A Review of the Best News of the Week on AI, IoT, & Mobile Security

Trump’s Sanctions on China Are Making Huawei Phones Less Secure (VICE, May 20 2019)
Google is shutting down its business relationship with Huawei. What does this mean for the security of your Huawei devices?

Chinese-made drones could transmit flight data back to makers, gov’t, DHS CISA warns (SC Magazine, May 21 2019)
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warned in a Monday alert that drones made in China might be transmitting flight data back to their makers that the Chinese government can access.

How Hackers Broke WhatsApp With Just a Phone Call (Wired, May 14 2019)
All it took to compromise a smartphone was a single phone call over WhatsApp. The user didn’t even have to pick up the phone.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a new way to conduct a strategy assessment.

How Technology and Politics Are Changing Spycraft (Schneier on Security, May 21 2019)
“Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a disadvantage over other countries. And finally, much of this has gone corporate.”

Machine Learning in Healthcare Cybersecurity – Current Applications (Emerj, May 14 2019)
“In this article, we cover how machine learning software could help healthcare companies protect their patients’ data as well as their network of computers across their enterprise. We discuss how the typical machine learning approaches to fraud detection, anomaly detection and predictive analytics, may help detect malware and other cybersecurity threats.”

Why AI Will Create Far More Jobs Than It Replaces (Dark Reading, May 14 2019)
Just as spreadsheets and personal computers created a job boom in the ’70s, so too will artificial intelligence spur security analysts’ ability to defend against advanced threats.

CEOs and business leaders trust AI, but employees are more cautious (Help Net Security, May 16 2019)
Most senior executives (85%) classify themselves as artificial intelligence (AI) optimists, citing increased investment and trust in the technology. Eighty-seven percent say their company will invest in AI initiatives this year, the EY study reveals.

How to Securely Blend Your IoT Data with Business Data (SecurityWeek, May 16 2019)
Opportunities Created by the Integration of IoT Data With the Rest of Your Business Environment Are Vast

Boost Mobile Alerts Customers of Security Incident (Infosecurity Magazine, May 15 2019)
Boost Mobile customers are urged to change their PINs.

Twitter bug leaks iOS users’ location data to partner (Naked Security – Sophos, May 15 2019)
Now fixed, the bug affected some users with multiple accounts running on an iOS device.

Hacking gang stole millions in cryptocurrency via SIM swaps (Naked Security – Sophos, May 17 2019)
Six people have been indicted for allegedly being SIM card swappers who stole victims’ identities and their cryptocurrency, and three mobile phone company employees have been indicted for allegedly accepting bribes to help them steal subscribers’ identities.

ThreatQ adds support for mobile and PRE-ATT&CK in response to rapid customer adoption (Help Net Security, May 20 2019)
ThreatQ integration with MITRE ATT&CK now includes support for PRE-ATT&CK and Mobile. Together with Enterprise ATT&CK, the three-pronged framework creates an end-to-end attack chain that examines and assesses an adversaries’ actions.

Amnesty sues maker of Pegasus, the spyware let in by WhatsApp zero day (Naked Security – Sophos, May 21 2019)
Thirty members and supporters of Amnesty International Israel and others from the human rights community are alleging that NSO Group’s spyware has been used to surveil Amnesty staff and other human rights defenders, thereby putting human rights at risk.