A Review of the Best News of the Week on AI, IoT, & Mobile Security

A Rare Joint Interview with Microsoft CEO Satya Nadella and Bill Gates (WSJ, Sep 26 2017)
The subject of AI is “a case where Elon and I disagree.” According to Gates, “The so-called control problem that Elon is worried about isn’t something that people should feel is imminent. We shouldn’t panic about it.”

Get Serious about IoT Security (Dark Reading, Sep 20 2017)
Mirai was successful, but it wasn’t built to be smart. Hajime is more robust because it’s automated. It self-propagates like a ransomworm and is difficult to shut down. Even more alarming is that Hajime is a multivector attack that can target different operating systems and supports multiple payloads and binaries, making it cross-platform.

Why Google Play Store Malware Is So Hard To Stop (Wired, Sep 22 2017)
Hackers instead use fairly straightforward tricks and techniques to dupe Play Protect’s scanning, including its adaptive machine learning-based mechanisms. Apps can be set up to execute their malicious code on a time delay, so that their shady behavior doesn’t start until after they’ve been accepted. Apps can be packaged such that their malicious components are encrypted and out of view of Play Protect’s screening. And some apps don’t use any special code at all, but instead attempt to trick users into downloading additional (bad) software directly from attackers’ servers, making them difficult to flag as malicious.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

How Apple’s New Facial Recognition Technology Will Change Enterprise Security (Dark Reading, Sep 19 2017)
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

Artificial Intelligence: Getting the Results You Want (Dark Reading, Sep 20 2017)
Finding a vendor that doesn’t claim to do AI is hard these days. But getting the benefits you need and expect is even harder. Here’s another quick overview of the difference between AI, ML, and DL.

What’s New In Android 8.0 Oreo Security (Threatpost, Sep 22 2017)
Project Treble separates the hardware-specific drivers and firmware used by companies such as Samsung or Qualcomm from the Android operating system. The implications will be significant when it comes Google’s ability roll out OS patches without having to wait for things such as chipset compatibility. Google said by creating this modular base for Android, it will be able to support updates moving forward on older hardware that OEM partners may no longer support.

Hackers respond to Face ID on the iPhone X (BGR, Sep 21 2017)
“This is form before function. Touch ID was a great design, because it uses a process that fits into your normal usage. What’s more natural than touching the home button? Taking a selfie in the grocery line feels awkward and unnatural. People avoid using things that are awkward or extra work. This is why before Touch ID, less than one in five even had a pin on their device.”

Setting the standard for a blockchain protocol for IoT (Help Net Security, Sep 22 2017)
The Trusted IoT Alliance aims to bring companies together to develop and set the standard for an open source blockchain protocol to support IoT technology.

PassGAN: Password Cracking Using Machine Learning (Dark Reading, Sep 25 2017)
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.

Why Are Privacy and Security Laws Necessary for IoT and Autonomous vehicles? (RSA Conference Blog, Sep 25 2017)
The volume of data that could potentially be generated, stored and processed by autonomous vehicles (AVs) is ever-increasing. The data could consist of various information points such as GPS coordinates, addresses, driver’s usual route, and frequently travelled places. Privacy and exposure of this sensitive data is another major concern in driverless car security.

Advances in Machine Learning (Social-Engineer, Aug 25 2017)
Adobe’s Project VoCo could recreate someone’s speech with only twenty minutes of recorded dialogue. Now, Lyrebird claims it can recreate any voice with just one minute of recorded speech! Lyrebird also says it can make that speech have any intonation or emotion, from sadness to anger.

Explaining The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 (Independent Security Evaluators, Sep 25 2017)
The Internet of Things (IOT) Cybersecurity Improvement Act of 2017 is a bill before the US Senate that seeks to improve the security of Internet-connected devices.
What is this proposed bill, what does it do, how does it affect me, will it work and should I support it?

Will Artificial Intelligence make Society Dumber? (Gartner Blog Network, Sep 25 2017)
You may create the need for more jobs at the top of the skill ladder. But with AIs filling the ladder and not climbing – there is no way for humans to climb to the top where they are needed.

Popular Android Keyboard App Caught Collecting User Data, Running External Code (BleepingComputer, Sep 26 2017)
GO Keyboard, an insanely popular custom keyboard app for the Android OS, also available on the official Google Play Store, was caught collecting user data and downloading and running code from a third-party server.

Linux Trojan Using Hacked IoT Devices to Send Spam Emails (The Hacker News, Sep 26 2017)
Botnets, like Mirai, that are capable of infecting Linux-based internet-of-things (IoT) devices are constantly increasing and are mainly designed to conduct Distributed Denial of Service (DDoS) attacks, but researchers have discovered that cybercriminals are using botnets for mass spam mailings.

Verizon Releases BlueBorne Patch For The Galaxy Note Edge (AndroidHeadlines, Sep 26 2017)
Verizon is now rolling out an update to the Samsung Galaxy Note Edge that fixes the BlueBorne vulnerability.

Berkeley Lab Aims to Strengthen the Cybersecurity of the Grid – Lawrence Berkeley National Laboratory (Berkeley Lab, Sep 26 2017)
Lawrence Berkeley National Laboratory will combine artificial intelligence with massive amounts of data and know-how from a dozen other partners to identify places where the electric grid may be vulnerable to disruption, shore up those spots in advance, and get things up and running.