A Review of the Best News of the Week on AI, IoT, & Mobile Security
Apple Will Start Sending Special Devices to iPhone Hackers (VICE, Jul 22 2020)
Apple officially launched the iPhone Research Device Program, and will send iPhone hackers and security researchers special devices that will make it easier for them to find bugs and vulnerabilities.
Is TikTok Spying On You For China? (Forbes, Jul 27 2020)
A new security report has just been published, adding substance to the U.S. threats being made against China’s social media sensation.
Adversarial Machine Learning and the CFAA (Schneier on Security, Jul 23 2020)
“In this paper, we ask, “What are the potential legal risks to adversarial ML researchers when they attack ML systems?” Studying or testing the security of any operational system potentially runs afoul the Computer Fraud and Abuse Act (CFAA), the primary United States federal statute that creates liability for hacking.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Randomness theory could hold key to internet security (ScienceDaily, Jul 27 2020)
Researchers identified a problem that holds the key to whether all encryption can be broken — as well as a surprising connection to a mathematical concept that aims to define and measure randomness.
Researchers develop new learning algorithm to boost AI efficiency (Help Net Security, Jul 22 2020)
The high energy consumption of artificial neural networks’ learning activities is one of the biggest hurdles for the broad use of AI, especially in mobile applications. One approach to solving this problem can be gleaned from knowledge about the human brain.
Deepfakes & James Bond Research Project: Cool but Dangerous (Dark Reading, Jul 23 2020)
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
AI Cybersecurity Company CalypsoAI Raises $13 Million (SecurityWeek, Jul 24 2020)
CalypsoAI, a California-based company that specializes in artificial intelligence and machine learning cybersecurity, announced this week that it has raised $13 million in a Series A funding round.
Listen to This Deepfake Audio Impersonating a CEO in Brazen Fraud Attempt (VICE, Jul 23 2020)
A security firm analyzed a suspicious voicemail left to a tech company employee, part of an attempt to get the employee to send money to criminals.
A.I. Helped Uncover Chinese Boats Hiding in North Korean Waters (Wired, Jul 25 2020)
A combination of technologies helped scientists discover a potentially illegal fishing operation involving more than 900 vessels.
ComplyAdvantage nabs $50M for an AI platform and database to detect and stop financial crime (TechCrunch, Jul 28 2020)
The growth of digital banking has opened up a wealth of opportunities for making the world of finance more accessible and transparent to a greater number of people. But the darker underbelly is that it has also created more avenues for illicit activity to flourish, with some $2 trillion laundered annually but only 1-3% of that…
Surge in Consumer-Grade IoT Devices Undermining Enterprise Security (Dark Reading, Jul 22 2020)
Individuals and business groups are connecting everything from Amazon Echo devices to data-sampling sensors on networks with sensitive systems with little regard to safety, two reports show.
Ripple20’s Effects Will Impact IoT Cybersecurity for Years to Come (Dark Reading, Jul 22 2020)
A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
The InfoSec Barrier to AI (Dark Reading, Jul 22 2020)
Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here’s why.
Threat highlight: Analysis of 5+ million unmanaged, IoT, and IoMT devices (Help Net Security, Jul 24 2020)
A new study incorporates analysis of anonymized data from more than 5 million unmanaged, IoT, and IoMT devices in Ordr customer deployments across a variety of verticals including healthcare, life sciences, retail and manufacturing, between June 2019 and June 2020.
Are newer medical IoT devices less secure than old ones? (Network World Security, Jul 27 2020)
Experts differ on whether older connected medical devices or newer ones are more to blame for making healthcare networks more vulnerable to cyberattack.
Argentine telecom company hit by major ransomware attack (WeLiveSecurity, Jul 21 2020)
Telecom Argentina says it has contained the attack and regained access to its systems without paying up
The Mobile App Testing Landscape (Cloud Security Alliance, Jul 20 2020)
Cloud computing accelerates the development and real-time use of applications, which drives personal productivity and business agility. However, with the proliferation of mobile apps and how it intertwines with both work and play, new security challenges arise which need to be addressed. This in turn, has led to a vibrant and growing mobile app testing market.
TikTok app would be banned on U.S. government devices under Senate bill (Reuters, Jul 23 2020)
U.S. federal employees would be barred from using Chinese-owned mobile video app TikTok on government-issued devices under a bill that passed a U.S. Senate Committee on Wednesday, as lawmakers feared the security of users’ personal data.
Chinese-made drone app in Google Play spooks security researchers (Ars Technica, Jul 24 2020)
DJI Go 4, installed more than 1 million times, can execute arbitrary code.
Fraudulent Photo App Operation Detected on Google Store (Infosecurity Magazine, Jul 23 2020)
Researchers expose malicious cyber-operation involving 29 fraudulent photo apps