A Review of the Best News of the Week on AI, IoT, & Mobile Security

Leveraging AI to Battle This Pandemic — And The Next One (Harvard Business, Apr 20 2020)
Using multiple sources of data, machine-learning models would be trained to measure an individual’s clinical risk of suffering severe outcomes (if infected with Covid): what is the probability they will need intensive care, for which there are limited resources? How likely is it that they will die? The data could include individuals’ basic medical histories (for Covid-19, the severity of the symptoms seems to increase with age and with the presence of co-morbidities such as diabetes or hypertension) as well as other data, such as household composition.

2 billion phones cannot use Google and Apple contact-tracing tech (Ars Technica, Apr 20 2020)
System developed by Silicon Valley relies on technology missing from older handsets.

Clearview AI source code, facial recognition apps, data exposed (SC Media, Apr 21 2020)
In a familiar refrain, a cloud data bucket was left open, but this time the stakes were high – a misconfigured server exposed the source code, copies of its facial recognition apps as well as private data at controversial startup Clearview AI, which gained unwanted notoriety earlier this year for obtaining billions of photos by scraping the…

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Vulnerability Finding Using Machine Learning (Schneier on Security, Apr 20 2020)
Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem.

This Open-Source Program Deepfakes You During Zoom Meetings, in Real Time (VICE, Apr 16 2020)
Avatarify runs on Skype and Zoom, and face-swaps your own face with a celebrity in live video calls.

Deepfakes and AI: Fighting Cybersecurity Fire with Fire (Threatpost, Apr 21 2020)
To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.

New Malware Family Assembles IoT Botnet (Dark Reading, Apr 15 2020)
Mozi’ combines code from three previously known IoT malware.

Hackers Made the Snoo Smart Bassinet Shake and Play Loud Sounds (Wired, Apr 16 2020)
The now-patched flaws found in the popular internet-connected baby bed underscore the importance of getting security right.

TikTok Vulnerability Leaves Users Open to Fake News (Dark Reading, Apr 14 2020)
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.

The secret behind “unkillable” Android backdoor called xHelper has been revealed (Ars Technica, Apr 16 2020)
The precise cause of the reinfections stumped researchers for months.

Man-in-the-Middle Attacks: A Growing but Preventable Mobile Threat (Dark Reading, Apr 15 2020)
Hackers are upping their game, especially as they target mobile devices.

TikTok app inherently unsafe and a privacy risk (SC Media, Apr 15 2020)
TikTok’s continued use of HTTP to move sensitive data across the internet is allowing the videos and other content being sent by the app’s users to be tracked and altered, according to two web developers.

Syrian Hackers Target Mobile Users With COVID-19 Lures (SecurityWeek, Apr 16 2020)
Syrian-linked hackers recently switched to COVID-19-themed lures as part of a long-running surveillance campaign, Lookout security researchers reveal.

DHS Working on Cloud-based Root-of-Trust to Secure Agency Email on Mobile Devices (SecurityWeek, Apr 17 2020)
Short on Technical details, DHS Announces Plan to Strengthen Mobile Device Email Security and Privacy for Corporate Devices in Personal Use

Apple releases mobility data to help combat COVID‑19 (WeLiveSecurity, Apr 17 2020)
The tool, which comes after a similar effort by Google, looks at how people’s traveling behavior has changed since the start of the pandemic

Google declares war on Android fleeceware scamming users through sneaky subscriptions (Graham Cluley, Apr 17 2020)
The Google Play Store has announced new policies that aim to kick out “free trial” Android apps that you use underhand techniques to trick unsuspecting users into signing-up for expensive subscriptions.