A Review of the Best News of the Week on AI, IoT, & Mobile Security

Pentagon publishes AI guidelines (Naked Security – Sophos, Nov 04 2019)
Called AI Principles: Recommendations on the Ethical Use of Artificial Intelligence by the Department of Defense, the missive is an attempt to lay out ground rules for the use of AI early on, giving the military a framework on which to build its AI systems. Frameworks like these are important for the safe rollout of new technologies, it points out, citing civil engineering and nuclear-powered vessels as examples.

Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home (Wired, Nov 04 2019)
By sending laser-powered “light commands” to a smart assistant, researchers could force it to unlock cars, open garage doors, and more.

MESSAGETAP: Who’s Reading Your Text Messages? (Fire Eye, Oct 31 2019)
Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider in support of Chinese espionage efforts. APT41’s operations have included state-sponsored cyber espionage missions as well as financially-motivated intrusions.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

New Facebook AI fools facial recognition (Naked Security – Sophos, Oct 29 2019)
The technology – which Facebook won’t use in its own apps – subtly distorts face images so they’re still recognizable, but not to machines.

Deepfakes: When seeing isn’t believing (WeLiveSecurity, Oct 31 2019)
Is the world as we know it ready for the real impact of deepfakes?

Together, AI and the IoT are having a bigger-than-expected impact (Help Net Security, Nov 04 2019)
A survey of global business leaders reveals the most significant predictor in realizing value from Internet of Things (IoT) initiatives across an organization is the heavy use of artificial intelligence (AI).

What Do You Do When You Can’t Patch Your IoT Endpoints? (Dark Reading, Oct 29 2019)
The answer, in a word, is segmentation. But the inconvenient truth is that segmentation is hard.

How to Keep Your Siri, Alexa, and Google Assistant Voice Recordings Private (Wired, Oct 29 2019)
Alexa, Siri, and Google Assistant now all give you ways to opt out of human transcription of your voice snippets. Do it.

#ISC2Congress: IoT Devices Pose Off-Network Security Risk (Infosecurity Magazine, Oct 30 2019)
Beyond-the-network IoT risks are all around us

WhatsApp suit says Israeli spyware maker exploited its app to target 1,400 users (Ars Technica, Oct 29 2019)
Clickless exploit targets attorneys, journalists, activists, dissidents, and others.

FCC Issues Plan to Remove and Replace Huawei Kit (Infosecurity Magazine, Oct 30 2019)
Carriers receiving USF subsidy will be told to find alternatives

Got an early iPhone or iPad? Update now or turn it into a paperweight (Naked Security – Sophos, Oct 30 2019)
Calling Apple iPhone 5, iPhone 4s or early iPad owners – your device may be about to turn into a vintage technology paperweight.

iPhone Emulation Company Sued by Apple Says It’s Making iPhones Safer (VICE, Oct 29 2019)
Corellium responds to Apple’s lawsuit saying the startup is good for society and accusing Apple of owing it money.

Hacking Phones: How Law Enforcement Is Saving Privacy (Dark Reading, Oct 30 2019)
It’s no longer true that society must choose to either weaken everybody’s privacy or let criminals run rampant.

Risky transactions on mobile devices increase 138% since 2017 (Help Net Security, Nov 04 2019)
Risky transactions on mobile devices are showing an increase of 138% since 2017, iovation survey of 802 consumers from the United Kingdom and 802 consumers from the United States reveals.

Android Dropper App Infects 45K Devices (Infosecurity Magazine, Nov 04 2019)
Malicious Xhelper app is annoyingly tenacious