A Review of the Best News of the Week on AI, IoT, & Mobile Security

How Government AI Stole Hundreds of Millions of Dollars From Citizens (VICE, Sep 03 2020)
The Australian government really screwed people on this one. A major world government relies on a defective and cruel algorithm for debt collection, to extort money out of its most vulnerable citizens who were already on social assistance. Or to put it more succinctly: state-sponsored shakedowns via Artificial Intelligence, that ends up being so flawed it results in the country taking hundreds of millions of dollars from its own people.

Microsoft builds deepfakes detection tool to combat election disinformation (Help Net Security, Sep 02 2020)
Microsoft has developed a deepfakes detection tool to help news publishers and political campaigns, as well as technology to help content creators “mark” their images and videos in a way that will show if the content has been manipulated post-creation.

CEOs Could Face Jail Time for IoT Attacks by 2024 (Infosecurity Magazine, Sep 02 2020)
Gartner warns of personal liability for cyber-physical systems

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hacking AI-Graded Tests (Schneier on Security, Sep 04 2020)
The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis….

A robot wrote this entire article. Are you scared yet, human? (The Guardian, Sep 08 2020)
A robot wrote this entire article. Are you scared yet, human?  The Guardian

These ‘Conscious’ Masks Use AI to Send Secret Messages By Blinking (VICE, Sep 03 2020)
Inspired by traditional Iranian masks, the wearable technology communicates in Morse code, silently transmitting messages to subvert the patriarchy.

Most IoT Hardware Dangerously Easy to Crack (Dark Reading, Sep 02 2020)
Manufacturers need to invest more effort into protecting root-level access to connected devices, security researcher says.

Australia Introduces Code of Practice for the Manufacture of IoT Devices (Infosecurity Magazine, Sep 04 2020)
Voluntary code aims to help raise consumer confidence in IoT technology

Private, unlicensed 5G mobile network adoption may intensify NetOps and SecOps challenges (Help Net Security, Sep 03 2020)
While 5G sometimes seems like the panacea for just about everything, it will likely intensify the already common friction between NetOps and SecOps teams that will take part in deployments and operations of the 5G mobile network. Besides faster speeds, lower latency, greater coverage and ultra-reliable mobile services across new radio spectrums, 5G brings tectonic changes in mobile architecture and enables totally novel applications with highly complex requirements.

Recommendations to enhance subscriber privacy in 5G (Help Net Security, Sep 03 2020)
There are clear benefits of 5G SIM capabilities to protect the most prominent personal data involved in mobile communications, according to the Trusted Connectivity Alliance. Addressing privacy risks The IMSI, known as a Subscription Permanent Identifier (SUPI) in 5G, is the unique identifier allocated to an individual SIM by an MNO.

Apple Delays Change Likely to Stymie Mobile Ad Targeting (SecurityWeek, Sep 03 2020)
Apple said on Thursday it would give developers until next year to comply with a software change expected to stymie targeted advertising in iPhone and iPad apps.

Popular Android apps are rife with cryptographic vulnerabilities (Help Net Security, Sep 08 2020)
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities. They also used it to test 1780 popular Android apps from the Google Play Store, and the results were abysmal: All apps break at least one of the 26 crypto rules 1775 apps use an unsafe pseudorandom number generator (PRNG) 1,764 apps use a broken hash function (SHA1, MD2, MD5, etc.) 1,076 apps use the …

Verizon engineers work to secure the 5G network (“”artificial intelligence” cybersecurity” – Google News, Sep 04 2020)
Storing data “fingerprints” in the blockchain and an artificial intelligence security framework are two projects the carrier is focused on.