A Review of the Best News of the Week on AI, IoT, & Mobile Security
Facebook Plans on Backdooring WhatsApp (Schneier on Security, Aug 01 2019)
“This article points out that Facebook’s planned content moderation scheme will result in an encryption backdoor into WhatsApp”
Google and Apple suspend contractor access to voice recordings (Naked Security – Sophos, Aug 05 2019)
Apple and Google have announced that they will limit the way audio recorded by their voice assistants, Siri and Google Assistant, are accessed internally by contractors.
Why the Network Is Central to IoT Security (Dark Reading, Jul 31 2019)
In a large school district, there was a digital sign for a snack area that no one had thought about for months. Eventually, the snack area was removed, yet the sign was still plugged into the district’s network. For months, it turns out, the sign had been compromised by attackers and was communicating with 100 different countries.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Companies struggle with the slow, unpredictable nature of AI projects (Help Net Security, Aug 01 2019)
While 63.2% of businesses reported they are spending between $500,000 and $10 million on their AI efforts, 60.6% of respondents continue to experience a variety of operational challenges. This is evidenced by the fact that 64.4% of organizations deploying AI said that it is taking between seven to 18 months to get their AI workloads from idea into production, illustrating the slow, unpredictable nature of AI projects today.
Elon Musk’s AI ‘will have human general intelligence’ in just 5 years (Daily Star, Aug 03 2019)
Microsoft has recently injected $1 billion into an artificial intelligence research group co-founded by tech genius Elon Musk which is aiming to be the first to build a computer which matches its creators for intelligence. The group, OpenAI, even thinks such a milestone could happen inside five years.
China pumps up the hype about A.I. with oddball computer chip (ZDnet, Aug 03 2019)
Nature magazine’s cover story is about a Chinese chip that can run traditional deep learning code and also perform “neuromorophic” operations in the same circuitry. The work’s value seems obscured by a lot of hype about “artificial general intelligence” that has no real justification.
Researchers Replace IP Camera Feed With Fake Footage (SecurityWeek, Jul 31 2019)
Forescout security researchers have demonstrated an attack on an IP camera that results in fake replay footage being displayed to security operators.
Research shows that devices banned by US government lack basic security practices (Help Net Security, Aug 02 2019)
As the August 13 deadline looms for the US ban on Chinese surveillance cameras, the news cycle is re-engaged with the issue. The panic about banned cameras still being in operation shines a spotlight on both the severity of the issue and the dire need to find a solution.
New Mirai Variant Hides C&C Server on Tor Network (SecurityWeek, Aug 02 2019)
A recently discovered variant of the Mirai Internet of Things (IoT) malware is using a command and control (C&C) server on the Tor network, Trend Micro’s security researchers have discovered.
Smart TVs: Yet another way for attackers to break into your home? (WeLiveSecurity, Aug 02 2019)
A primer on why internet-enabled TVs make for attractive and potentially soft targets, and how cybercriminals can ruin more than your TV viewing experience
UK R&D Tax Credits for the IoT Sector (IOT Insights, Aug 02 2019)
In a typical case of a company that has less than 500 employees and has an annual turnover of less than £75,000,000 companies can claim back an annual benefit of up to 33% of their eligible R&D expenditure, including salaries, contractor costs, materials and consumables.
Mobile Malware and Mobile Attackers are Getting More Sophisticated (SecurityWeek, Jul 31 2019)
For many years, the primary threat to mobile devices was click-jacking and adware. But as the mobile device has become more deeply embedded in everybody’s life, as mobile banking has increased and the amalgamation of personal data on devices has grown, so has the attraction of the mobile device increased for both cyber criminals and even nation states.
Apple’s AirDrop and password sharing features can leak iPhone numbers (Ars Technica, Aug 01 2019)
Partial hashes broadcast in Bluetooth can be converted to phone numbers, researchers say.
47% of Android Anti-Malware Apps Are Flawed (Dark Reading, Aug 01 2019)
Protection failures come at a time when malicious Android software is becoming more of a problem.
5G Is Here—and Still Vulnerable to Stingray Surveillance (Wired, Aug 03 2019)
5G was supposed to offer new protections against so-called stingray surveillance devices. New research shows it’s anything but.
Hackers exploit SMS gateways to text millions of US numbers (Naked Security – Sophos, Aug 05 2019)
Receive any strange SMS text messages recently? If you live in the US, there’s a small chance you might have received an SMS with the following text in the last few days from someone called ‘j3ws3r on Twitter’: I’m here to warn the masses about SMS email gateways.
As attackers get more creative, mobile threats and attacks increase in both quantity and impact (Help Net Security, Aug 05 2019)
Mobile OS vendors created patches for 440 security vulnerabilities.
One third of enterprise mobile endpoints encountered risky networks, and almost one out of 10 were exposed to network attacks.
Irdeto Trusted Software: Automated iOS and Android app protection (Help Net Security, Aug 05 2019)
Unlike other solutions on the market, which typically require cybersecurity expertise to configure, build and apply proper protection, Trusted Software takes app-store-ready applications as a starting point. Trusted Software then returns a protected application that is ready for posting to the app store, eliminating the need for the organization to spend time or resources securing mobile apps.