A Review of the Best News of the Week on AI, IoT, & Mobile Security
Mirai IoT Botnet Co-Authors Plead Guilty (Krebs on Security, Dec 13 2017)
The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).
Facebook Can Now Find Your Face, Even When It’s Not Tagged (Wired, Dec 19 2017)
A new Facebook tool deploys facial-recognition to identify users in photos, even when they’re not tagged.
New Cisco App Helps Organizations Secure iOS Devices (SecurityWeek, Dec 14 2017)
Cisco on Thursday announced the availability of Security Connector, an iOS application designed to provide organizations visibility and control for mobile devices running Apple’s operating system.
The Researcher Who Wants to Bring AI to Factories (Wired, Dec 14 2017)
Andrew Ng, formerly of Google and Baidu, has a new company to help manufacturers use artificial intelligence techniques.
IoT Endpoint Security Standards Emerging (Gartner Blog Network, Dec 13 2017)
In July of 2017, Underwriters Laboratories (UL) began publishing the UL 2900 series “Software Cybersecurity for Network-Connectable Products” and which has been extended with supplements for biomedical, industrial control and life safety systems. This is resulting in a number of collaborative efforts including partnerships with ANSI, other standards bodies and industry.
IoT data exchange: Building trust and value (Help Net Security, Dec 13 2017)
The results of Cisco’s IoT Value/Trust Paradox report show that, while most consumers believe IoT services deliver significant value for them, very few understand or trust how their IoT data is being managed and used.
Apple plugs IoT HomeKit hole (Naked Security – Sophos, Dec 13 2017)
A researcher has discovered that Apple’s HomeKit Internet of Things (IoT) framework has a vulnerability serious enough to allow an attacker to control IoT devices using its protocol, such as thermostats, lights, power points, air conditioners, as well as smart home locks and garage door openers.
Threat Modeling the Internet of Things: Modeling Reaper (SecurityWeek, Dec 13 2017)
Could threat model have prevented Reaper? Part 1 of this series put forth the premise that if we want to make a safer Internet of Things, we need to be doing more rigorous threat models. Part 2 introduced simple threat modeling, and Part 3 applied a threat model to a real-world IoT project. Part 4 discussed the mitigation for the most crucial component of IoT consumables, the authentication system.
Xage emerges from stealth with a blockchain-based IoT security solution (TechCrunch, Dec 14 2017)
Getting the myriad of devices involved in the industrial internet of things provisioned and communicating with one another in a secure way will be one of the great technological challenges facing companies in the coming years. Xage emerged from stealth with a blockchain-based security solution that could help simplify this.
Five things CIOs can do as IoT adoption turns into a nightmare (Help Net Security, Dec 18 2017)
1. Basic benefits framework, 2. Securing IoT deployments, 3. Focus on devices, 4. Skills development, and 5. Organization structure & risk management
Apple Security Flaws Give Some Researchers Concern About Deeper Issues (Wired, Dec 13 2017)
Apple’s had some prominent security lapses lately. But is it just a rough patch, or something deeper?
An analysis of 120 mobile app stores uncovers plethora of malicious apps (Help Net Security, Dec 12 2017)
In third place, secondary store AndroidAPKDescargar had comparable numbers to Google and feral apps. In Q3, it more than doubled its number of malicious apps to 20,907, making up about one-third of its total app count and outpacing all other stores by more than 10,000.
iOS jailbreak exploit published by Google (Naked Security – Sophos, Dec 12 2017)
The story’s not quite as bad as it sounds at first – a bang-up-to-date iPhone is already safe against this exploit. But it’s still an interesting tale, so here goes.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs (Dark Reading, Dec 15 2017)
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Top Google Play App Dune! leaks data and geolocates users (SC Magazine, Dec 15 2017)
A Top Google Play App was found to be leaking sensitive data and to contain several OWASP flaws