A Review of the Best News of the Week on AI, IoT, & Mobile Security

P2P Weakness Exposes Millions of IoT Devices (Krebs on Security, Apr 26 2019)
“A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.”

Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps (Motherboard, Apr 24 2019)
“I can absolutely make a big traffic problem all over the world,” the hacker said.

The SIM Swap Fix That the US Isn’t Using (Wired, Apr 26 2019)
While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

Fooling Automated Surveillance Cameras with Patchwork Color Printout (Schneier on Security, Apr 29 2019)
Nice bit of adversarial machine learning.

Gaining Control of Security and Privacy to Protect IoT Data (Infosec Island, Apr 24 2019)
It’s a matter of who is in control of our data. Today, IoT device manufacturers and businesses are in control. In the future, we must be in control of our own information.

IoT Set to Put Strain on Cyber Skills Market (infosecurity Magazine, Apr 25 2019)
Demand soars for industry roles

IoT Security Firm VDOO Raises $32 Million (SecurityWeek, Apr 25 2019)
VDOO Connected Trust, an Israel-based company that specializes in securing embedded devices and Internet of Things (IoT) products, on Wednesday announced that it raised $32 million in a Series B funding round.

Researchers develop new technique to identify malware in embedded systems (Help Net Security, Apr 29 2019)
The new detection approach works by tracking power fluctuations in embedded systems.

Hacking our way into cybersecurity for medical devices (Help Net Security, Apr 30 2019)
Some have suggested that a hospital should revert to emergency protocols (i.e. pencil and paper mode) to operate during a cyber attack, as occurred when parts of the NHS were shut down due to WannaCry. This can limit the impact of attacks on elective procedures, but what about patients with urgent needs?

Securing edge devices – how to keep the crooks out of your network (Naked Security – Sophos, Apr 30 2019)
The Good Guys from the Cyber Threat Alliance just published a report to help you keep the Bad Guys out of your network

Malware Makes Itself at Home in Set-Top Boxes (Dark Reading, Apr 26 2019)
Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.

UK Government Allows Huawei to Provide ‘Non-Core’ 5G Kit (Infosecurity Magazine, Apr 24 2019)
Theresa May over-rules ministerial concerns over Chinese spying

Automate your mobile application security without the staff (SC Magazine, Apr 24 2019)
The risk of data security vulnerabilities in mobile apps and the potential for a breach of regulatory requirements are higher than ever. This is creating an imperative need to innovate the process for application security for mobile applications.

In Letters To Senate, Wireless Carriers Downplay Their Latest Location Data Scandal (Motherboard, Apr 25 2019)
Carriers insist location data scams are rare and they do their best to police them. Government investigators may want to confirm that claim.

Mozilla to Apple: Protect user privacy with rotating phone IDs (Naked Security, Apr 25 2019)
Mozilla has criticized Apple for its latest privacy marketing campaign, urging it to provide more automatic protection for users behind the scenes.

Google Bans Chinese Developer from Play Store (Infosecurity Magazine, Apr 29 2019)
DO Global applications reportedly has been removed from Google Play.

Apple: We Banned Parental Control Apps for Security Reasons (Infosecurity Magazine, Apr 29 2019)
Cupertino giant claims invasive MDM feature was to blame

Huawei denies existence of ‘backdoors’ in Vodafone networking equipment (ZDNet, Apr 30 2019)
The ‘hidden backdoors” reportedly could have been used to spy on Vodafone’s infrastructure. Huawei says otherwise.