A Review of the Best News of the Week on AI, IoT, & Mobile Security

Diving deep into what’s new with Azure Machine Learning (Microsoft Azure Blog, Sep 25 2017)
Over the last few years, Microsoft has interacted with customers in every industry, with varying amounts of experience with ML, solving problems across every domain. Reflecting on those engagements, they see theses trends…

Severe flaws in DNS app create hacking risk for routers, smartphones, computers, IoT (CSO Online, Oct 03 2017)
Google researchers found seven severe security flaws in the open-source DNS software package Dnsmasq. The flaws put a huge number of devices at risk of being hacked.

iPhone X Face ID baffled by kids, twins, siblings, doppelgängers (Naked Security – Sophos, Sep 29 2017)
Youngsters! Pfft. They all look alike! No, really, they do if you’re the Face ID facial recognition system in Apple’s iPhone X. Specifically, twins, siblings and look-alikes can trip false authentications. Growing kids, with their morphing faces, also baffle the biometric authentication.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Provisioning for true zero-touch secure identity management for IoT (Microsoft Azure Blog, Sep 25 2017)
How you provision your IoT devices makes a world of a difference with operational efficiency. Provisioning for true zero-touch secure identity management is the promise to minimize operational burden and maximize focus on the experience.

Announcing tools for the AI-driven digital transformation (Microsoft Azure Blog, Sep 25 2017)
Microsoft announced a set of new capabilities in AML for developers to exploit big data, GPUs, data wrangling and container based model deployment. There are three new launches: the AML Workbench, a cross-platform client for AI-powered data wrangling and experiment management, the AML Experimentation service to help data scientists increase their rate of experimentation with big data and GPUs, and the AML Model Management service to host, version, manage and monitor machine learning models.

Remote Wi-Fi Attack Backdoors iPhone 7 (Threatpost, Sep 27 2017)
Google’s Project Zero released an attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.

Comodo launches IoT security platform (BetaNews, Sep 27 2017)
Comodo wants to make IoT devices more secure with the launch of a new IoT Security Platform that will allow device manufacturers and network providers to issue and manage PKI and SSL certificates for private ecosystems.

The sorry state of stock trading mobile app security revealed (Naked Security – Sophos, Sep 28 2017)
68% of the Android and iOS apps tested failed to validate TLS certificates

Caterpillar Eyes Competitive Edge with Connected Asset Security Program (Dark Reading, Sep 27 2017)
“If you provide IoT devices, it’s important to show the business value of securing the connected devices,” he explained. “You need to talk about the safety, quality, and security of the IoT devices and how security can also be used as a competitive advantage.”

Retail’s Quiet IoT Revolution (ForgeRock, Sep 26 2017)
Retailers are forecasted to invest over $2.5 billion in IoT in retail over the next five years to revolutionize in-store customer engagement, create new supply chain dynamics and support the connected home – all of which will lead to new models of retailing.

Android malware ZNIU exploits DirtyCOW vulnerability (Naked Security – Sophos, Sep 29 2017)
Victims have to stray beyond the safety of the Google Play walled garden to get ZNIU, so attackers trick them into downloading infected apps from untrusted sources with old-fashioned social engineering.

Moving UEBA Beyond the Ground Floor (LogRhythm, Sep 29 2017)
Insider threats, administrator abuse, and compromised accounts are among the most damaging and difficult to detect threats. User and entity-based analytics (UEBA) solutions are making it possible to detect these advanced threats by employing artificial intelligence (AI) and machine learning.

Where human intelligence outperforms AI (TechCrunch, Oct 02 2017)
With every new trend comes a counter-trend. And so despite the current excitement over the wonders of artificial intelligence, one company is betting that human intelligence can still deliver solutions for businesses that AI cannot hope to match.

EFF: Stupid patents are dragging down AI and machine learning (Ars Technica, Oct 02 2017)
“The patent reads like the table of contents of an intro to AI textbook.” Each month, the patent lawyers at the Electronic Frontier Foundation shine a spotlight on one particular patent they believe is a drag on innovation. This month, they’re looking at one of the fastest-growing sectors of technology: machine learning and artificial intelligence.

Turn Off Bluetooth, BlueBorne is in the Wild (Cylance Blog, Oct 02 2017)
BlueBorne is a collection of vulnerabilities that can be used to attack devices while bypassing operating system security measures. Attacks that target hardware exploits and bypass operating systems are the future of cyberattacks.

Gen AI — Artificial Intelligence Empowers a Generation of Radical Thinkers (Gartner Blog Network, Oct 03 2017)
The generation born after 2010 only knows a world with artificial intelligence technology. Prepare for Generation AI family members, consumers and workers who are creative, empowered and radical thinkers.

IoT can learn from smartphone security (Network World Security, Oct 03 2017)
Leveraging all of the capabilities in hardware designs and software from smartphones makes the most sense if security is to be taken as seriously as it should.

Another Mobile Feature Banks Should Offer: Subscription Management (Forrester Blogs, Oct 03 2017)
A year ago, Forrester published a report that listed Eleven Mobile Features That More Banks Should Offer…Subscription management functionality helps the customer quickly identify and stop unwanted subscription bills.