A Review of the Best News of the Week on AI, IoT, & Mobile Security

Half a face enough for recognition technology (ScienceDaily, May 01 2019)
Facial recognition technology works even when only half a face is visible, researchers have found.

Millions of consumer smart devices exposed by serious security flaw (Naked Security – Sophos, May 01 2019)
This IoT software flaw could render millions of consumer devices, including baby monitors and webcams, open to remote discovery and hijack.

Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data (VICE, May 04 2019)
The lawsuits come after a Motherboard investigation showed AT&T, Sprint, and T-Mobile sold phone location data that ended up with bounty hunters, and The New York Times covered an instance of Verizon selling data.


Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.


Rule Based Detection? – Anton Chuvakin (Gartner Blog Network, May 06 2019)
“One of the famous insults that security vendors use against competitors nowadays is ‘RULE – BASED.; In essence, if you want to insult your peers who, in your estimation, don’t spout ‘AI’ and ‘ML’ often enough, just call them ‘rule-based'”

Threat Intelligence Firms Look to AI, but Still Require Humans (Dark Reading, Apr 30 2019)
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.

Cameras with gun-detecting artificial intelligence to be installed in Christchurch’s Al Noor mosque (Stuff NZ, May 07 2019)
Authorities will be alerted within seconds if a threat similar to the March 15 attacks is detected.

Poor IoT Cybersecurity May Be Partly From Consumer, Business Penny Pinching Says Chamber (Forbes, May 01 2019)
The poor security of Internet of Things (IoT) devices from web-connected lightbulbs to refrigerators may be partly the result of penny pinching by consumer and business shoppers, the U.S. Chamber of Commerce told a Senate panel focusing on cybersecurity Tuesday.

UK Government Intros Landmark IoT Security Proposals (Infosecurity Magazine, May 02 2019)
New law would introduce clearer labeling and mandate improved built-in security

Diabetics are hunting down obsolete insulin pumps with a security flaw (Naked Security – Sophos, May 01 2019)
The flaw makes it possible to overwrite the devices’ programming and insert an algorithm that turns them into artificial pancreases.

D-Link camera vulnerability allows attackers to tap into the video stream (WeLiveSecurity, May 02 2019)
ESET researchers highlight a series of security holes in a device intended to make homes and offices more secure

UK Publishes Proposed Regulation for IoT Device Security (SecurityWeek, May 03 2019)
The UK government has published a consultation document on the proposed regulation of consumer IoT devices. The consultation is not designed to see whether regulation is necessary, but to help the government “make a decision on which measures to take forward into legislation.”

Flaws in the design of IoT devices prevent them from notifying homeowners about problems (Help Net Security, May 07 2019)
Design flaws in smart home Internet of Things (IoT) devices that allow third parties to prevent devices from sharing information have been identified by researchers at North Carolina State University.

Android users: watch out for this fake address bar trick (Naked Security – Sophos, Apr 30 2019)
When is an address bar not an address bar? When it’s a fake.

Researchers develop cybersecurity system to test for vulnerabilities in technologies that use GPS (Help Net Security, May 01 2019)
“This is a legal way for us to improve the cyber resilience of autonomous vehicles by demonstrating a transmission of spoofed or manipulated GPS signals to allow for analysis of system responses,” said Victor Murray, head of SwRI’s Cyber Physical Systems Group in the Intelligent Systems Division.

5G brings great opportunities but requires a network transformation (Help Net Security, May 01 2019)
Twelve percent of operators expect to roll out 5G services in 2019, and an additional 86 percent expect to be delivering 5G services by 2021, according to a Vetiv survey of more than 100 global telecom decision makers with visibility into 5G and edge strategies and plans.

UK Defense Secretary Sacked Over Huawei Leak (Infosecurity Magazine, May 02 2019)
Opposition parties are calling for a criminal inquiry after the UK defense secretary was sacked for allegedly leaking news of the government’s decision to allow Huawei to supply parts of its 5G network.

New Strain of Android Malware Found on Third-Party App Store (SecurityWeek, May 03 2019)
Android users are frequently advised to limit app downloads to those from their corporate app store, or from Google’s official Google Play store. Despite this, users are often tempted to visit the more dangerous third-party stores offering exotic apps or apps with copyright protection removed.

This new Android app aims to tackle cyber insecurity in the developing world (Washington Post, May 07 2019)
The organization offers Domain Name Service, or DNS, protection, which means it prevents people from connecting to malicious websites — such as phishing sites that look like a bank’s website but are actually stealing log-in information. That means it won’t protect users from all hacks, but it will protect against a lot of the easiest and most pervasive ones, Todd said.

Security Top Concern as Mobile Providers Think 5G (Dark Reading, May 06 2019)
The deployment of 5G networks will bring new use cases and revenue opportunities, mobile providers say, but security will be essential.