A Review of the Best News of the Week on AI, IoT, & Mobile Security

Millions of Android Devices Are Vulnerable Out of the Box (Wired, Aug 10 2018)
Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.

AI for cybersecurity is a hot new thing—and a dangerous gamble (MIT Technology Review, Aug 13 2018)
Machine learning and artificial intelligence can help guard against cyberattacks, but hackers can foil security algorithms by targeting the data they train on and the warning flags they look for.

DARPA takes aim at deepfake forgeries (Naked Security – Sophos, Aug 09 2018)
DARPA’s MediaFor project has come up with tools it says can spot AI-created fakes.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Machine Learning Can Identify the Authors of Anonymous Code (Wired, Aug 10 2018)
Researchers have repeatedly shown that writing samples, even those in artificial languages, contain a unique fingerprint that’s hard to hide.

Detecting Phishing Sites with Machine Learning (Schneier on Security, Aug 09 2018)
A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites that spoof certain brands or functions common to identity-processing sites. But it’s not something humans can do in real time very well — which is where machine learning steps in.

IBM Demonstrates DeepLocker AI Malware at Black Hat (eWEEK, Aug 08 2018)
IBM researchers have developed a new proof of concept malware that can be highly targeted and very difficult to detect.

Where should companies focus as they begin their machine learning journey? (Help Net Security, Aug 08 2018)
51% of respondents use internal data science teams to build their machine learning models, whereas use of AutoML services from cloud providers is in low single digits, and this split grows even more pronounced among sophisticated teams. Companies with less-extensive experience tend to rely on external consultants.

When Bots Teach Themselves to Cheat (Wired, Aug 08 2018)
Even with logical parameters, AI programs can develop shortcuts and workarounds that humans didn’t think to deem off-­limits.

The Enigma of AI & Cybersecurity (Dark Reading, Aug 10 2018)
We’ve only seen the beginning of what artificial intelligence can do for information security.

Improved Standards for Securing Medical Devices Released (Infosecurity Magazine, Aug 07 2018)
Cloud Security Alliance and OWASP announce updates to medical device deployment standards.

Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos (Dark Reading, Aug 10 2018)
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.

IoT malware found hitting airplanes’ SATCOM systems (Help Net Security, Aug 10 2018)
In 2014, IOActive researchers revealed security vulnerabilities they found in the most widely deployed satellite communications terminals and presented potential scenarios attackers could exploit once SATCOM systems have been compromised in the aviation, maritime, and military sectors. In 2018, they demonstrated that some of these theoretical scenarios are, unfortunately, still actually possible.

A New Pacemaker Hack Puts Malware Directly On the Device (Wired, Aug 09 2018)
Researchers at the Black Hat security conference will demonstrate a new pacemaker-hacking technique that can add or withhold shocks at will.

Weakness in WhatsApp Enables Large-Scale Social Engineering (Dark Reading, Aug 09 2018)
Problem lies in WhatsApp’s validation of message parameters and cannot be currently mitigated, Check Point researchers say.

Fortnite for Android goes “off market” – is that good or bad? (Naked Security – Sophos, Aug 09 2018)
Fortnite for Android will sidestep Google Play and be an “off market” experience – is that good or bad? We discuss the issues…

A Clever Android Hack Takes Advantage of Sloppy Storage (Wired, Aug 12 2018)
The so-called man in the disk attack uses Android’s permissive external storage to wreak havoc on devices.

Bugs in Mobile Credit Card Readers Could Expose Buyers (Wired, Aug 09 2018)
Card readers used by popular companies like Square and PayPal have several security flaws that could result in customers getting majorly ripped off.

BlackBerry launches new ransomware recovery feature (Help Net Security, Aug 08 2018)
BlackBerry announced its BlackBerry Workspaces content collaboration platform, featuring a new ransomware recovery capability that allows organizations to recover from cyberattacks.