A Review of the Best News of the Week on AI, IoT, & Mobile Security

Apple patches FaceTime bug and pays teenager who uncovered it (WeLiveSecurity, Feb 12 2019)
While the bounty amount has not yet been disclosed, Apple have said that, on top of a monetary reward, it will also provide a gift that will go towards his education.

How Hackers and Scammers Break into iCloud-Locked iPhones (Motherboard, Feb 06 2019)
In a novel melding of physical and cybercrime, hackers, thieves, and even independent repair companies are finding ways to “unlock iCloud” from iPhones.

Will Trump’s New Artificial Intelligence Initiative Make The U.S. The World Leader In AI? (Forbes, Feb 12 2019)
The tech world got a surprise on Monday when the Trump administration announced an executive order that would create an American AI Initiative designed to dedicate resources and funnel investments into research on artificial intelligence (AI). But what does it all mean?

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Why the US Needs a Strategy for AI (Wired, Feb 11 2019)
Opinion: With its American AI Initiative, the White House is devoting funding, research, and data infrastructure to boosting our prowess in artificial intelligence.

A.I. Shows Promise as a Physician Assistant (The New York Times, Feb 12 2019)
A so-called neural network analyzed the medical records of 600,000 hospital patients in China, diagnosing their conditions as accurately as doctors did in some cases.

Backed by Benchmark, Blue Hexagon just raised $31 million for its deep learning cybersecurity software (TechCrunch, Feb 06 2019)
Blue Hexagon has created a real-time, cybersecurity platform that he says can detect known and unknown threats at first encounter, then block them in “sub seconds” so the malware doesn’t have time to spread.

UK Launches £6m IoT Security Competition (Infosecurity Magazine, Feb 05 2019)
Government is looking for innovative ideas from British firms

Digital signs left wide open with default password (Naked Security – Sophos, Feb 06 2019)
One thing the world doesn’t need: hackers who can broadcast to billboards of any size, be they PC monitor- or Godzilla-sized.

Half of IoT devices let down by vulnerable apps (Naked Security – Sophos, Feb 05 2019)
Half of the apps used to control a range of Internet of Things devices are insecure in a variety of ways, researchers found.

Amazon’s Home Security Company Is Turning Everyone Into Cops (Motherboard, Feb 07 2019)
Neighbors, a social media crime-reporting app owned by Amazon, creates a digital ecosystem in which you are encouraged to assume the worst about your neighbors—and people of color are once again being harmed.

Refrigeration Systems Used by Supermarkets, Hospitals Left Exposed Online (SecurityWeek, Feb 08 2019)
Thousands of instances of a temperature control system are exposed to remote attacks from the internet due to users’ failure to change default passwords and implement other security measures.

The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop (Wired, Feb 12 2019)
A hacker can accelerate Xiaomi M365 scooter—or hit the breaks—while a rider is on it.

What A-GPS Data Is (and Why Wireless Carriers Most Definitely Shouldn’t Be Selling It) (Motherboard, Feb 07 2019)
A Motherboard investigation found that telecom companies are selling their customers’ “assisted GPS” data, which is intended for first responders answering 911 calls.

Android vulnerabilities open Pie to booby-trapped image attacks (Naked Security – Sophos, Feb 08 2019)
A trio of bugs could have opened Android 7, 8 and 9 to remote attackers wielding booby-trapped image files. Here’s what you need to know…

iPhone apps record your screen sessions without asking (Naked Security – Sophos, Feb 08 2019)
Absent from privacy policies, the tracking came to light after a breach with Air Canada’s mobile app, then password slurping from Mixpanel.

‘Clipper’ malware that alters crypto wallet addresses slips into Play Store (SC Magazine, Feb 11 2019)
Google’s Play Store unknowingly hosted a fake cryptocurrency app that actually modifies users’ crypto wallet addresses once they’re copied to the clipboard, researchers are reporting.

Google’s Making It Easier to Encrypt Even Cheap Android Phones (Wired, Feb 07 2019)
Adiantum will help millions of low-end Android smartphones receive the same encryption protections as flagships.