IoT Device (Dark Reading, Aug 29 2017)
There are a ton of interesting video interviews that Dark Reading did during blackhat. Here’s one where “Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device — any kind of IoT device.”

Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic (Threatpost, Aug 29 2017)
“Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices.”

More on Quants and the Risks with AI (Gartner Blog Network, Aug 30 2017)
“I never even knew what a “quant quake” was, until Sunday last. I was reading my US print edition of the Financial Times and there was an article titled, ‘A Decade on, the quant quake still has much to teach us’.”

Machine Learning: A Real-World Case for a Clear-Box Approach (ThreatMetrix, Aug 28 2017)
“A growing concern is that intricate concepts, such as machine learning, are acting as a smokescreen for a cybersecurity product’s shortcoming.”

30 ways to improve IoT privacy (Network World Security, Aug 31 2017)
“To improve IoT security and privacy, we need to create a security culture. Here are 30 ways IoT device makers and developers can do their part.”

Security-focused phone launches crowdfunding drive (Naked Security – Sophos, Sep 04 2017)
“Would you pay $599 for a phone with an open-source OS that puts you in control of its security?”