A Review of the Best News of the Week on AI, IoT, & Mobile Security

China’s Huawei has big ambitions to weaken the US grip on AI leadership (MIT, Mar 05 2019)
In spite of tensions with the US and its allies, Huawei is rapidly building a suite of AI offerings unmatched by any other company on the planet.

1 Million Apps Patched in Android Security Improvement Program (Infosec Island, Mar 01 2019)
Over its five-year lifetime, the Android Application Security Improvement Program helped over 300,000 developers to fix more than 1,000,000 apps on Google Play, Google says.

DOD’s AI Strategy Aims to Preserve America’s Strategic Edge (WashingtonExec, Mar 05 2019)
“Failure to adopt AI will result in legacy systems irrelevant to the defense of our people, eroding cohesion among allies and partners, reduced access to markets that will contribute to a decline in our prosperity and standard of living, and growing challenges to societies that have been built upon individual freedoms,” it says.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Stay Ahead of the Curve by Using AI in Compliance (Dark Reading, Feb 27 2019)
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.

An AI solution to the cyber labor squeeze? (SC Magazine, Mar 04 2019)
Can hype-scarred cybersecurity pros dare to be hopeful about artificial intelligence as a means to ease the acute information security labor shortage? The answer is a highly qualified “yes,” say several industry players usually skeptical of trendy cyber solutions but who are on the lookout for any tech that promises greater efficiency for labor-intensive grunt work.

IoT, APIs, and Criminal Bots Pose Evolving Dangers (Dark Reading, Feb 27 2019)
Both reports point out Internet of Things (IoT) devices as particularly vulnerable when it comes to recruitment into these criminal botnets. Netscout’s report points out that IoT devices are especially vulnerable to brute-force attacks, since so many either have hard-coded user names and passwords or interfaces so primitive that they encourage owners to use simple credentials.

Researchers and businesses need to work together to expose IoT vulnerabilities (Help Net Security, Feb 28 2019)
A vulnerability within BoxLock smart padlock enables hackers to unlock the device within a few seconds, and a vulnerability within the Mr. Coffee brand coffee maker with Wemo grants hackers access to home networks…Set-up a secondary network for your IoT devices that doesn’t share access to your primary network and the devices and data connected thereto

Protecting the IoT: 3 things you must include in an IoT security plan (Network World Security, Feb 27 2019)
This is the biggest no brainer in security today. Fortinet’s John Maddison recently talked with me about how segmentation adds flexibility and agility to the network and can protect against insider threats and spillover from malware that has infected other parts of the network. He was talking about it in the context of SD-WAN, but it’s the same problem, only magnified with IoT.

The Latest in Creepy Spyware (Schneier on Security, Mar 04 2019)
The Nest home alarm system shipped with a secret microphone, which — according to the company — was only an accidental secret: On Tuesday, a Google spokesperson told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the spokesperson said. “That was an error on our part.” Where are the consumer protection agencies? They should be all over this.

Google temporarily shuts down Android TV photo sharing after privacy bug (Ars Technica, Mar 04 2019)
A user was apparently able to see hundreds of Google Photo accounts.

Holes in 4G and 5G Networks Could Let Hackers Track Your Location (Wired, Feb 26 2019)
New research shows how nearby attackers can see where you are, send you spoofed carrier messages, and more.

For sale: iPhone hacking tool, one previous (not very careful) owner (Naked Security – Sophos, Mar 01 2019)
At $100, the old-gen iPhone encryption-cracking tools are a bargain to hackers looking to pick up leftover forensics or police Wi-Fi data.

CrowdStrike Debuts Mobile Threat Detection System at RSA Conference (Dark Reading, Mar 04 2019)
Falcon for Mobile offers detection and response capabilities for mobile platforms.