A Review of the Best News of the Week on AI, IoT, & Mobile Security
Google AI Ethics Council Is Falling Apart After a Week (Bloomberg, Apr 01 2019)
Google recently appointed an external ethics council to deal with tricky issues in artificial intelligence. The group is meant to help the company appease critics while still pursuing lucrative cloud computing deals. In less than a week, the council is already falling apart, a development that may jeopardize Google’s chance of winning more military cloud-computing contracts.
Researchers Find Google Play Store Apps Were Actually Government Malware (Motherboard, Mar 29 2019)
Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android’s Play Store. And they appear to have uncovered a case of lawful intercept gone wrong.
NIST’s Ron Ross on the state of cyber: ‘We literally are hemorrhaging critical information’ (Fifth Domain, Apr 02 2019)
“So, if you’ve got a whizzbang application and you tell me it’s a trusted application, but it runs on an untrusted operating system, it’s game over. Any AI program that you’re running at the application level is totally going to be bogus information. You can’t trust it if the adversary’s already taken control of your system with a root kit. Now, if you can build a trusted platform and take advantage of artificial intelligence, machine learning, you’ve got a great brave new world there. “
Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.
Status of AI implementation at automotive organizations (Help Net Security, Mar 29 2019)
Just 10 percent of major automotive companies are implementing artificial intelligence (AI) projects at scale, with many falling short of an opportunity that could increase operating profit by up to 16 percent. Fewer automotive companies are implementing AI than in 2017, despite the cost, quality and productivity advantages.
Project Skyborg Could Put Air Force AI Combat Drones In the Sky by 2023 (Tom’s Guide, Apr 01 2019)
A set of AI-powered fully autonomous combat drones with no pilots named Skyborg? Great idea.
Security remains a top concern for IoT executives, but small fixes can shore up ecosystem resilience (Help Net Security, Mar 28 2019)
66 percent of companies say their c-suite executives are supportive of their IoT implementation, but even with strong support they noted there are hurdles to overcome.
Microsoft Tackles IoT Security with New Azure Updates (Dark Reading, Mar 28 2019)
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.
New Android Trojan Targets 100+ Banking Apps (Dark Reading, Mar 28 2019)
Gustuff’ also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.
Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store (Motherboard, Apr 01 2019)
Italian government authorities have launched an inquiry into eSurv, a company that made spyware apps that it concealed as legitimate and innocuous-looking apps on the Google Play Store.
Grindr Dating App Deemed Security Risk (Infosecurity Magazine, Mar 27 2019)
Chinese company looks for buyer of its LGBTQ dating app.
EU ignores US call to ban Huawei in 5G rollout (SC Magazine, Mar 27 2019)
The European Union is ignoring the United States call to ban Huawei over cyber espionage fears and on Tuesday recommended a set of security guidelines for the rollout of its 5G networks.
Firefox brings Lockbox password manager to Android’s autofill (Naked Security – Sophos, Mar 28 2019)
All your saved Firefox passwords, now happily inserting themselves into your Android-verse!
In the Race Toward Mobile Banking, Don’t Forget Risk Management (Dark Reading, Apr 01 2019)
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
Risks in Hidden UC Browser for Android Feature (Infosecurity Magazine, Mar 28 2019)
Researchers noted that UC Browser for Android and UC Browser Mini for Android applications have the hidden ability to download and install extra modules from their own servers using unprotected channels and bypassing Google Play’s servers altogether, a clear violation of the rules of the Google Play store.
Recovering Smartphone Typing from Microphone Sounds (Schneier on Security, Apr 01 2019)
“We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air. We found the device’s microphone(s) can recover this wave and “hear” the finger’s touch, and the wave’s distortions are characteristic of the tap’s location on the screen.”
Nuanced Approach Needed to Deal With Huawei 5G Security Concerns (Dark Reading, Apr 01 2019)
Governments need to adopt strategic approach for dealing with concerns over telecom vendor’s suspected ties to China’s intelligence apparatus, NATO-affiliated body says.
Congress Stops NSAs Collecting Phone Records (Infosecurity Magazine, Apr 01 2019)
There is bipartisan support for an act to end mass collection of phone records metadata.
Right to Repair Is Now a National Issue (Wired, Apr 01 2019)
Opinion: Elizabeth Warren endorsed Right to Repair for farm equipment, pushing the cause to a new level of prominence.