A Review of the Best News of the Week on AI, IoT, & Mobile Security
Backdoor Built into Android Firmware (Schneier on Security, Jun 21 2019)
In 2017, some Android phones came with a backdoor pre-installed: Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday.
A Likely Chinese Hacker Crew Targeted 10 Phone Carriers to Steal Metadata (Wired, Jun 24 2019)
In one case, they stole the location and call record data of 20 specific individuals.
3 steps to gain business value from AI (Google Cloud Blog, Jun 14 2019)
Step 1: Align AI projects with business priorities and find a good sponsor.
Step 2: Plan for explainable ML in models, dashboards and displays.
Step 3: Broaden expertise within the organization on data analytics and data engineering.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Can the U.S. Learn from Finland’s AI Strategy? (IT Pro, Jun 15 2019)
Finland’s AI strategy of teaching average citizens about the technology could help with the artificial intelligence staffing crunch.
Are Artificial Intelligence and Machine Learning Just a Temporary Advantage to Defenders? (SecurityWeek, Jun 19 2019)
Attackers Explore How to Defeat Machine Learning (ML)-Based Defenses and Use ML in Their Own Attacks
Democratizing’ Machine Learning for Fraud Prevention & Payments Intelligence (Dark Reading, Jun 20 2019)
How fraud experts can fight cybercrime by ‘downloading’ their knowledge and experience into computer models.
Microsoft uses AI to push Windows 10 upgrade to users (Naked Security – Sophos, Jun 21 2019)
From November, users running some versions of Windows 10 will be required to upgrade or find themselves unable to receive security updates.
AI Can Now Detect Deepfakes by Looking for Weird Facial Movements (VICE, Jun 21 2019)
Machines can now look for visual inconsistencies to identify AI-generated dupes, a lot like humans do.
Researchers develop a technique to vaccinate algorithms against adversarial attacks (Help Net Security, Jun 24 2019)
A set of techniques to effectively vaccinate algorithms against adversarial attacks have been developed by researchers from CSIRO’s Data61.
Samsung asks users to please virus-scan their TVs (Ars Technica, Jun 18 2019)
Samsung Support USA deleted its own virus-scanning recommendation.
Botnets shift from Windows towards Linux and IoT platforms (Help Net Security, Jun 20 2019)
Botnets in 2018 continued to use DDoS as their primary weapon to attack high-speed networks, according to NSFOCUS. Continuous monitoring and research of botnets discovered significant changes taking place in the coding of malware used to create bots, operations, and maintenance of botnets and IP Chain-Gangs.
Used Nest cams were letting previous owners spy on you (Naked Security – Sophos, Jun 21 2019)
Google says it’s fixed the issue, but we haven’t heard details on how many, and which, products were affected.
7 steps to enhance IoT security (Network World Security, Jun 25 2019)
Securing the IoT is a multi-faceted effort that requires big moves as well as small adjustments to ensure networks, systems, data and devices are protected. Here are 7 security practices you might not have considered.
SIM swap horror story: I’ve lost decades of data and Google won’t lift a finger (ZDNet, Jun 19 2019)
First they hijacked my T-Mobile service, then they stole my Google and Twitter accounts and charged my bank with a $25,000 Bitcoin purchase. I’m stuck in my own personal Black Mirror episode. Why will no one help me?
IoT explodes worldwide, researchers investigate security issues present in the devices real users own (Help Net Security, Jun 20 2019)
About 40 percent of households across the globe now contain at least one IoT device, according to Avast. In North America, that number is almost double, at 66 percent, bringing with it an associated growth in cybersecurity risks.
Bouncing Golf campaign takes swing at Android users with info-stealing malware (SC Magazine, Jun 18 2019)
A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code…
Mobile apps riddled with high-risk vulnerabilities, warns report (Naked Security – Sophos, Jun 24 2019)
Be careful before installing that mobile app on your iOS or Android device – many mobile applications are riddled with vulnerabilities.
Flaw in Outlook for Android Allows for Data Theft (SecurityWeek, Jun 24 2019)
A vulnerability recently addressed in Outlook for Android allows an attacker to steal information from the affected device.
New Botnet Exploits Android Debug Bridge and SSH (SecurityWeek, Jun 21 2019)
A newly discovered crypto-currency mining botnet can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH), Trend Micro reports.