A Review of the Best News of the Week on AI, IoT, & Mobile Security
Can This System of Unlocking Phones Crack the Crypto War? (Wired, Apr 25 2018)
Ray Ozzie thinks his Clear method for unlocking encrypted devices can attain the impossible: It satisfies both law enforcement and privacy purists.
How to handle mistakes while using AI to block attacks (Elie Bursztein – Google, Apr 29 2018)
This post looks at the main difficulty faced while using a classifier to block attacks: handling mistakes and uncertainty such that the overall system remains secure and usable
IoT Inspector Tool from Princeton (Schneier on Security, May 01 2018)
Researchers at Princeton University have released IoT Inspector, a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They’ve already used the tool to study a bunch of different IoT devices.
Gartner Says Global Artificial Intelligence Business Value to Reach $1.2 Trillion in 2018 (Gartner, Apr 25 2018)
Global business value derived from artificial intelligence (AI) is projected to total $1.2 trillion in 2018, an increase of 70 percent from 2017, according to Gartner, Inc. AI-derived business value is forecast to reach $3.9 trillion in 2022.
AI Can Help Cybersecurity—If It Can Fight Through the Hype (Wired, Apr 29 2018)
There are a ton of claims around AI and cybersecurity that don’t quite add up. Here’s what’s really going on.
Google Cofounder Sergey Brin Warns of AI’s Dark Side (Wired, Apr 27 2018)
“The new spring in artificial intelligence is the most significant development in computing in my lifetime,” Brin writes
Splunk Advances Product Portfolio with Advanced AI Capabilities (eWEEK, Apr 30 2018)
New versions of Splunk Enterprise, Cloud and IT Service Intelligence debut, benefiting from improved machine learning features.
27 Incredible Examples Of AI And Machine Learning In Practice (Forbes, Apr 30 2018)
Here are 27 amazing practical examples of AI and machine learning. (Not really security related, but still inteteresting…)
Turning an Amazon Echo Into a Spy Device Only Took Some Clever Coding (Wired, Apr 25 2018)
In Checkmarx’s example, when the user then asks their enabled calculator to do some simple math, that request gets routed to the skill, which returns the answer. Normally, the interaction would end there, and the mic would stop transmitting. But the researchers programmed their skill so that instead, a developer functionality called “shouldEndSession” would automatically keep the Echo listening for another cycle.
Automating Industrial IoT Security (Microsoft Azure Blog, Apr 20 2018)
“Industrial IoT is the largest IoT opportunity. At Microsoft, we serve this vertical by offering an Industrial IoT Cloud Platform Reference Architecture, which we have conveniently bundled into an open-source Azure IoT Suite solution called Connected Factory and launched it at HMI 2017 a year ago.”
The NSA wants its algorithms to be a global IoT standard. But they’re simply not trusted (Graham Cluley, Apr 27 2018)
“I don’t trust the designers. There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”
Flawed routers with hardcoded passwords were manufactured by firm that posed ‘national security risk’ to UK (Graham Cluley, Apr 27 2018)
Earlier this month the UK’s National Cyber Security Centre (NCSC) issued a warning to telecoms firms about the potential risks posed by devices manufactured by Chinese-state owned enterprise ZTE.
What Meltdown and Spectre Mean for Mobile Device Security (Dark Reading, Apr 30 2018)
Here are four tips to keep your mobile users safe from similar attacks.
Mingis on Tech: The lowdown on Android security (Network World Security, Apr 25 2018)
Google’s Android OS sometimes gets unfairly maligned as being weak on security. Computerworld blogger JR Raphael explains why that’s a misconception and how users can keep their devices safe.
Left-shifting enterprise appsec: what we can learn from mobile app developers (CSO Online, Apr 18 2018)
Multiple, concurrent innovations in enterprise application development present the opportunity to improve application security by “left-shifting” it to the beginning (and throughout) the dev cycle.