A Review of the Best News of the Week on AI, IoT, & Mobile Security

Budget Android manufacturer Blu settles with FTC over privacy fiasco (Sophos, May 08 2018)
In 2016, Kryptowire first noticed that Blu phones were calling home to China, sending user data every 72 hours, all without users being informed or opting in.

Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K (Krebs on Security, May 07 2018)
A monster distributed denial-of-service attack (DDoS) against KrebsOnSecurity.com in 2016 knocked the site offline for nearly four days. The attack was executed through a network of hacked “Internet of Things” (IoT) devices such as Internet routers, security cameras and digital video recorders.

Microsoft Charts Its Own Path on Artificial Intelligence (Wired, May 07 2018)
Google and Facebook are building custom chips for AI. Microsoft is using Intel chips that can be reprogrammed for different uses.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Leveraging security analytics to investigate and hunt modern threats (Help Net Security, May 07 2018)
…the “Left-Over Principle,” where simple tasks are the ones that get automated, leaving only the complex ones for humans…

AI Is Not an Easy Fix to Real Staffing Problems (Infosecurity Magazine, May 03 2018)
A Ponemon Institute report looks at the barriers to hiring qualified security staff in the age of automation.

How Frightened Should We Be of A.I.? (The New Yorker, May 08 2018)
Thinking about artificial intelligence can help clarify what makes us human—for better and for worse.

IoT Analytics Now Generally Available (AWS News Blog, May 01 2018)
The AWS IoT Analytics service is generally available. Customers can use IoT Analytics to clean, process, encrich, store, and analyze their connected device data at scale.

How to Eliminate the Need for Hardcoded AWS Credentials in Devices by Using the AWS IoT Credentials Provider (AWS Security Blog, Apr 30 2018)
If you own an IoT device, you might want the data to be uploaded seamlessly from your connected devices to the cloud so that you can make use of cloud storage and the processing power to perform sophisticated analysis of data. To upload the data to the AWS Cloud, devices must pass authentication and authorization checks performed by the respective AWS services.

Medical devices vulnerable to KRACK Wi-Fi attacks (Naked Security – Sophos, May 02 2018)
Some KRACKs still haven’t been papered over.

No Computing Device Too Small For Cryptojacking (Dark Reading, May 03 2018)
Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.

Microsoft brings more AI smarts to the edge (TechCrunch, May 07 2018)
As Microsoft announced, Azure IoT Edge, which sits on top of Microsoft’s IoT Hub service, is now getting support for Microsoft’s Cognitive Services APIs, for example, as well as support for Event Grid and Kubernetes containers. In addition, Microsoft is also open sourcing the Azure IoT Edge runtime, which will allow developers to customize their edge deployments as needed.

10 Lessons From an IoT Demo Lab (Dark Reading, May 07 2018)
The Demo Lab at InteropITX 2018 was all about IoT and the traffic – legitimate and malicious – it adds to an enterprise network.

Hackers Mine for Crypto-Coins on IoT Devices (Infosecurity Magazine, May 07 2018)
Crypto-jacking malware for connected devices is trending on the dark web, but criminals aren’t convinced it will turn a profit.

Pentagon Bans Huawei and ZTE Devices from Bases (Infosecurity Magazine, May 04 2018)
Latest move further restricts the Shenzhen duo from US market

Serious Security: The GLitch “row hammering” attack (Naked Security – Sophos, May 04 2018)
How the graphics chip in your mobile phone could allow crooks to deliver malware via your browser – no app download required.

Mobile first: Security concerns and solutions (Help Net Security, May 08 2018)
28% of users do not even use a screen lock, and nearly half – 40% – only update their OS when it’s convenient.

iOS users are 18x more likely to be phished than to download malware (Help Net Security, May 08 2018)
4000 new mobile phishing websites are launched every day.