A Review of the Best News of the Week on AI, IoT, & Mobile Security

Where have all the AI flowers gone? (Gartner Blog Network, Jun 29 2018)
“Have you put a real killer application that exploits AI into volume production use? I didn’t think so. As of last year, only 4 (that’s FOUR) percent of 3,182 CIOs world-wide report they’ve put an AI-related application into production (or planned to do so within the next 12 months.)”

Traffic Analysis of the LTE Mobile Standard (Schneier on Security, Jul 02 2018)
Interesting research in using traffic analysis to learn things about encrypted traffic. It’s hard to know how critical these vulnerabilities are. They’re very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

Google Expands Android’s Compiler-Based Mitigations (SecurityWeek, Jun 29 2018)
Google this week announced expanded compiler-based mitigations in Android P, in an attempt to make bugs harder to exploit and prevent specific types of issues from becoming vulnerabilities.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

IBM Addresses AI Bias with Massive Image Archive (eWEEK, Jun 28 2018)
IBM revealed that it will soon make available to the global research community a dataset of 1 million images to improve facial analysis system training; plus a dataset of 36,000 facial images that algorithm designers can use to evaluate bias in their own facial analysis systems.

Are you happy with this technology that Facebook’s developing? (Naked Security – Sophos, Jun 28 2018)
New patents suggest Facebook’s going to soon know when you’re asleep, when you’re awake, and is going to have a good guess at when you’re going to die.

Facebook is using machine learning to self-tune its myriad services (TechCrunch, Jun 28 2018)
Instead of looking at some data and coding what you want the system to do, you teach the system the right way to do it and it does it for you, using the massive stream of data to continually teach the machine learning models how to push the systems to be ever better.

Natural Language Processing Fights Social Engineers (Dark Reading, Jun 29 2018)
Researchers used natural language processing to detect malicious content in more than 187,000 phishing and non-phishing emails.

AI senses people’s pose through walls (ScienceDaily, Jul 03 2018)
A new wireless smart-home system could help detect and monitor disease and enable the elderly to ‘age in place.’

Beyond the hash: How unsupervised machine learning unlocks the true power of JA3 (Darktrace Blog, Jun 23 2018)
Darktrace’s AI algorithms autonomously detect which JA3s are anomalous for the network as a whole, and which JA3s are unusual for specific devices.

Fairhair Alliance Building IoT Security Architecture (Dark Reading, Jun 26 2018)
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.

GlobalSign launches IoT Identity Platform addressing IoT device security requirements (Help Net Security, Jun 26 2018)
Using Public Key Infrastructure (PKI) as the identity mechanism, the IoT Identify Platform can serve the varied security use-cases of the IoT across all verticals, including manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare, other industrial ecosystems and more.

539 percent uptick in attacks targeting consumer-grade routers since, study (SC Magazine, Jun 27 2018)
The first quarter of 2018 saw a dramatic increase in the number of cyberattacks targeting consumer-grade routers.

Azure IoT Edge Exits Preview with Security Updates (Dark Reading, Jul 02 2018)
Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.

Why Are Android Devices Slow to Patch? (The Duo Blog, Jun 25 2018)
As Duo Labs found in the latest iteration of The 2018 Duo Trusted Access Report, 90 percent of Android devices were not on the latest security patch released 26 days prior.

Mobile is the new frontier for malicious bots (Help Net Security, Jun 28 2018)
Distil Networks analyzed over 100 million mobile devices on its networks. The findings suggest that sophisticated cybercriminals and bot operators now implement a new technique—leveraging mobile devices – to avoid detection and execute a number of nefarious acts.

Asiahitgroup Gang’s latest effort to push malicious apps on Google Play (SC Magazine, Jun 28 2018)
The AsiaHitGroup Gang earlier this year released its third wave of fraudulent apps into Google Play, this time one that uses a silent background push notification to subscribe their victim to a premium mobile service.

RAMpage vulnerability impacts every Android device since 2012 (SC Magazine, Jun 29 2018)
Dubbed RAMpage, the vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack and is caused by a hardware bug in memory cards.

US to Ban China Mobile on Security Concerns (Infosecurity Magazine, Jul 03 2018)
The state-backed telco has been tied up for seven years on an application for a Section 214 license to offer international voice traffic from the US to foreign countries, according to the Commerce Department’s National Telecommunications and Information Administration (NTIA).