A Review of the Best News of the Week on AI, IoT, & Mobile Security
Mirai-variant attack launched from Mexico (SC Magazine, May 21 2018)
A pair of Trend Micro research teams has detected and done a quick cyber autopsy on a new Mirai-like attack that popped up in Mexico earlier this month targeting Gigabit Passive Optical Network (GPON) home routers and IP webcams.
President Trump reverses position on ZTE ban despite security warnings (SC Magazine, May 15 2018)
The Trump administration is working to lift sanctions on the Chinese telecommunications giant ZTE despite top intelligence officials’ warnings that the company poses a security risk to the U.S.
Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site (Krebs on Security, May 17 2018)
“LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site — without the need for any password or other form of authentication or authorization — KrebsOnSecurity has learned.”
How GDPR Will Impact the AI Industry (PCMag, May 18 2018)
GDPR gives users the power to demand that a company erase all their data from its servers. This won’t sit well with AI companies, which have a vested interest in keeping as much user data as possible to perform tasks such as predicting trends and user behavior.
CUJO AI closes strategic Series B round (Help Net Security, May 17 2018)
Network operators that deploy CUJO AI solutions on their infrastructure provide personalized customer experience, offer protection and ensure device management on home, mobile and public networks.
Forget Stuxnet, Even Simple IoT Hacking Can Disrupt (IT Pro, May 11 2018)
While advanced attacks like Stuxnet and BlackEnergy often get mentioned in IoT-hacking contexts, relatively simple attacks can cause outsized damage.
7 Tools for Stronger IoT Security, Visibility (Dark Reading, May 16 2018)
If you don’t know what’s on your IoT network, you don’t know what to protect — or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
BSI Launches IoT Kitemark to Help IT Buyers (Infosecurity Magazine, May 16 2018)
The British Standards Institution (BSI) has launched a new kitemark for internet of things (IoT) devices…There are three types of kitemark: residential, commercial and enhanced.
Internet of Things: Who is watching you? (Help Net Security, May 18 2018)
As compared to a year ago, 64 percent of respondents are more concerned about connected device threats, with IoT devices at the top of the list. Yet, slightly fewer are checking their wireless devices than last year. And one in three report their organizations are unprepared to detect connected device threats.
Relying on legacy security technologies leaves you blind to IoT threats (Help Net Security, May 18 2018)
100% of the organizations had rogue consumer IoT wireless devices on the enterprise network. 90% of the organizations had shadow IoT/IIoT wireless networks, undetected company-deployed wireless networks separate from the enterprise infrastructure
Google to require Android device-makers to roll out OS security patches regularly (WeLiveSecurity, May 16 2018)
The move is intended to help address the mobile platform’s perennial problem – that many manufacturers of Android-powered devices are slow to get software updates out the door
Programming Error Exposes Thousands of iOS Apps to Hijacking (PCMag, May 17 2018)
The error can let a hacker on the same Wi-Fi network as an iPhone overwrite data and execute code within the affected app, a team of experts say.
ZipperDown catches 170,000 iOS apps with their pants down (Naked Security – Sophos, May 18 2018)
As Pangu Lab alludes to in its advisory, exploiting it appears to require control of a Wi-Fi network, for example using a compromised public hotspot. That’s not hard to imagine happening but still limits the chances of compromise for most users.
Roaming Mantis’ Android Malware Evolves, Expands Targets (Dark Reading, May 21 2018)
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
Fortnite is coming to Android, but malicious fake apps are already there (Help Net Security, May 21 2018)
Android users eager to play the increasingly popular Fortnite survival game on their mobile devices are being targeted left and right with malicious apps masquerading as the game or apps related to it.
Apple Removes CallKit Apps From Chinese App Store, Citing New Cybersecurity Laws (Gizmodo, May 19 2018)
The Chinese government appears to be concerned that CallKit might allow users to avoid censors and surveillance, which is related to its overall concern over Voice over Internet Protocol communications.
‘Too inconvenient’: Trump goes rogue on phone security (Politico, May 22 2018)
The president, who relies on cell phones to reach outside advisers and to tweet to his millions of followers, has rebuffed attempts by White House staff to beef up security on his official devices.
TeenSafe phone monitoring app leaks teens’ iCloud logins in plaintext (Naked Security – Sophos, May 22 2018)
A security researcher has discovered at least two servers hosted by a “secure” monitoring app for iOS and Android, TeenSafe, that were up on Amazon Web Services (AWS) for months without the need for a passcode to get at their data.
Facebook conspiracy theories after Android app tries to “get root” (Naked Security – Sophos, May 21 2018)
Facebook’s Android app suddenly started making a bid for superuser access. Conspiracy theories popped up like fungi. (It’s now fixed.)
Android Malware Targets North Korean Deflectors (SecurityWeek, May 21 2018)
Recent attacks orchestrated by a hacking group referred to as “Sun Team” have targeted North Korean deflectors via malicious applications in the Google Play store, McAfee reports.