A Review of the Best News of the Week on AI, IoT, & Mobile Security

How Android Phones Hide Missed Security Updates From You (Wired, Apr 12 2018)
A study finds that Android phones aren’t just slow to get patched; sometimes they lie about being patched when they’re not.

Machine learning: Security product or feature? (CSO Online, Apr 06 2018)
Apart from game-changing security technologies, market movement indicates that machine learning is a product feature.

Big data And AI Craziness Is Ruining Security Innovation (Augusto Barros – Gartner, Apr 11 2018)
“I don’t care if you use Hadoop or grep+Perl scripts. If you can demonstrate enough performance to do what you claim you can do, that’s what matters to me from a backend point of view. Now, can you show me that your tool does what it should do better than your competitors?”


Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report


Industrial Internet Consortium Develops New IoT Security Maturity Model (SecurityWeek, Apr 11 2018)
The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model: Description and Intended Use. This is primarily a high-level overview aimed at the less technical of IoT stakeholders.

Government cyber defenses should look to AI, behavior analytics, Cisco report (SC Magazine, Apr 11 2018)
As threat actors weaponize more technology, Cisco researchers warn government agencies should look to behavior analytics in order to face new threats.

Automation, AI, And Robotics Are Critical CIO Targets (Forrester Blogs, Apr 11 2018)
CIOs, CTOs, CDOs, and other leaders driving technology innovation should keep in mind the wide-ranging impact automation technologies will have on their businesses. These include examples like: AI-enhanced RPA, Software-defined infrastructure, Marketing automation, Computer vision, and Physical robotics.

MinerEye introduces AI-powered Data Tracker (Help Net Security, Apr 16 2018)
MinerEye is launching MinerEye Data Tracker, an AI-powered governance and data protection solution that will enable companies to continuously identify, organize, track and protect vast information assets including undermanaged, unstructured and dark data for safe and compliant cloud migration.

Thanks to AI, These Cameras Will Know What They’re Seeing (Wired, Apr 17 2018)
A new breed of chips incorporate artificial intelligence into relatively cheap cameras, enabling new apps but also more ubiquitous surveillance.

IBM Releases Open Source AI Security Tool (SecurityWeek, Apr 17 2018)
IBM today announced the release of an open source software library designed to help developers and researchers protect artificial intelligence (AI) systems against adversarial attacks.

AI: A Short Fiction Scenario (Gartner Blog Network, Apr 13 2018)
I enjoy writing research for Gartner, but it doesn’t let me indulge my literary side too often. Until now. I was recently part of a scenario-building effort around Future of Work Scenarios 2035, the documents of which have just been published. The main document “How Will Leaders Manage in a Majority-Bot Workforce World?” describes the four scenarios we explored. I was assigned to the most pessimistic scenario: “Bots Go Bad’.”

An Elaborate Hack Shows How Much Damage IoT Bugs Can Do (Wired, Apr 16 2018)
Rube-Goldbergesque IoT hacks are surprisingly simple to pull off—and can do a ton of damage.

Mocana Launches Supply Chain Integrity Platform to Secure IoT, ICS Devices (SecurityWeek, Apr 12 2018)
Securing the supply chain, and securing industrial IoT devices and industrial control systems (ICS) are two of security’s biggest challenges today — but securing the supply chain of industrial IoT is particularly challenging.

Real-time detection of consumer IoT devices participating in DDoS attacks (Help Net Security, Apr 16 2018)
Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved.

Microsoft to Roll Out Azure Sphere for IoT Security (Dark Reading, Apr 17 2018)
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.

Google Turns TLS on By Default on Android P (SecurityWeek, Apr 13 2018)
Applications targeting the next version of Android (Android P) are required to use encrypted connections by default, Google said on Thursday.

Android Trojan Spreads via DNS Hijacking (SecurityWeek, Apr 17 2018)
An Android Trojan masquerading as popular mobile applications is propagating via smartphones roaming between Wi-Fi networks, Kaspersky Lab warns.

A Pair of Mobile Apps in Google Play Target Mideast Victims (Infosecurity Magazine, Apr 16 2018)
ViperRAT 2.0 and Desert Scorpion represent a rare instance of a malicious APT in an official app marketplace.