Cybersecurity in the Internet of Things is a game of incentives

#artificialintelligence

Cybersecurity was the virtual elephant in the showroom at this month's Consumer Electronics Show in Las Vegas. Attendees of the annual tech trade show, organized by the Consumer Technology Association, relished the opportunity to experience a future filled with delivery drones, autonomous vehicles, virtual and augmented reality and a plethora of "Internet of things" devices, including fridges, wearables, televisions, routers, speakers, washing machines and even robot home assistants. Given the proliferation of connected devices--already, there are estimated to be at least 6.4 billion--there remains the critical question of how to ensure their security. The cybersecurity challenge posed by the internet of things is unique. The scale of connected devices magnifies the consequences of insecurity.


Alternatives to Kaggle/Other sites for machine learning & competitions?

#artificialintelligence

On the other hand I noticed an increase in image processing competitions, where a decent graphic card/GPU-Power is required, and also a big increase in the data set size. This limits the participation possibility due to the need of a decent graphic card/GPU-Power and highspeed network. This means new investment in further compute ressources. Based on the current changes in the progression system, the privacy (activity tracker) and discussion I am wondering. Are there other sites for machine learning available?


Tech Advances Make It Easier to Assign Blame for Cyberattacks

WSJ.com: WSJD - Technology

"All you have to do is look at the attacks that have taken place recently--WannaCry, NotPetya and others--and see how quickly the industry and government is coming out and assigning responsibility to nation states such as North Korea, Russia and Iran," said Dmitri Alperovitch, chief technology officer at CrowdStrike Inc., a cybersecurity company that has investigated a number of state-sponsored hacks. The White House and other countries took roughly six months to blame North Korea and Russia for the WannaCry and NotPetya attacks, respectively, while it took about three years for U.S. authorities to indict a North Korean hacker for the 2014 attack against Sony . Forensic systems are gathering and analyzing vast amounts of data from digital databases and registries to glean clues about an attacker's infrastructure. These clues, which may include obfuscation techniques and domain names used for hacking, can add up to what amounts to a unique footprint, said Chris Bell, chief executive of Diskin Advanced Technologies, a startup that uses machine learning to attribute cyberattacks. Additionally, the increasing amount of data related to cyberattacks--including virus signatures, the time of day the attack took place, IP addresses and domain names--makes it easier for investigators to track organized hacking groups and draw conclusions about them.


Design Principals for Intelligent Environments

AAAI Conferences

This paper describes design criteria for creating highly embedded, interactive spaces that we call Intelligent Environments (IEs). The motivation for building IEs is bring computation into the real, physical world. The goal is to allow computers to participate in activities that have never previously involved computation and to allow people to interact with computational systems the way they would with other people: via gesture, voice, movement, and context. We describe an existing prototype space, known as the Intelligent Room, which is a research platform for exploring the design of intelligent environments. The Intelligent Room was created to experiment with different forms of natural, multimodai human-computer interaction (HCI) during what is traditionally considered noncomputational activity. It is equipped with numerous computer vision, speech and gesture recognition systems that connect it to what its inhabitants are doing and saying. Our primary concern here is how IEs should be designed and created. Intelligent environments, like traditional multimodal user interfaces, are integrations of methods and systems from a wide array of subdisciplines in the This material is based upon work supported by the Advanced Research Projects Agency of the Department of Defense under contract number F30602--94---C---0204, monitored through Rome Laboratory and Griffiss Air Force Base. Additional support was provided by the Mitsubishi Electronic Research Laboratories.


Smart 'unhackable' car alarms open the doors of 3 million vehicles to hackers

ZDNet

Calling a product "smart" and "unhackable' does not magically make it so, as two of the largest vendors of car alarms in the world have now found out. Viper -- known as Clifford in the United Kingdom -- and Pandora Car Alarm System, which cater for at least three million customers between them, recently became the topic of interest to researchers from Pen Test Partners. On Friday, the cybersecurity researchers published their findings into the true security posture of these so-called smart alarms and found them falling woefully short of the vendors' claims. Not only could compromising the smart alarms result in the vehicle type and owner's details to be stolen, but the car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobilizer to be hijacked. In some cases, cyberattacks could also result in the car engine being killed during use, which in a real-world scenario could result in serious injury or death. As shown in the video below, such bold assertions will only entice cybersecurity experts to prove you wrong. What makes the situation even worse is how easy it was for Pen Test Partners to refute these lofty statements. The discovery of simple, relatively straightforward vulnerabilities in the products' API, known as insecure direct object references (IDORs), permitted the researchers to tamper with vehicle parameters, reset user credentials, hijack accounts, and more. In Viper's case, a third-party company called CalAmp provides the back-end system. A security flaw in the'modify user' API parameter leads to improper validation, which in turn permits attackers to compromise user accounts. The research team found that the same bug could be used to compromise the vehicle's engine system. "Promotional videos from Pandora indicate this is possible too, though it doesn't appear to be working on our car," Pen Test Partners said. "The intention is to halt a stolen vehicle.