A Review of the Best News of the Week on AI, IoT, & Mobile Security

Sending Inaudible Commands to Voice Assistants (Schneier on Security, May 15 2018)
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant.

ZTE Woes Loom as US-China Trade Tensions Rise (SecurityWeek, May 12 2018)
With a major Chinese smartphone maker on the rocks following US sanctions, the trade spat between Washington and Beijing appears to be taking a turn for the worse for tech firms in the two global economic powerhouses.

APT Attacks on Mobile Rapidly Emerging (Dark Reading, May 08 2018)
Mobile devices are becoming a ‘primary’ enterprise target for attackers.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Google Staffers Resign Over Work on Pentagon AI Project (PCMag, May 15 2018)
Some employees want Google to end its involvement with Project Maven, a Pentagon effort to use AI systems to analyze footage taken from aerial drones.

How To Approach AI-Enhanced Cybersecurity (SC Magazine, May 15 2018)
12 percent of enterprise organizations have already deployed AI-based security analytics extensively, while another 27 percent have deployed AI-based security analytics on a more limited basis.

Hacking for fun and profit: How one researcher is making IoT device makers take security seriously (Help Net Security, May 10 2018)
After sharing these discoveries with the manufacturer and not getting a response for six months, he went to the BBC. They did a piece on it and, suddenly, the manufacturer got in touch.

Hide ‘N Seek IoT Botnet Can Survive Device Reboots (SecurityWeek, May 08 2018)
The Internet of Things (IoT) botnet known as Hide ‘N Seek that first emerged in January can now achieve persistence on infected devices, Bitdefender reports.

Xage introduces fingerprinting to protect industrial IoT devices (TechCrunch, May 14 2018)
As old-school industries like oil and gas increasingly network entities like oil platforms, they become more vulnerable to hacking attacks that were impossible when they were stand-alone.

Shadow IoT Devices Pose a Growing Problem for Organizations (Dark Reading, May 14 2018)
An Infoblox survey shows many companies have thousands of non-business Internet of Things devices connecting to their network daily.

The Enterprise of Thing’s troubling lack of security (Network World Security, May 14 2018)
Enterprise deployment of IoT devices brings a unique requirement to enterprise security that is distinct from normal end points and data centers. Here are three strategies to address it.

Report: Twitter Testing ‘Secret Conversation’ Feature (PCMag, May 08 2018)
Encrypted chats discovered as a hidden feature inside Twitter’s Android APK.

Android App With 10 Million Downloads Left Users’ Photos and Audio Messages Exposed to Public (Motherboard, May 15 2018)
The developers of Drupe, a popular Android app, left its users’ data, including selfies and audio messages, on insecure, publicly accessible Amazon cloud servers.

Watch out: photo editor apps hiding malware on Google Play (Naked Security – Sophos, May 10 2018)
Innocent-looking apps with ad clicker malware have bypassed Google’s safeguards

Apple Axes Apps Sharing Location Data With Third Parties (PCMag, May 09 2018)
Cupertino seems to be more strictly enforcing existing App Store rules ahead of General Data Protection Regulation, which takes effect on May 25.

Google Releases Additional Meltdown Mitigations for Android (SecurityWeek, May 09 2018)
As part of its May 2018 Android Security Bulletin, Google this week released additional mitigations for the Meltdown attack that impacts microprocessors from Intel, AMD, and other vendors.

iOS 11.4 to come with 7-day USB shutout (Naked Security – Sophos, May 11 2018)
After 7 days if there’s no passcode, then there’s no access.

Text bombs and ‘Black Dots of Death’ plague WhatsApp and iMessage users (Graham Cluley, May 11 2018)
If you believed all the headlines you would think the problem is more serious than it really is.

Wyden demands FCC probe into wireless carriers allowing law enforcement “unrestricted” access to location data (SC Magazine, May 11 2018)
Noting that law enforcement can obtain location data by going through a Securus web portal, Wyden asked what carriers were doing to prevent abuse of private customer data.

The next Android version’s killer feature? Security patches (Naked Security – Sophos, May 15 2018)
Not before time, Google is addressing the mess it’s made of Android updates