A Review of the Best News of the Week on AI, IoT, & Mobile Security

Hackers Have Already Started to Weaponize Artificial Intelligence (Gizmodo, Sep 11 2017)
“Two data scientists from security firm ZeroFOX conducted an experiment to see who was better at getting Twitter users to click on malicious links, humans or an artificial intelligence.”

Securing a Raspberry Pi (Schneier on Security, Sep 12 2017)
“A Raspberry Pi is a tiny computer designed for markers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.”

Hack Brief: Patch Your Android Phone To Block An Evil ‘Toast’ Attack (Security Latest, Sep 08 2017)
“For all versions of Android other than the recently released Oreo, they describe how users can be tricked into installing a piece of malware that can overlay images atop other apps and elements of the phone’s controls and settings.”

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

The Quartz guide to artificial intelligence: What is it, why is it important, and should we be afraid? (Quartz, Sep 10 2017)
“What is artificial intelligence? Why is it important? Why is everyone talking about it all of a sudden? If you skim online headlines, you’ll likely read about how AI is powering Amazon and Google’s virtual assistants, or how it’s taking all the jobs (debatable), but not a good explanation of what it is (or whether the robots are going to take over).”

Workplace IoT Puts Companies on Notice for Smarter Security (Dark Reading, Sep 06 2017)
“Blacklisting every “thing” in sight and banning connections to the corporate network may sound tempting, but it’s not a realistic strategy.”

Fur flies over Android bootloader flaws: here’s what you need to know (Naked Security – Sophos, Sep 06 2017)
Although we typically hear about mobile apps in the Google Play store, the “latest threat comes from a different direction: bootloader vulnerabilities that bad actors could exploit to gain root access to phones and use to launch attack code.”

US carriers partner on a better mobile authentication system (Engadget, Sep 08 2017)
“The big four US mobile operators, Sprint, T-Mobile, Verizon and AT&T have formed a coalition called the Mobile Authentication Taskforce to come up with a new system. Working with app developers and others, they’ll explore the use of SIM card recognition, network-based authentication, geo-location, and other carrier-specific capabilities.”

AI, ML – is it all just BS? (CSO Online, Sep 12 2017)
“Though we’re easily enamored with new technologies like artificial intelligence and machine learning, do they actually help us solve real problems in the SOC like reducing Mean Time to Resolution (MTTR)?”

How Artificial Intelligence Is Revolutionizing Business In 2017 (Forbes, Sep 10 2017)
“Insights are from the Boston Consulting Group and MIT Sloan Management Review study published this week…found significant gaps between companies who have already adopted and understand Artificial Intelligence (AI) and those lagging.”

Report: Android cybersecurity attacks up 40%, here are the top 3 threats (TechRepublic, Sep 11 2017)
“According to new research from Avast, released Monday, cyberattacks against Android smartphones and tablets are up 40%, year-over-year from Q2 2016. Typically, this averages about 1.2-1.7 million attacks per month.”

Researcher reveals D-Link router holes that might never be patched (Naked Security – Sophos, Sep 12 2017)
“Unfortunately, routers do not sell with “use by” dates on the box – perhaps they should.”

Today’s property rules don’t work in our IoT world (Network World Security, Sep 12 2017)
“We used to own our things, but increasingly our things own us. The laws need to change to restore our traditional rights of property and ownership to the digital times.”

5 reasons why device makers cannot secure the IoT platform (Network World Security, Sep 11 2017)
“Security standards will not protect the emerging IoT platform that will remain vulnerable until post-platform security arrives.”