A Review of the Best News of the Week on AI, IoT, & Mobile Security
First‑of‑its‑kind spyware sneaks into Google Play (WeLiveSecurity, Aug 22 2019)
ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice
Security Researchers Find Several Bugs in Nest Security Cameras (VICE, Aug 21 2019)
Cisco Talos researchers report finding eight security vulnerabilities in the Nest Cam IQ that can allow attackers to take over the camera, prevent its use or allow code execution.
Tesla gets stolen with keyfob hack on camera in seconds — here’s how to prevent it (Electrek, Aug 26 2019)
In response to those attacks, Tesla started rolling out extra layers of security with “improved cryptography” key fob and optional “PIN to Drive” feature. If an owner activates the “PIN to Drive” function (go to Controls > Safety and Security > PIN to Drive), anyone entering the car will have to know your PIN in order to be able to drive away.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills (Dark Reading, Aug 23 2019)
The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security – without busting any budgets.
Using deep learning and natural language understanding to protect enterprise communication (Help Net Security, Aug 26 2019)
CEO at Armorblox, talks about how they use natural language understanding and deep learning to automatically create and adapt policies, continuously measure risk exposure, and prevent attacks and data loss.
The Growing Threat of Deepfake Videos (SecurityWeek, Aug 26 2019)
Existing methods in all these areas are already successful; but the arrival of deepfake videos will take them to a different level.
OpenAI Said Its Code Was Risky. Two Grads Recreated It Anyway (Wired, Aug 26 2019)
The artificial intelligence lab cofounded by Elon Musk said its software could too easily be adapted to crank out fake news.
Identifying vulnerable IoT devices by the companion app they use (Help Net Security, Aug 22 2019)
…they’ve analyzed 2,081 IoT companion apps and confirmed that at least 164 IoT devices from 38 different vendors were definitely vulnerable.
Modifying a Tesla to Become a Surveillance Platform (Schneier on Security, Aug 22 2019)
At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras
Don’t worry about shadow IT. Shadow IoT is much worse. (Network World Security, Aug 22 2019)
Shadow IoT – the use of unauthorized internet of things devices and networks – poses a new level of threats for enterprises.
Top 5 IoT networking security mistakes (Network World Security, Aug 26 2019)
IT supplier Brother International shares five of the most common internet-of-things security errors it sees among buyers of its printers and multi-function devices.
Critical Flaws in VxWorks affect 200 Million Connected Things (The Security Ledger, Jul 30 2019)
11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities (Dark Reading, Aug 27 2019)
As new Internet of Things products enter the market, speed shouldn’t trump concerns about security.
#OSSummit: Seven Properties of Highly Secure IoT (Infosecurity Magazine, Aug 27 2019)
Connected devices potentially represent a large risk to the safety and security of the internet
T-Mobile ‘Put My Life in Danger’ Says Woman Stalked With Black Market Location Data (VICE, Aug 21 2019)
Telecom giants are giving up customers’ real-time location data to stalkers and bounty hunters. Now, Motherboard speaks to a victim.
The Android 10 Privacy and Security Upgrades You Should Know About (Wired, Aug 22 2019)
Google’s next big Android release will make you safer—especially in ways you can’t see.
The Fight Against Robocalls Gets Powerful New Allies (Wired, Aug 22 2019)
All the state attorneys general, along with 12 major companies, promise to finally make serious moves against robocalls.
Did Denmark Make the Wrong Call on Location Data? (Infosecurity Magazine, Aug 23 2019)
Danish authorities are reviewing 10,700 court cases over concerns that cellphone location-tracking data given as evidence may have been flawed.
iOS vulnerability that let you jailbreak your iPhone is once again dead (Ars Technica, Aug 26 2019)
Previously fixed bug, which somehow came back in iOS 12.4, is patched for a second time.