A Review of the Best News of the Week on AI, IoT, & Mobile Security

Hackers Claim to Break Face ID a Week After iPhone X Release (Wired, Nov 12 2017)
A cybersecurity firm in Vietname successfully duplicated someone’s face to unlock his iPhone X—with what looks like a simpler technique than some security researchers believed possible.

Watch a 10-Year-Old Beat Apple’s Face ID on His Mom’s iPhone X (Wired, Nov 14 2017)
Yes, twins can unlock each other’s iPhones. But kids accessing their parents’ devices raises different concerns.

The Super Secret Cloudflare Master Plan, or why they acquired Neumob (Cloudflare Blog, Nov 14 2017)
Cloudflare has acquired Neumob. Neumob’s team built technology to speed up mobile apps, reduce errors on challenging mobile networks, and increase conversions. Cloudflare will integrate the Neumob technology with their global network to give Neumob global reach.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Over a million Android users fooled by fake WhatsApp app in official Google Play Store (The Register, Nov 07 2017)
Once again Google’s Play Store has proved less than excellent at tackling malicious apps, after netizens found a fake version of WhatsApp that was good enough to fool over a million people into downloading it.

The ‘internet of things’ is sending us back to the Middle Ages (The Conversation, Nov 08 2017)
If we don’t have the right to control our own property, we don’t really own it. We are just digital peasants, using the things that we have bought and paid for at the whim of our digital lord.

Goldilocks’ Legislation Aims to Clean up IoT Security (Dark Reading, Nov 09 2017)
The proposed Internet of Things Cybersecurity Improvement Act of 2017 is not too hard, not too soft, and might be just right.

IoT is Insecure, Get Over It! Say Researchers (Threatpost, Nov 08 2017)
Drawing from their car hacking experience, the two spent the morning contemplating the larger universe of IoT security and conceded that there will always be thousands of connected devices that will never be secure, and that industry should prioritize personal safety and the security of automobiles and medical devices, for example, over toothbrushes and door locks.

Eavesdropper Vulnerability Exposes Mobile Call, Text Data (Threatpost, Nov 09 2017)
Mobile app developers who code using the Twilio cloud-based platform and are forgetful about removing their hardcoded credentials have put businesses messaging data at risk for exposure.

Russian Developer Snuck Cryptocurrency Mining into Android Apps (Dark Reading, Nov 14 2017)
Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.

Lock it up! New hardware protections for your lock screen with the Google Pixel 2 (Google Online Security Blog, Nov 14 2017)
The new Google Pixel 2 ships with a dedicated hardware security module designed to be robust against physical attacks. This hardware module performs lockscreen passcode verification and protects your lock screen better than software alone.

AI’s latest application: wasting email scammers’ time (Engadget, Nov 14 2017)
Where do the marvels of machine learning end?

Cisco: Most IoT projects are failing due to lack of experience and security (ZDNet, Nov 14 2017)
Cisco CTO Kevin Bloch has revealed that 75 percent of all IoT projects are failing due to segmentation and a lack of experience by companies developing them, with Bloch also emphasising the importance of cybersecurity for IoT.

2018 Malware Forecast: the onward march of Android malware (Naked Security – Sophos, Nov 07 2017)
Looking at the top Android malware families since the beginning of 2017, Rootnik was most active – 42% of all such malware stopped by SophosLabs. PornClk was second most active at 14%, while Axent, SLocker and Dloadr followed behind at 9%, 8% and 6%, respectively.

Demystifying ML: How machine learning is used for speech recognition (Google Cloud Platform Blog, Nov 03 2017)
“This is the second blog post in our series that looks at how machine learning can be used to solve common problems. In this article, we discuss how ML is used in speech recognition.”

“Hot Dog Or Not?”: Don’t Fear the A.I. (Gartner Blog Network, Nov 10 2017)
In Season 4, Episode 4 of HBO’s Silicon Valley, a story arc was built around an app called “Not Hotdog.” An actual app for your iPhone or Android, “Not Hotdog” used an A.I. image recognition algorithm to determine whether a photo you gave it likely contained a classic hot dog (or not)

Transparency of machine-learning algorithms is a double-edged sword (WeLiveSecurity, Nov 13 2017)
The European Union’s General Data Protection Regulation (GDPR), which will come into force on May 25, 2018, redefines how organizations are required to handle the collection and use of EU citizens’ personal data.

Multi-vector Attack on Android Throws the Kitchen Sink at Victims (Infosecurity Magazine, Nov 08 2017)
A banking credential phish is followed by tricking the victim into installing the Marcher banking trojan, and attempts to steal credit-card info.

Check These iOS 11 Privacy and Security Settings Right Now (Wired, Nov 08 2017)
Heads up, iPhone owners. iOS 11 comes with a batch of security features that merit your attention.

Why human-machine teaming is the future of cybersecurity (FederalNewsRadio, Nov 08 2017)
Eric Trexler, the executive director of national security and civilian programs for McAfee, explains why machine learning is the fastest way to identify attacks and mitigate their impact.

The IoT Blindspot (Dark Reading, Nov 08 2017)
Confusion over whether IT staff or line of business professions are responsible for IoT management and security plays big role in a lack of visibility into those devices.