A Review of the Best News of the Week on AI, IoT, & Mobile Security

An Android Vulnerability Went Unfixed for Over Five Years (Wired, Mar 20 2019)
Older Android devices—of which there are over 100 million still in use—will remain exposed.

Triton and the new wave of IIoT security threats (Network World Security, Mar 22 2019)
Triton malware, which can shut down industrial safety systems, causing damage to facilities and threatening human life, targets the industrial internet of things.

The privacy risks of pre-installed software on Android devices (Help Net Security, Mar 22 2019)
The study encompasses 82,000 pre-installed apps in more than 1,700 devices manufactured by 214 brands, revealing the existence of a complex ecosystem of manufacturers, mobile operators, app developers and providers, with a wide network of relationships between them. This includes specialized organizations in user monitoring and tracking and in providing Internet advertising.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Hacker AI vs. Enterprise AI: A New Threat (Dark Reading, Mar 21 2019)
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.

New ratings point to keyless cars that can stand up to relay attacks (Naked Security – Sophos, Mar 25 2019)
Researchers rated six of the 11 newly launched cars as being easy to open up and drive off with a cheap relay device anyone can buy online.

Medtronic cardiac implants can be hacked, FDA issues alert (Naked Security – Sophos, Mar 25 2019)
Two serious flaws in the telemetry protocol could allow a hacker to control vulnerable Implantable Cardioverter Defibrillators (ICDs).

Apple fixed some interesting bugs in iOS and macOS (Help Net Security, Mar 26 2019)
In addition to announcing a number of new products and subscription services, Apple has released security updates for iOS, macOS, Safari, tvOS, iTunes, iCloud, and Xcode.

New Settings Help Hackers Test Facebook Mobile Apps (SecurityWeek, Mar 26 2019)
Facebook last week announced that it introduced new settings designed to make it easier for white hat hackers to test the security of its mobile applications.

Machines Shouldn’t Have to Spy On Us to Learn (Security Latest, Mar 26 2019)
We need a breakthrough that allows us to reap the benefits of AI without savaging data privacy.

Mobile App Security Firm Blue Cedar Raises $17 Million (SecurityWeek, Mar 19 2019)
Blue Cedar’s technology is designed to help mobile application developers secure their products by allowing them to easily integrate encryption, authentication and other security services without requiring them to write any code.

Opera brings back free VPN service to its Android browser (Naked Security – Sophos, Mar 21 2019)
Opera lost its Android browser’s VPN after it was sold to a Chinese consortium, but now it’s back.

Iphone malvertising app downloaded millions of times calls 22 known malicious servers (SC Magazine, Mar 21 2019)
A compromised iPhone App was found to be using malware to infect users by calling 22 known malicious domains.

Consumers willing to dump apps that collect private data, but can’t tell which are doing so (Help Net Security, Mar 25 2019)
Two in three consumers are willing to dump data-collecting apps if the information collected is unrelated to the app’s function, or unless they receive real value

Popular family tracking app exposed real-time location data onto the internet – no password required (Graham Cluley, Mar 25 2019)
More than 238,000 individuals users have had their family’s real-time location exposed for weeks on end after an app developer left sensitive data exposed on the internet, without a password.