A Review of the Best News of the Week on AI, IoT, & Mobile Security

The rise of AI needs to be controlled, report warns (WeLiveSecurity, Mar 02 2018)
Now, a team of 26 AI experts, including from Oxford, Cambridge and Yale universities, OpenAI, and the Electronic Frontier Foundation, has zeroed in on how AI could be misused for nefarious ends – an aspect that the experts believe has been on the back burner in academia.

How to start analyzing the security of your IoT devices (WeLiveSecurity, Mar 02 2018)
Try to identify which components could be useful to you when you come to search for possible vulnerabilities, like serial ports, the UART controller, flash drives, filtering modules, JTAG interfaces, etc. Now you have your diagram, you have your analysis lab ready, but… what are you actually looking for?

Mobile Banking Trojans as Keen on Cryptocurrency as PC Malware (Security Intelligence, Mar 06 2018)
Cybercriminals are emulating PC malware to develop mobile banking Trojans that leverage malicious miners to steal cryptocurrency and deliver it to attacker-controlled wallets.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Machine learning self defence: how to not shoot yourself in the foot (Naked Security – Sophos, Mar 01 2018)
Our machine learning series starts with arguably the biggest threat you face: yourself.

AI Emerges as a Powerful Tool for Cyber-Threat Actors (Infosecurity Magazine, Feb 27 2018)
Hivenets (clusters of compromised devices) have the ability to automatically identify and target additional vulnerable systems.

IBM Watson CTO Rob High on bias and other challenges in machine learning (TechCrunch, Feb 27 2018)
For IBM Watson CTO Rob High, the biggest technological challenge in machine learning right now is figuring out how to train models with less data.

AI-based cybersecurity startup CounterFlow AI raised $2.7 million seed round financing (Tech Startups, Feb 28 2018)
Counterflow AI is a Virginia-based startup that is developing a network forensics platform for threat hunting.

Artificial Intelligence in Black and White (Recorded Future, Feb 28 2018)
There are two sides to making technological advances using artificial intelligence — one for the white hats, and one for the black hats.

Microsoft advances several of its hosted artificial intelligence algorithms (TechCrunch, Mar 01 2018)
Joseph Sirosh, who leads the Microsoft’s cloud AI efforts, defined Microsoft Cognitive Services in a company blog post announcing the enhancements, as “a collection of cloud-hosted APIs that let developers easily add AI capabilities for vision, speech, language, knowledge and search into applications, across devices and platforms such as iOS, Android and Windows.”

Extracting Secrets from Machine Learning Systems (Schneier on Security, Mar 05 2018)
This is fascinating research about how the underlying training data for a machine-learning system can be inadvertently exposed. Basically, if a machine-learning system trains on a dataset that contains secret information, in some cases an attacker can query the system to extract that secret information. My guess is that there is a lot more research to be done here.

FortiGuard Artificial Intelligence (AI) Launches Proactive Threat Detection at Machine Speed and Scale (Fortinet, Mar 06 2018)
FortiGuard AI is built into Fortinet’s threat intelligence services platform and delivers automated threat analysis and detection to ensure customer Security Fabric solutions are continually updated to protect against the latest threats across a rapidly expanding threat landscape.

How to Shield Against IoT Security Threats (SecurityWeek, Feb 28 2018)
The strong adoption rates in these verticals is tied to the benefits IoT devices provide in terms of tracking inventory, managing machines, increasing efficiency, improving customer interaction and service, reducing maintenance costs, and even saving lives. According to Intel, by 2025, the total global worth of IoT technology could be as much as 6.2 trillion US Dollars.

Is your IoT strategy creating security holes? (Help Net Security, Mar 02 2018)
Although most organizations plan to increase adoption of IoT into operations, only 28 percent consider security strategies specific to IoT as “very important.”

Startup Xage Launches Blockchain-Protected IIoT Security (eWEEK, Mar 02 2018)
New company distributes authentication and private data across industrial edge network of devices, creating a tamper-proof fabric for communication, authentication and trust.

Global police test their cyber-chops in simulated IoT attack (WeLiveSecurity, Mar 05 2018)
Cybercrime investigators from across the world joined a training exercise recently that had them dealing with a simulated attack launched through an Internet-of-Things (IoT) device.

Researchers Warn of Mobile Blackmail Malware (Infosecurity Magazine, Feb 28 2018)
Researchers are warning of a newly-discovered mobile spyware variant designed to record victims with a view to potentially blackmailing them. Security vendor Wandera discovered the RedDrop malware in a wide range of 53 applications including image editors, calculators and foreign language education apps.

Samsung Smartphones Get Encrypted Communications (SecurityWeek, Feb 27 2018)
KoolSpan this week announced a partnership with Samsung to implement secure communications on Samsung smartphones.

How Secure is Your Online Banking App? (Checkmarx, Feb 26 2018)
The main issue they found pertains to a flaw in certificate pinning, which meant that tests were failing to detect “a serious vulnerability that could let attackers take control of a victim’s online banking,” The Register said.

Don’t fall for fake iTunes and App Store messages (Naked Security – Sophos, Mar 02 2018)
Ever received an email that looks for all the world like it’s from Apple? Like, maybe a receipt from an iTunes purchase that you don’t remember making? Well, that’s easy to fix, right? Just click on the link to update your account information and…

Top 6 iPhone Hacking Tools for Mobile Penetration Testers (InfoSec Resources, Mar 05 2018)
In this article, we outline the use and utility six popular iPhone hacking tools, see how they interact with iOS software and outline the results you can expect to achieve.