A Review of the Best News of the Week on AI, IoT, & Mobile Security

Google Play malware used phones’ motion sensors to conceal itself (Ars Technica, Jan 17 2019)
To elude emulators, banking trojan would trigger only when infected devices moved.

Researcher shows how popular app ES File Explorer exposes Android device data (TechCrunch, Jan 16 2019)
Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has more than 500 million downloads under its belt since 2014, making it one of the most used apps to date. Its simplicity makes it what it is: a simple file explorer that lets you browse through your Android phone or tablet’s file system for files, data, documents and more.

Researchers discover state actor’s mobile malware efforts because of YOLO OPSEC (Ars Technica, Jan 22 2019)
A nation-state’s hacking operations were exposed by WhatsApp and other communications uploaded from their own phones during malware testing, Lookout researchers revealed on January 19 at the Shmoocon security conference in Washington, DC.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Machine learning trumps AI for security analysts (Help Net Security, Jan 21 2019)
One of the biggest misconceptions regarding machine learning is that it can be referred to interchangeably with artificial intelligence (AI). While the idea of machine learning is a subset of AI, the two are different. AI is a blanket term for the simulation of human intelligence processes by machines, while machine learning is a way to use the concept of AI, but requires very little guidance from humans, aside from the initial algorithm.

Is the Ten Year Challenge a Facebook scam??? (Naked Security – Sophos, Jan 21 2019)
“Of course they would say that, wouldn’t they, but that doesn’t make it untrue. Like all good conspiracies, it’s impossible to prove that it’s not true, but I’d bet my last penny that Facebook isn’t behind this and, perhaps more importantly, I don’t think it actually matters.”

ACLU demands Justice Dept. reveal facial recognition tech use (SC Magazine, Jan 21 2019)
The American Civil Liberties Union (ACLU) and ACLU of Massachusetts are demanding the Justice Department reveal how the FBI and other federal law enforcement agencies are using facial recognition technology. The rights organization has filed a Freedom of Information Act (FOIA) request to compel the department about the use of the technology “and what safeguards,…

Quantum-embedded chips could secure IoT (Network World Security, Jan 17 2019)
An unclonable, quantum physics-driven microprocessor might be the solution to securing the Internet of Things.

We Want IoT Security Regulation,’ Say 95% of IT Decision-Makers (Dark Reading, Jan 17 2019)
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.

Mitsubishi Develops Cybersecurity Technology for Cars (SecurityWeek, Jan 22 2019)
Japanese electronics and electrical equipment giant Mitsubishi Electric Corporation on Monday unveiled new technology designed to protect connected vehicles against cyber threats.

Vulnerability Allowed Fortnite Account Takeover Without Credentials (SecurityWeek, Jan 16 2019)
The rise of in-game marketplaces that can be used for buying and selling game commodities has attracted hackers who break into gamers’ accounts, steal their game commodities (and anything else they can find from personal data to parents’ bank card details) and sell them on for cash.

Google cracks down on access to your Android phone and SMS data (Naked Security – Sophos, Jan 18 2019)
Android apps that want access to your call and SMS data now have to pass muster with Google’s team of reviewers.

Senator Wyden Hammers T-Mobile For Empty Promises on Sale of Cell Phone Location Data (Motherboard, Jan 18 2019)
The Senator expressed “disappointment” and “disbelief” at CEO John Legere’s unfulfilled promise to end the sale of geolocation data to “shady middlemen.”

WhatsApp fights the spread of deadly fake news with recipient limit (Naked Security – Sophos, Jan 22 2019)
WhatsApp has capped the number of people you can forward messages to, after India was seized by rumour-inspired mob lynchings.

Twitter exposed some Android users’ protected tweets, and didn’t notice for over four years (Graham Cluley, Jan 21 2019)
Twitter has owned up to a privacy goof that exposed some Android users’ private tweets.