A Review of the Best News of the Week on AI, IoT, & Mobile Security

Get Ready for the First Wave of AI Malware (SecurityWeek, Apr 09 2019)
“…over the next two to three years, I see six economically viable and “low hanging fruit” uses for AI infused malware – all focused on optimizing efficiency in harvesting valuable data, targeting specific users, and bypassing detection technologies.”-CSO of Microsoft’s Cloud and AI Security division

One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority (- The New York Times, Apr 16 2019)
In a major ethical leap for the tech world, Chinese start-ups have built algorithms that the government uses to track members of a largely Muslim minority group.

Amazon Workers Are Listening to What You Tell Alexa (Bloomberg.com, Apr 16 2019)
A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands. 

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Flickr tackling online image theft with new AI service (Naked Security – Sophos, Apr 12 2019)
Photo sharing website Flickr is trying to combat copyright infringement with a service that spots copies of its users’ images online.

How To Make Your Amazon Echo and Google Home as Private as Possible (Wired, Apr 11 2019)
With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship.

AWS Security releases IoT security whitepaper (AWS Security Blog, Apr 03 2019)
We’ve published a whitepaper, Securing Internet of Things (IoT) with AWS, to help you understand and address data security as it relates to your IoT devices and the data generated by them. The whitepaper is intended for a broad audience who is interested in learning about AWS IoT security capabilities at a service-specific level and for compliance, security, and public policy professionals.

Knock and don’t run: the tale of the relentless hackerbots (Naked Security – Sophos, Apr 09 2019)
If you have an IoT device in your home, you could be receiving an average of 13 login attempts to these devices per minute, according to Matt Boddy’s latest research.

New Mirai Variant Targets More Processor Architectures (SecurityWeek, Apr 09 2019)
A recently discovered variant of the Mirai malware is targeting more processor architectures than before, which allows it to attack a wider range of Internet of Things (IoT) devices, Palo Alto Networks security researchers reveal.

Regulating the IoT: Impact and new considerations for cybersecurity and new government regulations (Help Net Security, Apr 11 2019)
In 2019 we have reached a new turning point in the adoption of IoT – more markets and industries are migrating to a cloud-based infrastructure, and as the IoT continues to gain popularity and more devices and data move online, lawmakers and legislators around the globe are taking note.

Android 7.0+ Phones Can Now Double as Google Security Keys (Krebs on Security, Apr 11 2019)
“Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys, an additional authentication layer that helps thwart phishing sites and password theft.”

Why the US still won’t require SS7 fixes that could secure your phone (Ars Technica, Apr 11 2019)
The regulatory back door big telecom uses to weaken security regulation.

Companies are trying to crack down on shady apps that spy on partners, exes (Washington Post, Apr 11 2019)
Cybersecurity companies are pledging to help customers scrub “stalkerware” apps hidden in their phones after a digital activist raised an alarm about the tools some people use to spy on partners and exes.

New Android Malware Adds Persistence, Targets Australian Banking Customers (Dark Reading, Apr 10 2019)
Malware campaign, which finds and exfiltrates a user’s contact list and banking credentials, could potentially grow to global proportions.

MuddyWater’ APT Spotted Attacking Android (Dark Reading, Apr 10 2019)
Cyber espionage attack group adds mobile malware to its toolset.

App could have let attackers locate and take control of users’ cars (Naked Security – Sophos, Apr 11 2019)
A smartphone app used to control vehicles across North America left them wide open to attackers, it was revealed this week.