A Review of the Best News of the Week on AI, IoT, & Mobile Security

Twitter Confirms it Will Only Ban “Harmful” Deepfakes (Infosecurity Magazine, Feb 06 2020)
Social site will otherwise allow manipulated content on its site

YouTube Issues Deepfake Ban Reminder (Infosecurity Magazine, Feb 05 2020)
YouTube reiterates its ban on deepfake videos ahead of the 2020 US election

Shadow’s Cancelled Nevada Caucus App Had Errors, Too (VICE, Feb 07 2020)
An error wouldn’t let users report results in a test version of the app. Shadow confirmed it was fixing some errors at the time.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

AI and Machine Learning will power both Cyber Offense and Defense in 2020 (The Security Ledger, Feb 06 2020)
You can see how an arms race between cyber criminals and organizations is developing – with each needing to adopt the latest technology to keep up.

Facebook, YouTube order Clearview to stop scraping them for faces to match (Ars Technica, Feb 07 2020)
The company claims it scraped three billion images for police to match faces against.

Six Data Points You Should Know about Federated Machine Learning (eWEEK, Feb 07 2020)
How early attempts to deploy machine learning inside real-world use cases have led to a new approach called Federated Machine Learning.

Google has released a tool to spot faked and doctored images (MIT Technology Review, Feb 10 2020)
Jigsaw, a technology incubator at Google, has released an experimental platform called Assembler to help journalists and front-line fact-checkers quickly verify images.

Using ‘radioactive data’ to detect if a data set was used for training (Facebook AI, Feb 10 2020)
“We have developed a new technique to mark the images in a data set so that researchers can determine whether a particular machine learning model has been trained using those images. This can help researchers and engineers to keep track of which data set was used to train a model so they can better understand how various data sets affect the performance of different neural networks.”

IoT Malware Campaign Infects Global Manufacturing Sites (Dark Reading, Feb 05 2020)
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.

Honware: IoT honeypot for detecting zero-day exploits (Help Net Security, Feb 06 2020)
Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before. It’s called honware, and it’s a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment (CPE) and IoT devices by using devices’ firmware image.

How IoT devices open a portal for chaos across the network (Help Net Security, Feb 06 2020)
Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox. The report surveyed 2,650 IT professionals across the US, UK, Germany, Spain, the Netherlands and UAE to understand the state of shadow IoT in modern enterprises.

Philips WiFi light bulb vulnerable to attack (SC Media, Feb 05 2020)
The light given off by some WiFi light bulbs may expose more than just a dark room as Check Point researchers have found a vulnerability in Philips Hue smart bulbs and bridge enabling them to remotely infiltrate the device.

Next-generation endpoint security goes beyond the endpoint (Network World Security, Feb 06 2020)
AI and behavioral analysis are key to elevating the level of security for devices and back-end systems and are a prerequisite for IoT devices and services. Is your vendor moving in the right direction?

IoT Devices at Major Manufacturers Infected With Malware via Supply Chain Attack (SecurityWeek, Feb 07 2020)
Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack.

6 Factors That Raise The Stakes For IoT Security (Dark Reading, Feb 10 2020)
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.

Government or vendors? Who should lead the push for IoT security? (Network World Security, Feb 10 2020)
Industry groups and governmental agencies have been taking a stab at rules to improve the security of the internet of things, but so far there’s nothing comprehensive.

Android pulls 24 ‘dangerous’ malware-filled apps from Play Store (Naked Security – Sophos, Feb 06 2020)
The malware-infected apps used to harvest data and sign users up to premium services have been downloaded more than 382 million times.

When Your Used Car is a Little Too ‘Mobile’ (Krebs on Security, Feb 05 2020)
“Out of curiosity, Marulla decided to check if his old MyFordMobile.com credentials from 2016 still worked. They did, and Marulla was presented with an online dashboard showing the current location of his old ride and its mileage statistics. The dashboard also allowed him to remotely start the vehicle, as well as lock and unlock its doors.”

In 2020, 5G deployments will continue at a frantic pace (Help Net Security, Feb 06 2020)
The implementation of massive MIMO in 5G systems is changing, according to a Mobile Experts report. There’s a shift away from the dominant position of 64T64R mMIMO, toward 32T32R systems.

Google patches Bluetooth vulnerability impacting most Android devices (SC Media, Feb 10 2020)
Google has issued a critical security update for Android that affects the Bluetooth functionality on about two-thirds of all Android devices now in use. The vulnerability, CVE-2020-0022, affects devices running Android Oreo (8.0 and 8.1) and Pie (9.0) and can allow remote code execution without any user interaction.