A Review of the Best News of the Week on AI, IoT, & Mobile Security

BurnBox Makes Hidden Files Look Like You’ve Deleted Them (Wired, Jul 31 2018)
Cryptographers have developed a new technology designed to protect your secrets at the border.

Robots, immune to fear or favour, are making China’s foreign policy (South China Morning Post, Jul 30 2018)
The programme draws on a huge amount of data, with information ranging from cocktail-party gossip to images taken by spy satellites, to contribute to strategies in Chinese diplomacy

Is Google poised to own global IoT endpoints? (Gartner Blog Network, Jul 25 2018)
Google announced TPUs for edge devices. Announced at Google Next 2018, this Edge TPU comes as a discrete, packaged chip device. A collaboration with NXP was announced which (surprisingly considering my above rant about ISAs) implements four instances of and ARM-based pipeline. My guess is that eventually, this design will be licensed/integrated by other silicon partners.

Sponsored by LogRhythm
SIEM Magic Quadrant
Gartner Positions LogRhythm in SIEM Leaders Quadrant for 5th Consecutive Year. Get the report

Amazon’s Facial Recognition System Mistakes Members of Congress for Mugshots (Wired, Jul 26 2018)
Amazon has marketed its Rekognition facial recognition system to law enforcement. But in a new ACLU study, the technology confused 28 members of Congress with publicly available arrest photos.

The Double-Edged Sword of Artificial Intelligence in Security (Dark Reading, Jul 26 2018)
AI is revolutionizing cybersecurity for both defenders and attackers as hackers, armed with the same weaponized technology, create a seemingly never-ending arms race.

Hacking a Robot Vacuum (Schneier on Security, Jul 31 2018)
The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device. The attack requires physical access to the device, so in the scheme of things it’s not a big deal. But why in the world is the vacuum equipped with a microphone?

Samsung Patches Critical Vulnerabilities in SmartThings Hub (SecurityWeek, Jul 30 2018)
Samsung has patched a series of critical vulnerabilities in its SmartThings Hub, which could be exploited to execute OS commands or other arbitrary code on vulnerable devices.

Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub (Cisco Talos, Jul 31 2018)
The SmartThings Hub is a central controller that monitors and manages various internet-of-things (IoT) devices such as smart plugs, LED light bulbs, thermostats, cameras, and more that would typically be deployed in a smart home.

Hide ‘N Seek Botnet Targets Smart Homes (SecurityWeek, Jul 24 2018)
The infamous Hide ‘N Seek botnet is now targeting vulnerabilities in home automation solutions, network security firm Fortinet says.

Q&A: Jeff Wilbur of the Online Trust Alliance on why enterprise IoT security is a lot like BYOD (Network World Security, Jul 25 2018)
And a lot of these devices have either default or hardcoded passwords, and so, if they are reachable, they might be an attacker’s entry point – they may or may not be software-updateable, so we have recommendations in [our checklist] like, if you’re looking at it from the very beginning, you should set up some policies and rules for employees about what they can bring in and what characteristics it should have.

Two-Fifths of IT Leaders regard IoT Security as Afterthought (Infosecurity Magazine, Jul 27 2018)
Trend Micro research uncovers worrying lack of investment in protection

MUD: The Solution to Our Messy Enterprise IoT Security Problems? (Dark Reading, Jul 30 2018)
The ‘Manufacturer Usage Description’ proposal from IETF offers a promising route for bolstering security across the industry.

Risks grow, yet security is still an afterthought in many IoT strategies (Help Net Security, Jul 30 2018)
Trend Micro released survey findings that show businesses are most concerned about losing customer trust in the event of an Internet of Things related cyber attack, however they remain unprepared.

The Secret to Securing Smart Buildings (SecurityWeek, Jul 31 2018)
The good news is that these are challenges that regulators and policy makers are looking into. The EU’s Smart Buildings Alliance for Smart Cities (SBA) is developing codes of practice for building managers and vendors alike, while insurance companies are developing new product lines for risk assessment and cover in smart buildings.

HP Launches Bug Bounty Program for Printers (SecurityWeek, Jul 31 2018)
HP announced on Tuesday the launch of a bug bounty program for printers. The company is prepared to pay out up to $10,000 for serious vulnerabilities found in its products.

Google bans Android miners from Play Store (Naked Security – Sophos, Jul 30 2018)
Google has cracked down on apps that mine for cryptocurrency, banning them entirely from its official Google Play Store.

Android P security updates include hardware security module (SC Magazine, Jul 30 2018)
Android has announced its latest version, Android P, will include several security improvements such as a hardware security module, improved biometric authentication, and protected confirmation.

Exobot Android Malware Targets Banking Apps (Infosecurity Magazine, Jul 27 2018)
The interesting part here is that no Android permissions are required. All other Android banking Trojans families are using the Accessibility ore Use Stats permissions to achieve the same goal and therefore require user interaction with the victim”

Fake bank apps found on Google Play (SC Magazine, Jul 27 2018)
The fake apps, which were on Google Play between June and July 2018 and have since been removed, were traced back to a single attacker and were the same malicious app uploaded three separate times each using a different bank name. Either ICIC Bank, RBL Bank and HDFC Bank.

IBM Brings AI Chatbot to MaaS360 Unified Endpoint Management Security (eWEEK, Jul 30 2018)
Voice and text chat capabilities are coming to IBM’s MaaS360, providing organizations with easier ways to get information.