A Review of the Best News of the Week on AI, IoT, & Mobile Security

Cell Phone Security and Heads of State (Schneier on Security, Oct 30 2018)
There are two basic places to eavesdrop on pretty much any communications system: at the end points and during transmission. This means that a cell phone attacker can either compromise one of the two phones or eavesdrop on the cellular network. Both approaches have their benefits and drawbacks.

The Enduring Password Conundrum (SecurityWeek, Oct 24 2018)
Earlier this month, the State of California made headlines by passing legislation that will require hardware manufacturers to implement unique hardcoded passwords for every connected device they produce and force users to change it upon first use. The bill, which takes effect in January 2020, renewed the debate surrounding our continued reliance on passwords as the primary method for access control and authentication.

The AI Cold War That Could Doom Us All (Wired, Oct 25 2018)
Artificial intelligence could be the ultimate authoritarian tool. But one thing’s for sure: Charging into an AI arms race against China is a huge mistake.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

AI in Motion: designing a simple system to see, understand, and react in the real world (Part III) (Google Cloud Blog, Oct 22 2018)
“In the first two posts of this blog series, we covered the design and architecture of our AI in Motion demo project, walked step by step through how we generated data, and explained how we selected and trained a model. In this final edition, we’ll show how we deployed the two models to devices, and how we were able to achieve near real-time predictions that led to entertaining and educational gameplay.”

A global ethics study aims to help AI solve the self-driving “trolley problem” (MIT Technology Review, Oct 25 2018)
Millions of people across 233 countries weighed in on who’s lives self-driving cars should prioritize, revealing how much cross-cultural ethics diverge.

Most security professionals fear AI attacks (Help Net Security, Oct 25 2018)
…82 percent of security professionals are concerned about the possibility of attackers using AI against their company, with stolen data (50 percent), loss of customer trust (19 percent), unstable business performance (16 percent) and cost implications being the greatest feared outcomes. As a result, nearly 60 percent of security leaders are apprehensive about adopting AI technology within their organizations.

DeepPhish: Simulating Malicious AI to Act Like an Adversary (Dark Reading, Oct 26 2018)
How researchers developed an algorithm to simulate cybercriminals’ use of artificial intelligence and explore the future of phishing.

The Role of Artificial Intelligence in IoT and OT Security (CSO Online, Oct 30 2018)
Learn about the expanding role of artificial intelligence’s in cybersecurity, as well as its impact on the security posture of IoT, and how cybercriminals are laying the groundwork for adopting AI as well.

Mirai Co-Author Gets 6 Months Confinement, $8.6M in Fines for Rutgers Attacks (Krebs on Security, Oct 29 2018)
“The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University, his alma mater.”

Security Vulnerability in Internet-Connected Construction Cranes (Schneier on Security, Oct 29 2018)
US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a security bug that could allow a nearby attacker to wirelessly hijack the equipment.

IoT Bot Landscape Expands, Attacks Vary by Country (Dark Reading, Oct 23 2018)
New report finds 1,005 new user names and passwords beyond Mirai’s original default list two years ago.

Early adopter paradox: Consumers most excited about IoT are also most aware of privacy risks (Help Net Security, Oct 25 2018)
The consumers most eager to purchase new connected devices tend to delay or avoid new IoT purchases due to privacy or security concerns. This early adopter paradox is creating an opportunity for operators who are already uniquely positioned to secure connected homes.

New Report: IoT Now Top Internet Attack Target (Dark Reading, Oct 29 2018)
IoT devices are the top targets of cyberattacks — most of which originate on IoT devices, new report finds.

Banking Trojans sneaked into Google Play store disguised as apps (WeLiveSecurity, Oct 30 2018)
Unlike the increasingly prevalent malicious apps relying purely on impersonating legitimate financial institutions and displaying bogus login screens, these apps belong to the category of sophisticated mobile banking malware with complex functionality and a heavy focus on stealth.

TimpDoor’ Malware Turns Android Devices into Proxies (SecurityWeek, Oct 25 2018)
A newly discovered piece of Android malware creates a Socks proxy on infected devices, potentially allowing access to internal networks, McAfee reports.

Trump’s Personal iPhone Would Be a National Security Risk (Wired, Oct 25 2018)
By using a personal iPhone instead of secured lines, President Trump makes it entirely too easy for China and Russia to spy.

Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme (BuzzFeed, Oct 26 2018)
…a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids.

“Right to repair” gets a boost from new DMCA software rules (Naked Security – Sophos, Oct 29 2018)
It just got easier for owners of a wide range of home devices to hack and repair their software.