A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google’s data charts path to avoiding malware on Android (WeLiveSecurity, Nov 12 2018)
How much higher are the odds that your device will be exposed to malware if you download apps from outside Google Play or if you use one of Android’s older versions? Google has the numbers

New IoT Security Regulations (Schneier on Security, Nov 13 2018)
Right now, we have a market failure. Because the courts have traditionally not held software manufacturers liable for vulnerabilities, and because consumers don’t have the expertise to differentiate between a secure product and an insecure one, manufacturers have prioritized low prices, getting devices out on the market quickly and additional features over security.

Gartner Lists Top 10 Strategic IoT Technologies, Trends Through 2023 (eWEEK, Nov 07 2018)
Gartner’s list of the 10 most strategic IoT technologies and trends that it expects will enable new revenue streams and business models during the next five years.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Hidden Costs of IoT Vulnerabilities (Dark Reading, Nov 06 2018)
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.

Consumer Reports Reviews Wireless Home-Security Cameras (Schneier on Security, Nov 07 2018)
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it’s reviewing wireless home-security cameras.

IT-to-OT Solutions That Can Bolster Security in the IIoT (Dark Reading, Nov 07 2018)
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.

New Spam Botnet Likely Infected 400,000 Devices (SecurityWeek, Nov 08 2018)
A newly discovered botnet that appears designed to send spam emails likely infected around 400,000 machines to date, 360 Netlab security researchers warn.

New Cloudflare DNS App Brings Increased Privacy for Mobile Devices (SecurityWeek, Nov 12 2018)
Web security and performance company Cloudflare is making it easier for smartphone users to secure their Internet connections, courtesy of a new DNS resolver app for mobile devices.

Android November update fixes flaws galore (Naked Security – Sophos, Nov 06 2018)
Android’s November security bulletin is here and there’s more to patch, and more urgency about applying them.

Google Removes Vulnerable Library from Android (SecurityWeek, Nov 07 2018)
Google this week released the November 2018 set of security patches for its Android platform, which address tens of Critical and High severity vulnerabilities in the operating system.

Chrome will start warning users about shady mobile subscription pages (Help Net Security, Nov 09 2018)
Starting with Chrome 71, users will be explicitly warned when attempting to visit pages that try to trick them into signing up for mobile-based subscription services.

iOS 12.1 Vulnerability (Schneier on Security, Nov 08 2018)
This is really just to point out that computer security is really hard: Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users’ contact information with no need for a passcode.

Does wiping your iPhone count as destroying evidence? (Naked Security – Sophos, Nov 13 2018)
Police say it’s a felony, but a woman arrested in connection with a drive-by shooting says she doesn’t even know how to remotely wipe.