A Review of the Best News of the Week on AI, IoT, & Mobile Security

BlackBerry Doubles Down in $1.4B Acquisition of Cylance (Dark Reading, Nov 16 2018)
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

The rare form of machine learning that can spot hackers who have already broken in (MIT Technology Review, Nov 16 2018)
Darktrace’s unsupervised-learning models sound the alarm before intruders can cause serious damage.

iPhone X Exploits Earn Hackers Over $100,000 (SecurityWeek, Nov 14 2018)
The Zero Day Initiative’s Pwn2Own Tokyo hacking competition has come to an end, with participants earning over $300,000 for disclosing vulnerabilities affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

AI-generated ‘skeleton keys’ fool fingerprint scanners (Naked Security – Sophos, Nov 16 2018)
Artificial intelligence can be used to ‘grow’ fake fingerprints that pack in common features, fooling scanners.

AI Poised to Drive New Wave of Exploits (Dark Reading, Nov 16 2018)
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.

Congress Warned of Chinese IoT Security Threat (Infosecurity Magazine, Nov 15 2018)
Report recommends rigorous supply chain risk assessments

The perils of using voice commands with IoT machines (Network World Security, Nov 15 2018)
Combine the IoT, voice commands and machines, and you’re creating a potentially disastrous recipe of unintended consequences.

New Bluetooth Hack Affects Millions of Vehicles (Dark Reading, Nov 16 2018)
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.

One Million Kids Tracker Watches Deemed Unsafe (Infosecurity Magazine, Nov 16 2018)
Researchers find major flaws which could put children in danger

Judge asks if Alexa is witness to a double murder (Naked Security – Sophos, Nov 16 2018)
A judge has ordered Amazon to turn over any recordings an Echo device may have made around the time a horrific crime occurred.

Securing the IoT has become business-critical (Network World Security, Nov 16 2018)
Investments in IoT security can have significant positive business implications, a 
recent survey from DigiCert finds.

Helping researchers with IoT firmware vulnerability discovery (Help Net Security, Nov 19 2018)
“Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best security talent to find bugs, disclose them responsibly, and improve security for their customers. Without this transparency they exclude so many responsible researchers and enable threat actors…

Only 14% have complete organizational awareness of IoT threats (Help Net Security, Nov 20 2018)
According to the survey, current attacks are targeting office devices most, followed by manufacturing and the supply chain. When an attacker compromises these devices, they can also gain access to the greater corporate network to conduct even more damaging attacks.

New Vehicle Hack Exposes Users’ Private Data Via Bluetooth (SecurityWeek, Nov 19 2018)
People who have synced their mobile phones with a wide variety of vehicle infotainment systems may have have their personal information exposed to a new type of vehicle hack, security researchers say.

Thought you deleted your iPhone photos? Hackers find a way to get them back (Naked Security – Sophos, Nov 15 2018)
The hacking duo @fluoroacetate demonstrated zero-day exploits against phones from Apple, Samsung and Xiaomi at the recent Pwn2Own contest.

26M Texts Exposed in Poorly Secured Vovox Database (Dark Reading, Nov 16 2018)
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.

Google Scours the Internet for Dirty Android Apps (SecurityWeek, Nov 16 2018)
Google is analyzing all the apps that it can find across the Internet in an effort to keep Android users protected from Potentially Harmful Applications (PHAs).