A Review of the Best News of the Week on AI, IoT, & Mobile Security

Defeating the iPhone Restricted Mode (Schneier on Security, Jul 18 2018)
Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it.

NIST Updating Recommendations for Mobile App Security (eWEEK, Jul 23 2018)
The 50-page draft revision includes additional clarity and details on how to minimize mobile app risks.

T-Mobile Launches Narrowband IoT Communications Nationwide (eWEEK, Jul 22 2018)
Narrowband IoT is designed to provide a pathway for low-power devices that don’t require much bandwidth to communicate without interference.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity (Dark Reading, Jul 20 2018)
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.

Quantum computing revenue to hit $15 billion in 2028 due to AI, R&D, cybersecurity (Help Net Security, Jul 24 2018)
The demand for quantum computing services will be driven by some process hungry research and development projects as well as by the emergence of several applications including advanced artificial intelligence algorithms, next-generation encryption, traffic routing and scheduling, protein synthesis, and/or the design of advanced chemicals and materials.

Free New Scanner Aims to Protect Home Networks (Dark Reading, Jul 19 2018)
Free software pinpoints vulnerabilities and offers suggestions for remediation.

Researchers report two code execution bugs in Diqee robotic vacuums (SC Magazine, Jul 19 2018)
We already know that robotic vacuum cleaners tend to have difficultly cleaning dog poop, but they sometimes need to do a better job cleaning up their code as well.

The Path to Securing IoT Ecosystems Starts at the Network (SecurityWeek, Jul 19 2018)
Perimeter defense is based on the trust/no trust model – trust what’s inside the network, don’t trust what’s outside coming in. This model is no longer pertinent nor sufficient, especially in an IoT world as both the software embedded in IoT devices can be a Trojan horse.

Malware author ‘Anarchy’ builds 18,000-strong Huawei router botnet (SC Magazine, Jul 20 2018)
The threat actor exploited the CVE-2017-17215 in Huawei HG532 routers which is a well-known exploit that has already been abused by at least two versions of the Satori botnet and many of the smaller Mirai-based offshoots.

Mirai, Gafgyt IoT Botnet Attacks Intensify (SecurityWeek, Jul 23 2018)
Security researchers are warning of a new wave of attacks associated with two infamous Internet of Things (IoT) botnets: Mirai and Gafgyt.

Half a Billion Enterprise Devices Exposed by DNS Rebinding (SecurityWeek, Jul 23 2018)
DNS rebinding, an attack method that has been known for more than a decade, allows a remote hacker to bypass the targeted entity’s network firewall and abuse their web browser to directly communicate with devices on the local network and exploit any vulnerabilities they may have.

Endpoint Concerns Blight IIoT Security (, Jul 24 2018)
The 2018 SANS Industrial IoT Security Survey includes responses from over 200 security, IT and OT professionals in organizations ranging in size from less than 1000 to over 50,000 employees.

Xage secures $12 million Series A for IoT security solution on blockchain (TechCrunch, Jul 23 2018)
Xage is building a security fabric for IoT, which takes blockchain and synthesizes it with other capabilities to create a secure environment for devices to operate. If the blockchain is at its core a trust mechanism, then it can give companies confidence that their IoT devices can’t be compromised. Xage thinks that the blockchain is the perfect solution to this problem.

Messenger Apps Top Risk Hit Parade (Dark Reading, Jul 18 2018)
Whether running on iOS or Android, Facebook’s and WhatsApp’s messenger apps present a ‘winning’ combination.

Google hit with $5.1b fine in EU’s Android antitrust case (Naked Security – Sophos, Jul 19 2018)
This could mean the end of free Android. In the meantime, Google plans to appeal.

Venmo users: time to hide your drug deals and excessive pizza consumption (Naked Security – Sophos, Jul 19 2018)
To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious, it’s a privacy nightmare.

Hackers automate the laundering of money via Clash of Clans (Graham Cluley, Jul 19 2018)
According to a new report, popular smartphone games such as “Clash of Clans” are being used to launder hundreds of thousands of dollars on behalf of credit card thieves.

WhatsApp limits message forwarding in response to lynchings (Naked Security – Sophos, Jul 23 2018)
New restrictions in the WhatsApp messaging app are designed to combat a spate of mob lynchings.

The Bluetooth “device snooping bug” – what you need to know (Naked Security – Sophos, Jul 24 2018)
Simply put, a crook who is in the right place at the right time might be able to figure out the encryption key that one of your Bluetooth devices is using to talk to your laptop, or your bicycle computer, or your phone, or whatever it’s paired with.

Botnet Targets Open Ports on Android Devices (SecurityWeek, Jul 23 2018)
A wave of attacks is targeting Android devices with port 5555 open, likely in an attempt to ensnare them into a botnet, Trend Micro warns.