A Review of the Best News of the Week on AI, IoT, & Mobile Security
Security Researchers Sound Alarm on Smart Doorbells (Dark Reading, Nov 23 2020)
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
Fake Minecraft mods installed on over one million Android devices (Graham Cluley, Nov 24 2020)
If you or your kids are fans of Minecraft then take care before installing apps that modify the immensely popular game. Security researchers say that they have discovered over 20 fake ‘modpack’ apps that are actually designed to bombard users with adverts in such an intrusive and aggressive fashion that using the phone becomes virtually impossible.
Apple to Press Ahead on Mobile Privacy, Despite Facebook Protests (SecurityWeek, Nov 20 2020)
Apple confirmed Thursday it would press ahead with mobile software changes that limit tracking for targeted advertising — a move that has prompted complaints from Facebook and others.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Could your vacuum be listening to you? (ScienceDaily, Nov 19 2020)
A team of researchers demonstrated that popular robotic household vacuum cleaners can be remotely hacked to act as microphones.
Organizations plan to use AI and ML to tackle unknown attacks faster (Help Net Security, Nov 22 2020)
Wipro published a report which provides fresh insights on how AI will be leveraged as part of defender stratagems as more organizations lock horns with sophisticated cyberattacks and become more resilient. Organizations need to tackle unknown attacks There has been an increase in R&D with 49% of the worldwide cybersecurity related patents filed in the last four years being focussed on AI and ML application.
This Database Is Finally Holding AI Accountable (VICE, Nov 23 2020)
The database documents everything from incidents with Alexa to robot stabbings.
How AI Can Make Cybersecurity Jobs Less Stressful and More Fulfilling (IBM Security Blog, Nov 22 2020)
When it comes to building a healthy SOC and more fulfilling jobs in cybersecurity, AI/ML should be deployed in ways that first improve analysts’ day-to-day work. It’s worth stressing the point: people are the most important element in cybersecurity, and moving to a modern SOC starts with making the job better for them.
Misinformation or artifact: A new way to think about machine learning (ScienceDaily, Nov 23 2020)
Machine learning has delivered amazing results, but there also have been failures, ranging from the harmless to potentially deadly. New work suggests that common assumptions about the cause behind these supposed malfunctions may be mistaken, information that is crucial for evaluating the reliability of these networks.
IoT Unravelled Part 1: It’s a Mess… But Then There’s Home Assistant (Troy Hunt, Nov 23 2020)
In my mind, the answer would be simple: “Just buy X, plug it in and you’re good to go”. Instead, I found myself heading down the rabbit hole into a world of soldering, custom firmware and community-driven home automation kits. Finally, a full 123 days later, I managed to open my garage door with an app:
IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering (Troy Hunt, Nov 24 2020)
In part 1, I deliberately kept everything really high level because frankly, I didn’t want to scare people off. I’m not ashamed to say that the process of getting even the basics working absolutely did my head in as I waded through a sea of unfamiliar technologies, protocols and acronyms.
IoT Cybersecurity Improvement Act Passes Senate (SecurityWeek, Nov 18 2020)
The IoT Cybersecurity Improvement Act, a bill that aims to improve the security of Internet of Things (IoT) devices, passed the Senate on Tuesday and is heading to the White House for the president’s signature.
How Industrial IoT Security Can Catch Up With OT/IT Convergence (Dark Reading, Nov 20 2020)
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
Researchers bring deep learning to IoT devices (Help Net Security, Nov 23 2020)
Deep learning is everywhere. This branch of artificial intelligence curates your social media and serves your Google search results. Soon, deep learning could also check your vitals or set your thermostat. MIT researchers have developed a system that could bring deep learning neural networks to new – and much smaller – places, like the tiny computer chips in wearable medical devices, household appliances, and the 250 billion other objects that constitute the IoT.
Palo Alto Launches 5G Security Service (IT Pro, Nov 18 2020)
Realizing the increase in use of 5G will only increase the number of cyberattacks, Palo Alto introduces a service that focuses on securing 5G networks and devices.
Google is testing end-to-end encryption in Android Messages (Ars Technica, Nov 19 2020)
End-to-end encryption is growing in popularity. Google is getting on board.
Go SMS Pro Messaging App Exposed Users’ Private Media Files (Dark Reading, Nov 19 2020)
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
5G Security Risk vs. Reward (SecurityWeek, Nov 19 2020)
To Reap the Benefits of 5G and Ensure Security, Organizations Must be Fully Educated and Willing to Work Alongside the Technology
Boom in Demand for Friendly Hackers as 5G Approaches (SecurityWeek, Nov 18 2020)
As the number of online devices surges and superfast 5G connections roll out, record numbers of companies are offering handsome rewards to ethical hackers who successfully attack their cybersecurity systems.
A Facebook Messenger Flaw Could Have Let Hackers Listen In (Wired, Nov 19 2020)
The vulnerability was found through the company’s bug bounty program, now in its tenth year.
TikTok Awards Nearly $4,000 for Account Takeover Vulnerabilities (SecurityWeek, Nov 23 2020)
Vulnerabilities Could Have Allowed Hackers to Change Passwords of TikTok Accounts