A Review of the Best News of the Week on AI, IoT, & Mobile Security
How to Stop Google From Tracking Your Location (Wired, Aug 13 2018)
A new report shows that Google still tracks your location even if you thought you opted out.
Siri is listening to you, but she’s NOT spying, says Apple (Naked Security – Sophos, Aug 13 2018)
…Siri is not eavesdropping…iPhones can respond to voice commands without actually eavesdropping. It has to do with locally stored, short buffers that only wake up Siri if there’s a high probability that what it hears is the “Hey, Siri” cue.
Fake America great again (MIT Technology Review, Aug 18 2018)
Inside the race to catch the worryingly real fakes that can be made using artificial intelligence.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
IBM Describes AI-powered Malware That Can Hide Inside Benign Applications (SecurityWeek, Aug 13 2018)
DeepLocker is a methodology for hiding malware within a legitimate application in a manner that would prevent any researcher or threat hunter from knowing that it is there. But DeepLocker goes further. The key to unlocking and detonating the malware is the biometric recognition of a predefined target. This means that DeepLocker malware can be widely distributed to millions of users, but it will only ever activate against the precise target or targets.
Google Starts Beta Evaluation of New AI Developer Tools (eWEEK, Aug 13 2018)
AutoML Vision, AutoML Natural Language, and AutoML Translation are part of a Google effort to help developers more easily integrate AI capabilities in apps.
Accenture forms strategic alliance, invests in Chinese AI start-up Malong Technologies (Help Net Security, Aug 14 2018)
Malong’s product recognition and auto-tagging technology, ProductAI, lets machines “see” physical objects the way a person does. Retailers can use it to make product checkouts much more efficient and allow their customers to shop for items by taking a picture of it with their smartphones.
Five key security tips to avoid an IoT hack (Help Net Security, Aug 14 2018)
While layered security must remain the key priority, it is essential to understand that generic networking equipment and IoT devices are the weak link. They often have no continuous update program for firmware and software, low lifetime support, and insufficient computational power to host an antivirus or any other security agents.
Hacking Police Bodycams (Schneier on Security, Aug 15 2018)
Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras.
Smart homes can be easily hacked via unsecured MQTT servers (Help Net Security, Aug 20 2018)
The Message Queuing Telemetry Transport (MQTT) protocol is a messaging protocol that’s has been in use for almost two decades, mainly for industrial automation. It is often used to overcome the gap between different protocols, allowing different devices to communicate with each other.
Samsung announces new SmartThings mesh Wi-Fi system (Help Net Security, Aug 14 2018)
In an effort to eliminate the Wi-Fi buffering zone and prevent streaming latency, Samsung announced its new SmartThings Wifi mesh network system.
Brazilian banking customers targeted by IoT DNS hijacking attacks (SC Magazine, Aug 14 2018)
Attackers launched a DNS hijacking campaign targeting Brazilian bank customer credentials through the end-user IoT devices.
Botnet of Smart Heaters, ACs Can Cause Power Disruptions: Researchers (SecurityWeek, Aug 16 2018)
Wi-Fi enabled air conditioners, ovens, water heaters and space heaters that can be controlled remotely over the Internet are increasingly popular. The power usage of these devices ranges between 1,000 and 5,000 watts.
MadIoT PoC attacks leverage IoT devices to take out power grids (SC Magazine, Aug 17 2018)
Cybercriminals may soon be able to target entire power grids without using Stuxnet like malware to infiltrate critical infrastructure.
The security changes you can expect in iOS 12 (Naked Security – Sophos, Aug 21 2018)
We take a look at the beta version of iOS 12 and the security-related changes we can expect to see when it’s released in (probably) September.
Are your Android apps listening to you? (Naked Security – Sophos, Aug 15 2018)
This simple setup will help you discover if your apps are listening in on you.
50.5 million Sungy Mobile customers exposed through open ports (SC Magazine, Aug 15 2018)
Chinese app maker Sungy Mobile may have exposed the information of more than 50.5 million of its customers, according to researchers who were able to access dozens of the company’s databases through a pair of IP addresses that did not require any login credentials.
Australians who won’t unlock their phones could face 10 years in jail (Naked Security – Sophos, Aug 16 2018)
The Australian government wants to force companies to help it get at suspected criminals’ data. If they can’t, it would jail people for up to a decade if they refuse to unlock their phones.
Imposter ‘Fortnite’ Android Apps Are Already Spreading Malware (Wired, Aug 16 2018)
New analysis from mobile security firm Lookout shows that malware authors are taking full advantage of ‘Fortnite’ ditching the Google Play Store.
More problem apps found on Google Play (SC Magazine, Aug 17 2018)
A series of 68 apps created by five different publishers found on Google Play that promise capabilities like games, phone hacking and phone number but really deliver little or no functionality have been uncovered by a recent study.
Researchers Find New Fast-Acting Side-Channel Vulnerability (Dark Reading, Aug 17 2018)
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.