A Review of the Best News of the Week on AI, IoT, & Mobile Security
Researchers Claim They Bypassed Cylance’s AI-Based Antivirus (SecurityWeek, Jul 19 2019)
Researchers at Australia-based cybersecurity firm Skylight claim to have found a way to trick Cylance’s AI-based antivirus engine into classifying malicious files as benign.
Hackers Access Sprint Accounts via Samsung Website (SecurityWeek, Jul 17 2019)
US telecoms company Sprint has informed some customers that their Sprint accounts have been accessed by hackers via a Samsung website.
Huawei’s Czech Unit Secretly Collected Data: Report (SecurityWeek, Jul 22 2019)
The Czech unit of telecoms giant Huawei secretly collected personal data of customers, officials and business partners, Czech public radio reported Monday, fanning concerns about security risks linked to the Chinese group.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
This deep neural network fights deepfakes (ScienceDaily, Jul 19 2019)
Researchers have developed a deep neural network architecture that can identify manipulated images at the pixel level with high precision by studying the boundaries of objects in the image.
How can attackers abuse artificial intelligence? (Help Net Security, Jul 16 2019)
while human attackers have access to machine learning techniques, they currently focus most of their efforts on manipulating existing AI systems for malicious purposes instead of creating new attacks that would use machine learning.
Criminals are using deepfakes to impersonate CEOs (Fast Company, Jul 19 2019)
A well-timed deepfake audio clip that purports to show Tim Cook having a private conversation about iPhone sales tanking could sabotage the company and send its stock plummeting.
Upfront transparency of data use is key for greater consumer acceptance of AI devices (Help Net Security, Jul 22 2019)
A new report from the User Experience Strategies (UXS) group at Strategy Analytics has investigated consumer perceptions and experiences of current AI devices, systems and services. For greater consumer engagement with AI and for it to be more than just a buzzword, upfront transparency of data use is key.
IIoT risks of relying heavily on edge computing (Help Net Security, Jul 16 2019)
“I would urge all Industrial Internet of Things (IIoT) customers to avoid being taken in by the fervor behind edge computing. Here’s why. Edge computing simply won’t provide an answer to all digital transformation problems. It does, however, serve an effective purpose if properly used. It enables optimization when an organization knows precisely what specific problem needs to be addressed in a specific place.”
Mirai Groups Target Business IoT Devices (Dark Reading, Jul 19 2019)
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
Healthcare’s blind spot: Unmanaged IoT and medical devices (Help Net Security, Jul 22 2019)
From imaging to monitoring systems, infusion pumps to therapeutic lasers and life support machines, medical devices are used to improve and streamline patient care. Many of these are networked and they can be found everywhere in today’s hospitals.
Researchers devise method to track Bluetooth devices, despite built-in protections (SC Magazine, Jul 18 2019)
Researchers from Boston University (BU) have discovered a way to circumvent anonymization protections on Bluetooth Low Energy devices, allowing potentially malicious actors to passively track the movements of these devices and their users. BLE devices rely on non-encrypted advertising messages to signal their availability to other devices to pair up.
Someone Hacked My T-Mobile Account and T-Mobile Won’t Talk About It (VICE, Jul 18 2019)
Cell phone carriers still have a long way to go before making your accounts truly secure.
Hackers Made an App That Kills to Prove a Point (Wired, Jul 16 2019)
Medtronic and the FDA left an insulin pump with a potentially deadly vulnerability on the market—until researchers who found the flaw showed how bad it could be.
JetBlue flight evacuated after photo of suicide vest sent to crew, passengers via AirDrop (SC Magazine, Jul 17 2019)
A Tampa-bound JetBlue flight waiting for takeoff at Newark Airport was evacuated after members of the crew and some passengers received a photo of a suicide vest via Apple’s AirDrop. Although the source of the photo is unknown, someone nearby – potentially a passenger…
Europol Head Fears 5G Will Give Criminals an Edge (Dark Reading, Jul 19 2019)
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
Data Broker LocationSmart Will Fight Class Action Lawsuit Over Selling AT&T Data (VICE, Jul 18 2019)
Earlier this week the EFF and a law firm filed a class action lawsuit against AT&T and two data brokers. Now one of those data companies says it’ll fight the lawsuit.
No, You Don’t Need a Burner Phone at a Hacking Conference (VICE, Jul 18 2019)
Every year, infosec Twitter debates whether people should bring a burner phone to conferences like Def Con or Black Hat. Here’s why we think you don’t need to worry about that.
Big password hole in iOS 13 beta spotted by testers (Naked Security – Sophos, Jul 23 2019)
A security clanger has been spotted in the current beta version of iOS 13 which allows anyone to access a user’s stored web and app passwords without having to authenticate.
Your Android’s accelerometer could be used to eavesdrop on your calls (Naked Security – Sophos, Jul 23 2019)
Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more.