Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK’s Information Commissioner’s Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU’s General Data Protection Regulation through the incident. Marriott didn’t conduct “sufficient due diligence” when it bought Starwood, according to the regulator, and “should also have done more” to improve security.
Security experts aren’t done poking holes in LTE’s armor — not by a long shot. South Korean researchers have found 36 vulnerabilities in LTE that enable a range of attacks, some more sinister than others. They include temporary inconveniences like disconnecting someone from the cell network through to eavesdropping and controlling the data itself. The team found the abundance of exploits by using a custom “fuzzing” (feeding large chunks of random data to look for irregularities) tool.
Prisons across the United States are reportedly building biometric databases that include voice recordings of incarcerated people, according to The Intercept. The report cites contracting documents for the state of New York’s prison system, as well as statements from officials in Texas, Florida, Arkansas and Arizona confirming that prisons are actively using voice recognition technology that can extract and digitize voices to create unique and identifiable biometric signatures known as voice prints.
The TSA has been using CT scanners to screen airline passengers’ luggage since last year — early tests of the technology have been taking place in Phoenix’s Sky Harbor International Airport and Boston’s Logan International Airport. But now, the agency has shared its plans for CT technology going forward, including expansions into additional airports. American Airlines announced earlier this month that a CT scanner was being set up in New York’s JFK airport and the TSA says Baltimore-Washington International Airport, Chicago O’Hare International Airport, Los Angeles International Airport and Washington-Dulles International Airport are among those that will have CT scanners in the near future.
WiFi security is finally getting an upgrade after 14 years. The Wi-Fi Alliance has officially launched WPA3, the next-generation standard that promises to tackle many of the vulnerabilities that have persisted in wireless networking. Most notably, it brings individualized data encryption that should protect your data against eavesdropping from within the WiFi network. You’ll also get tougher password-based sign-ins through Simultaneous Authentication of Equals, a key establishment protocol that reduces the chances of someone guessing your password — even if it’s lousy.
It will still be a while before scientists are able to harness Superman-like laser vision, but the technology is now closer than ever before thanks to a new development from the University of St Andrews. The team there have created an ultra-thin membrane laser using organic semiconductors, which is for the first time compatible with the requirements for safe operation in the human eye. Even though the membrane is super thin and flexible, it’s durable, and will retain its optical properties even after several months spent attached to another object, such as a bank note or, more excitingly, a contact lens.
The past few days haven’t been great for the internet’s broader security. Iran’s Communication and Information Technology Ministry has reportedthat it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn’t yet received patches for exploits in the company’s legacy Smart Install protocol. The attackers displayed a US flag on at least some screens, complete with a “don’t mess with our elections” warning, but the attack wasn’t focused on Iran — only 3,500 switches fell to the exploit in the country. About 55,000 of the victim devices were in the US, IT Minister Mohammad Javad Azari Jahromi said, while 14,000 were in China. Other victims were located in Europe and India.