A Review of the Best News of the Week on AI, IoT, & Mobile Security
120 Million Workers Need To Be Retrained Because Of AI (Forbes, Sep 10 2019) In the next three years, as many as 120 million workers in the world’s 12 largest economies may need to be retrained or reskilled as a result of AI and intelligent automation; only 41% of CEOs surveyed say that they have the people, skills and resources required to execute their business strategies; the time it takes to close a skills gap through training has increased from 3 days on average in 2014 to 36 days in 2018 [IBM]
Cybercriminals Impersonate Chief Exec’s Voice with AI Software (Dark Reading, Sep 03 2019) Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
Apple Disputes Google’s Claims of a Devastating iPhone Hack (VICE, Sep 06 2019) Apple says that Google oversold the nature of the hack and that it quickly fixed the vulnerability.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share today’s post on TwitterFacebookLinkedIn
Facebook launches $10m deepfake detection project (Naked Security – Sophos, Sep 09 2019)
If you’re worried about the evil potential of deepfake video, you’re not alone; so is Facebook.
A Hacker Guide To Deep Learning Based Side Channel Attacks (Elie Bursztein, Aug 09 2019)
This talk provides a step-by-step introduction on how to use deep learning to perform AES side-channel attacks.
What Do We Often Misunderstand About Artificial Intelligence’s Role In Cybersecurity? (Forbes, Sep 09 2019)
Both machine learning and deep learning use mathematical models from data to help inform decision making. However, there is a big difference in the performance of traditional machine learning versus deep learning. The more data you feed into a deep learning system, the more accurate it becomes. The performance does not plateau as it does with traditional machine learning.
‘Satori’ IoT Botnet Operator Pleads Guilty (Krebs on Security, Sep 04 2019)
“A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.”
600,000 GPS trackers for people and pets are using 123456 as a password (Ars Technica, Sep 05 2019)
A lack of encryption and easily enumerated IDs open users to a host of creepy attacks.
Meet FPGA: The Tiny, Powerful, Hackable Bit of Silicon at the Heart of IoT (Dark Reading, Sep 05 2019)
Field-programmable gate arrays are flexible, agile-friendly components that populate many infrastructure and IoT devices and have recently become the targets of researchers finding vulnerabilities.
5G Standard to Get New Security Specifications (Dark Reading, Sep 04 2019)
Researchers had recently demonstrated how attackers could intercept device capability information and use it against 5G mobile subscribers.
Android Phone Flaw Allows Attackers to Divert Email (Dark Reading, Sep 04 2019)
Researchers find that a spoofing a service message from the phone carrier is simple and effective on some brands of Android smartphones.
Security hole opens a billion Android users to advanced SMS phishing attacks (Help Net Security, Sep 04 2019)
The affected Android phones use over-the-air (OTA) provisioning, which allows mobile network operators to deploy network-specific settings to a new phone joining their network. However, researchers found that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP)…
Facebook loses control of key used to sign Android app (Naked Security – Sophos, Sep 04 2019)
What should be a private key used to vouch for the ‘Free Basics by Facebook’ app was used to sign unrelated apps.
QR codes need security revamp, says creator (Naked Security – Sophos, Sep 04 2019)
QR codes have been around since 1994, but their creator is worried. They need a security update, he says.
Zerodium Offers Up to $2.5 Million for Android Exploits (SecurityWeek, Sep 04 2019)
Exploit acquisition firm Zerodium announced on Tuesday that it’s offering up to $2.5 million for powerful Android exploits, more than what it’s offering for the same type of exploit on iOS.
Twitter disables tweeting via SMS (temporarily at least), in wake of Jack Dorsey account hijack (Graham Cluley, Sep 04 2019)
In the wake of the CEO of Twitter having his account hijacked the site has disabled the option to tweet via SMS.
Why ‘SIM Swapping’ Is a Growing Security Nightmare (The New York Times, Sep 05 2019)
Hackers have been targeting regular people and celebrities with the attack. Last week, it was used to hijack the Twitter account of Twitter’s C.E.O.
Future iPhones may have both Face ID and in-display fingerprint reader (Ars Technica, Sep 05 2019)
iPhone users may get option to unlock with either fingerprint or Face ID.
Google purges 24 malware-ridden apps that were downloaded 500,000 times (The Next Web, Sep 10 2019)
The findings, disclosed by cybersecurity firm CSIS Security Group, reveal that the malware — called Joker — is designed to surreptitiously sign users up for premium service subscriptions, in addition to stealing the victim’s SMS messages, the contact list, and device information.