A Review of the Best News of the Week on AI, IoT, & Mobile Security

Intra Gives Older Versions of Android Important DNS Protections (Wired, Oct 03 2018)
In Android 9, also known as Android Pie, Google has added a feature called Private DNS to start encrypting DNS on mobile. But for all the Android devices that won’t get an OS upgrade for awhile—or ever—the Alphabet subsidiary Jigsaw is releasing a free mobile app called Intra that can offer that additional layer of web protection to billions of mobile browsers around the world.

Conspiracy Theories Around the “Presidential Alert” (Schneier on Security, Oct 04 2018)
Noted conspiracy theorist John McAfee tweeted: “…The “Presidential alerts”: they are capable of accessing the E911 chip in your phones…” This is, of course, ridiculous. I don’t even know what an “E911 chip” is. And — honestly — if the NSA wanted in your phone, they would be a lot more subtle than this.

California’s ban on weak default passwords isn’t going to fix IoT security (Graham Cluley, Oct 09 2018)
“Legislation which demands manufacturers adopt unique passwords, rather than hardcoded defaults still too commonly-seen today, may help prevent the problem of dictionary-based attacks and hackers attempting to gain entry by using databases of common passwords – but it doesn’t mean there won’t be any IoT devices using Telnet anymore. It also won’t address other problems such as IoT devices with weak or non-existent encryption, or internet-enabled technology which has no updating infrastructure if a vulnerability is found in the future.”

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Teach Your AI Well: A Potential New Bottleneck for Cybersecurity (Dark Reading, Oct 08 2018)
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.

How Enterprises Can Help Build Ethical AI Strategies (eWEEK, Oct 09 2018)
We’re now confronted with a global need to make best of use of all this new, more intelligent IT; specifically, how to educate our communities on how to apply guard rails that will ensure the use of AI as both ethical and beneficial to all.

Why IoT Deployments Are Stalled in the Fortune 2000 (eWEEK, Oct 09 2018)
The biggest barrier to effective IoT implementation is lack of internal expertise and skills, according to 31 percent of respondents. Other barriers include the inability to manage and process large volumes of data (29 percent), integration issues (28 percent) and too many legacy systems (28 percent).

100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials (Dark Reading, Oct 03 2018)
The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.

Most Home Routers Are Full of Vulnerabilities (Dark Reading, Oct 05 2018)
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.

Fitbit data leads to arrest of 90-year-old in stepdaughter’s murder (Naked Security – Sophos, Oct 08 2018)
Her device recorded her heart rate slowing rapidly, then stopping about five minutes before her stepfather left the house.

New Splunk IoT Solution Helps Secure ICS (SecurityWeek, Oct 05 2018)
Splunk this week unveiled a new solution designed to help industrial organizations protect control systems, monitor and diagnose equipment, and predict downtimes.

Apple fixes iOS 12 passcode bypass vulnerabilities (Help Net Security, Oct 09 2018)
Apple has released security updates to address a number of vulnerabilities in iCloud for Windows and iOS, some of which can be exploited by attackers to take control of an affected system.

Fortnite Cheaters Tempted with Data-Stealing Malware (Infosecurity Magazine, Oct 03 2018)
Researcher warns of booby-trapped YouTube vid

When Good Apps Go Bad: Protecting Your Data Through App Permissions (SecurityWeek, Oct 03 2018)
Just this month, researchers from GuardianApp revealed a list of 24 notable iOS apps that have been used to “covertly collect precise location histories from tens of millions of mobile devices.” Also this month, Apple removed several anti-malware apps from its Mac App Store after they discovered they were exporting users’ data back to a server in China.

Wickr Announces General Availability of Anti-Censorship Tool (SecurityWeek, Oct 04 2018)
In some countries such as Saudi Arabia and UAE, says Wickr, enterprise deployments may be difficult because of the national Telco’s monopoly over networks. They restrict various end points and UDP, so all traffic goes through them for monetization or tracking purposes. As a result, some customers have to deploy outside of their region (such as India), to avoid having UDP packets get rate-limited and their tools rendered unusable.

BlackBerry races ahead of security curve with quantum-resistant solution (TechCrunch, Oct 04 2018)
The downside of these powerful machines is that they could be strong enough to break conventional cryptography schemes. Today, BlackBerry announced a new quantum-resistant code signing service to help battle that possibility.

Phantom Secure CEO sold encrypted phones to drug cartels (Naked Security – Sophos, Oct 08 2018)
The CEO of “uncrackable” phone seller, Phantom Secure, has pleaded guilty to helping drug sellers keep their business locked away from the eyes of law enforcement.

Attackers use voicemail hack to steal WhatsApp accounts (Naked Security – Sophos, Oct 08 2018)
The Israeli National Cybersecurity Authority issued an alert warning that WhatsApp users could lose control of their accounts.

Mobile security threats: Lack of visibility is putting businesses at risk (Help Net Security, Oct 09 2018)
The study showed that nearly 50 percent of mobile workers spend the majority of their worktime connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, over 60 percent lack tools to audit when a device connects to a third-party network. Over half of the companies were also unsure how to even monitor device data traffic and to which servers users were connected to, beyond their corporate firewalls.

BBC Reports Over 170 Devices Lost or Stolen (Infosecurity Magazine, Oct 09 2018)
Past two years saw devices costing over £100K go missing