A Review of the Best News of the Week on AI, IoT, & Mobile Security

It’s the middle of the night. Do you know who your iPhone is talking to? (WAPO, May 28 2019)
We ran a privacy experiment to see how many hidden trackers are running from the apps on our iPhone. The tally is astounding.

Your phone’s sensors could be used as a cookie you can’t delete (Naked Security – Sophos, Jun 03 2019)
Researchers have found that a phone’s gyroscope, accelerometer and other sensors create a unique fingerprint.

Facebook Can’t Rely on Artificial Intelligence to Save It From Hate Speech (Barron’s, May 31 2019)
Guy Rosen, vice president of integrity at Facebook, acknowledged during a security update with reporters on Thursday that artificial intelligence is not the best solution to address hate speech, which continues to be the most pervasive content issue at Facebook. The company is leaving that task to more staff in an effort to study the context of posts and the subtlety behind the use of controversial words. What might be a word of endearment or self-deprecation for one person could be interpreted as offensive to another, Rosen said.

One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New research generates deepfake video from a single picture (Naked Security – Sophos, May 29 2019)
Now it’s easier for attackers to produce deepfakes, even if the target doesn’t have much existing footage. Like the Mona Lisa.

Winning the cybercrime arms race with AI (SC Magazine, May 30 2019)
For instance, a report by Nokia revealed that AI-powered botnets look for vulnerabilities in Android devices, then load data-stealing malware that is only detected after the damage has been done.

Facial recognition used to strip adult industry workers of anonymity (Naked Security – Sophos, May 31 2019)
A name-and-shame database is supposed to “save” husbands from wives who have appeared on porn sites.

AI Is “Fundamental” to Future of SME Cybersecurity (Infosecurity Magazine, Jun 03 2019)
Senseon finds that cost, marketing hype and a lack of knowledge prevents SMEs from using AI.

Is AI fundamental to the future of cybersecurity? (Help Net Security, Jun 04 2019)
Although 88 percent of SMEs do have a dedicated security budget, more than half (53 percent) thought increased budget would help them deal with their cybersecurity workload, suggesting that their current allocation of resources is inefficient.

New initiative aims to strengthen IoT security, interoperability and reliability (Help Net Security, May 30 2019)
The All Hubs Initiative is driven by a Zigbee Alliance workgroup comprised of leading IoT companies including Amazon, Comcast, Exegin, Kwikset, Landis+Gyr, LEEDARSON, Legrand, MMB Networks, NXP, OSRAM, Schneider Electric, Silicon Labs, Somfy, and many others with the goal of improving interoperability between IoT devices and major consumer and commercial platforms.

Researchers uncover smart padlock’s dumb security (Naked Security – Sophos, May 29 2019)
Pen Test Partners has found some major security flaws in the Bluetooth Nokelock that consumers might like to know about.

Industry is Not Prepared for the IIoT Attacks that Have Already Begun (SecurityWeek, May 30 2019)
Industrial Internet of Things (IIoT) is an essential part of business transformation and the Industry 4.0 revolution. Its use is burgeoning, with more than 7 billion devices in use worldwide. This is expected to grow to more 20 billion by 2025 — and does not include phones, tablets or laptops.

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT (Help Net Security, Jun 03 2019)
Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure.

CEO Who Sold Encrypted Phones to the Sinaloa Cartel Sentenced to Nine Years (VICE, May 29 2019)
Vincent Ramos was sentenced to nine years and forfeited more than $80 million for providing criminal organizations with encrypted devices.

Apple patches AirPort Base Station Firmware (SC Magazine, May 31 2019)
Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac.

New Attack Targets the Touchscreen of Smartphones, Researchers Reveal (SecurityWeek, Jun 03 2019)
A group of researchers has devised a new proof-of-concept attack that targets the touchscreen of Near-Field Communication (NFC)-enabled mobile devices such as smartphones and allows remote control of the devices.