A Review of the Best News of the Week on AI, IoT, & Mobile Security
China Telecom Routes European Traffic to Its Network for Two Hours (SecurityWeek, Jun 10 2019)
For two hours last week, a BGP route leak resulted in large portions of European Internet traffic being routed through China Telecom’s network.
Adware Hidden in Android Apps Downloaded More Than 440 Million Times (Dark Reading, Jun 04 2019)
The heavily obfuscated adware was found in 238 different apps on Google Play.
Outsmarting deep fakes: AI-driven imaging system protects authenticity (ScienceDaily, May 29 2019)
To thwart sophisticated deep fake methods of altering photos and video, researchers have devised a technique to authenticate images throughout the entire pipeline, from acquisition to delivery, using artificial intelligence.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Machine Learning And Artificial Intelligence In Cybersecurity: Hype Versus Reality (Forbes, Jun 05 2019)
AI broadly refers to the ability of machines to “think” like humans and perform tasks considered “smart,” without explicitly being programmed to do so. ML is a subset of AI. ML algorithms build a mathematical model based on training data, and they leverage the model to make predictions when new data is provided.
New user keystroke impersonation attack uses AI to evade detection (Help Net Security, Jun 10 2019)
A sophisticated attack, called Malboard, in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics, was developed by Ben-Gurion University of the Negev (BGU) cybersecurity researchers. Using artificial intelligence Keystrokes generated maliciously do not typically match human typing and can easily be detected.
Vectra lands $100M Series E investment for AI-driven network security (TechCrunch, Jun 10 2019)
Vectra, a seven-year old company that helps customers detect intrusions at the network level, whether in the cloud or on premises, announced a $100 million Series E funding round today led by TCV. Existing investors including Khosla Ventures and Accel also participated in the round.
Prediction Models: Traditional versus Machine Learning (Gartner Blog Network, Jun 08 2019)
In the first type of traditional prediction model, the input data set along with statistical assumptions and calculations determine the prediction algorithm. The input data set is analyzed (or “fitted to the data”) using statistical techniques. The prediction algorithm that is the one best suited to describing the data as determined by the statistical analysis.
The second type of traditional prediction model uses an explicit set of rules (e.g., if X then Y) to transform the inputs into a prediction. Instead of the prediction algorithm being “discovered” through statistical calculations, these rules are usually ones that are known by experts in the prediction domain (e.g., the medical knowledge physicians have in diagnosing/predicting a disease).
Hackproofing smart meters and boosting smart grid security (Help Net Security, Jun 11 2019)
Smart electricity meters are useful because they allow energy utilities to efficiently track energy use and allocate energy production. But because they’re connected to a grid, they can also serve as back doors for malicious hackers.
Critical flaws found in Amcrest security cameras (Naked Security – Sophos, Jun 11 2019)
The Amcrest 721 family of security cameras features six security flaws discovered back in 2017 by a researcher at security outfit Synopsys.
Apple bans ads, third-party tracking in apps meant for kids (Naked Security – Sophos, Jun 05 2019)
The new policy: Ditch third-party trackers in apps designed for youngsters, lest the app get booted out of the App Store.
Hackers May Soon Be Able to Tell What You’re Typing—Just By Hearing You Type (WSJ, Jun 05 2019)
Research suggests that sound waves from typing on a phone can be intercepted and decoded.
Researchers Finds Thousands of iOS Apps Ignoring Security (Dark Reading, Jun 05 2019)
A critical data encryption tool, included by default in iOS, is being turned off in more than two-thirds of popular apps.
Gang charged with $19 million iPhone scam (Naked Security – Sophos, Jun 06 2019)
It was a well-oiled business, with Top Dogs fencing devices, forgers cooking up fake IDs with stolen PII, and runners ripping off phones.
Many iOS Developers Don’t Use Encryption: Report (SecurityWeek, Jun 06 2019)
Many developers who are creating applications for Apple’s iOS do not use encryption in their software, a report from security startup Wandera shows.
The Open Source Project That Keeps Google’s Hands Off Your Android Data (VICE, Jun 07 2019)
MicroG gives users control over what data is used, where, when, and how.
Nokia enhances its security program for 5G end-to-end networks (Help Net Security, Jun 10 2019)
Design For Security (DFSEC) process. DFSEC ensures that security is designed into every product from the start, undergoing rigorous security testing prior to commercial release. A new program – DFSEC 2.0 – will build on this leadership in security development by focusing on additional verification work in the areas of E2E identity management, network slicing and SDN security, virtualization, and OAM, including patch management.
Facebook to Cut off Huawei to Comply With U.S. Sanctions (SecurityWeek, Jun 07 2019)
Facebook said Friday it would cut off Huawei from its popular social networking apps to comply with US sanctions, further isolating the Chinese tech giant considered a national security threat by Washington.
Security experts alarmed that Trump may jettison Huawei penalties as part of trade deal (The Washington Post, Jun 11 2019)
Security experts are sounding alarm bells over President Trump’s statement Monday that he might reconsider harsh penalties the U.S. government imposed against Huawei as part of a trade deal with Beijing.
5G rollout will ‘make things better’ for cybersecurity, according to Verizon (CNBC, Jun 11 2019)
“I think there is a lot of research and development that we’ve done and I know others have done as well to make sure that 5G doesn’t just bring speed and reliability, but also that it’s done in a secure manner and addresses any of those kinds of concerns,” Novak said.
iOS 13 will map the apps that are tracking you (Naked Security – Sophos, Jun 11 2019)
A map will display the snail-slime trails that we all leave behind in our daily travels and through which background tracking apps follow us.