A Review of the Best News of the Week on AI, IoT, & Mobile Security

Lock screen bypass already discovered for Apple’s iOS 12 (Naked Security-Sophos, Oct 02 2018)
Apple’s iOS 12 is barely out of the gates and already someone has found a way to beat its lock screen security to access a device’s contents.

California Enacts First-in-Nation IoT Security Law (Dark Reading, Oct 01 2018)
The new law requires some form of authentication for most connected devices.

Security Flaw Found in Apple Mobile Device Enrollment Program (Dark Reading, Sep 27 2018)
Authentication weakness in Apple’s DEP could open a window of opportunity for attackers.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Artificial Intelligence and Cyber Security (KuppingerCole, Oct 02 2018)
In general, the term AI refers to systems that “simulate thought processes to assist in finding solutions to complex problems through augmentation and enhancement of human capabilities”. The challenges of AI at the state of the art are threefold:
1) The application of common sense – a human applies a very wide context to decision making whereas AI systems tend to be very narrowly focussed and so sometimes reach what the human would consider to be a stupid conclusion.
2) Explanation – of how the conclusions were reached by the AI system to demonstrate that they are valid and can be trusted.
3) Responsibility –for action based on the conclusions from the system.

Darktrace Raises $50 Million at $1.65 Billion Valuation (SecurityWeek, Sep 26 2018)
UK-based Darktrace announced late on Wednesday that it has raised $50 million in a Series E funding round that values the company at $1.65 billion.

New tools from IBM and Google reveal it’s hard to build trust in AI (Help Net Security, Oct 01 2018)
Despite each solution not being enough to solve the overall problem, what these two highly divergent solutions point to, is the necessity of a multi-pronged approach to building trust in AI; first in the underlying data, next in the model and algorithms, and finally, in the final solution running in the wild.

Practical application of artificial intelligence that can transform cybersecurity (Microsoft Secure, Sep 05 2018)
AI will become predictive as it learns what is normal and what isn’t normal. You can then automate responses via tooling that will allow your admins to focus only on the highest value tasks. AI will reduce the workload of security administrators in the short term, reducing duplication and increasing efficacy of signal.

The WAF backed by artificial intelligence (AI) (Network World, Oct 02 2018)
More and more, AI and ML solutions are beginning to surface as major successes against the DDoS and more specifically against the application DDoS world.

Smart homes, dumb devices: Making the IoT safe (Help Net Security, Sep 25 2018)
Device identification powered by AI allows for devices to be identified and put into granular device types. These detailed device categorizations allow for building precise patterns of device behavior on the network.

Woman hijacked CCTV cameras days before Trump inauguration (Naked Security – Sophos, Sep 25 2018)
The ransomware attack on DC’s outdoor surveillance cameras came just a few days before the 2017 inauguration of President Trump.

PKI Use is Main Driver for IoT Security (Infosecurity Magazine, Sep 26 2018)
Now, the C-suite is challenging its teams to leverage IoT to improve and drive business. With this comes the increased risk of more endpoints to protect, and the need to understand the role of PKI as a critical enabler.

Researchers See Improvements in Vehicle Cybersecurity (SecurityWeek, Sep 26 2018)
Data from vulnerability assessments conducted by security consulting firm IOActive in the past years shows some improvements in vehicle cybersecurity.

Hackers are finding creative ways to target connected medical devices (Help Net Security, Sep 28 2018)
By simply monitoring the network traffic for common error messages, hackers can gain valuable insight into the inner workings of a device’s application; the type of web server, framework and versions used; the manufacturer that developed it; the database engine in the back end; the protocols used; and even the line of code that is causing the error. Hackers can also target specific devices to induce error messages.

Hide ‘N Seek IoT Botnet Now Targets Android Devices (SecurityWeek, Sep 28 2018)
After being observed targeting smart homes just two months ago, the Hide ‘N Seek Internet of Things (IoT) botnet is now capable of infecting Android devices.

Meet Torii, a Stealthy, Versatile and Highly Persistent IoT Botnet (SecurityWeek, Sep 28 2018)
There’s a new Internet of Things (IoT) botnet lurking around, a stealthy one that attempts to achieve persistence by running six different routines at once

Mobile Websites Can Tap Into Your Phone’s Sensors Without Asking (Wired, Sep 26 2018)
Apps need your explicit permission to access your smartphone’s motion and light sensors. Mobile websites? Not so much.

Booz Allen launches District Defend, new location-aware technology (Help Net Security, Sep 27 2018)
Booz Allen Hamilton announced the availability of new mobility technology — District Defend — that uses security protocols to make the management of mobile devices like tablets in sensitive and classified environments easier and less complex.

Android password managers vulnerable to phishing apps (Naked Security – Sophos, Sep 28 2018)
The flaw is that package names can be spoofed – all the attacker has to do is create a fake app with the correct package name and the password manager will trust it enough to present the correct credentials.

Crypto-Miners Slip Into Google Play (SecurityWeek, Sep 26 2018)
While Google doesn’t allow crypto-currency mining applications in Google Play, some developers have found a way to push such programs to the storefront: by hiding their true purpose.

WhatsApp cofounder: “I sold my users’ privacy” (Naked Security – Sophos, Sep 28 2018)
Regretful WhatsApp cofounder Brian Acton has joined the ranks of the Silicon Valley mea-culpa-rati.