A Review of the Best News of the Week on AI, IoT, & Mobile Security
AI Is Now a Pentagon Priority. Will Silicon Valley Help? (The New York Times, Aug 28 2018)
The Defense Department, believing that A.I. research should be a national priority, has called on the White House to “inspire a whole of country effort.”
NIST’s New Advice on Medical IoT Devices (SecurityWeek, Aug 27 2018)
NIST has now responded to these concerns by publishing SP 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations.
Woman sues US border patrol over data copied from seized iPhone (Naked Security – Sophos, Aug 28 2018)
The Muslim American wants assurances that the data – including photos of her not wearing a hijab – are deleted.
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
Foundries.io promises standardized open source IoT device security (TechCrunch, Aug 21 2018)
“Our mission is solving the problem of IoT and embedded space where there is no standardized core platform like Android for phones,” Foundries.io CEO George Grey explained.
Using smart meter data constitutes a search, but court allows them anyway (Naked Security – Sophos, Aug 23 2018)
US cities using smart meters narrowly escaped a legal problem this month when a court decided that the benefits of these IoT devices outweighed the privacy issues created by collecting detailed home energy data.
Installing certificates into IoT devices (Microsoft Azure, Aug 16 2018)
“Lots of folks are moving to X.509 certificate-based authentication as they start to use the Azure IoT Hub Device Provisioning Service, which is great! But I’ve gotten lots of questions about what the best practices are, and how to go about doing it at scale.”
New Mirai Variants Leverage Open Source Project (Dark Reading, Aug 23 2018)
Aboriginal Linux gives Mirai new cross-platform capabilities – including Android.
Hacking smart plugs to enter business networks (Help Net Security, Aug 23 2018)
McAfee researchers have discovered a buffer overflow flaw in Belkin’s Wemo Insight Smart Plug that can be exploited by attackers to access and interfere with other networked devices and the network itself.
Trend Micro’s new program helps IoT device makers tackle risk at source (Help Net Security, Aug 23 2018)
Today it manages the bug bounty program with more than 3,500 external researchers complementing the internal team’s efforts. During the first half of 2018 alone, the ZDI published 600 advisories, a 33 percent increase compared to the same timeframe in 2017.
BlackIoT Aims to Disrupt the Power Grid (Infosecurity Magazine, Aug 23 2018)
Attackers exploiting high-wattage IoT devices could cause large-scale blackouts.
New Spyware Framework for Android Discovered (SecurityWeek, Aug 22 2018)
A newly identified spyware framework can be used to build extensive surveillance capabilities into Android applications, Bitdefender security researchers warn.
Wickr Adds New Censorship Circumvention Feature to its Encrypted App (Dark Reading, Aug 23 2018)
Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Babysitting app suffers ‘temporary data breach’ of 93,000 users (Naked Security – Sophos, Aug 23 2018)
Babysitting-booking app Sitter “temporarily” exposed the personal data of 93,000 account holders, according to a researcher who recently discovered the trove of data using the Shodan Internet of Things (IoT) search engine.
Facebook pulls its VPN from the iOS App Store after data-harvesting accusations (Graham Cluley, Aug 23 2018)
Facebook has withdrawn its Onavo Protect VPN app from the iOS App Store after Apple determined that it was breaking data-collection policies.
Read more in my article on the Hot for Security blog.
URL scheme vulnerabilities patched in Airmail 3 email client (SC Magazine, Aug 24 2018)
Developers behind the Airmail 3 email client for iPhone and Mac OS X have issued a software update after researchers from the security firm Versprite used reverse engineering to find vulnerabilities in its URL scheme.
Fortnite rewards players for enabling 2FA (SC Magazine, Aug 24 2018)
Fornite announced it will be awarding players who enable two-factor authentication (2FA) with a free Boogiedown emote in Fortnite Battle Royale.
WhatsApp: Mobile Phishing’s Newest Attack Target (Dark Reading, Aug 28 2018)
In 2018, mobile communication platforms such as WhatsApp, Skype and SMS have far less protection against app-based phishing than email.
Facebook Pulls Security App From Apple Store Over Privacy (SecurityWeek, Aug 27 2018)
Facebook has pulled one of its own products from Apple’s app store because it didn’t want to stop tracking what people were doing on their iPhones. Facebook also banned a quiz app from its social network for possible privacy intrusions on about 4 million users.