Posted in Tech News

VW investing $800M in Tennessee factory to make next-generation electric vehicles

Volkswagen will spend $800 million to expand a U.S. factory that will produce the automaker’s next generation of electric vehicles.
The factory in Chattanooga, Tenn. will be the company’s North American base for manufacturing electric vehicles, VW CEO Dr. Herbert Diess said during a presentation at the Detroit Auto Show on Monday. The expansion is expected to create 1,000 jobs at the plant.
VW’s Chattanooga expansion is just a piece of the automaker’s broader plan to move away from diesel in the wake of the emissions cheating scandal that erupted in 2015. Globally, VW Group plans to commit almost $50 billion through 2023 toward the development and production of electric vehicles and digital services. The Volkswagen brand (so not including its Audi or Porsche brands) alone has forecasted selling 150,000 EVs by 2020 worldwide, increasing that number to 1 million by 2025.
The company is also building a European facility in Zwickau, Germany, set to begin EV production in 2019 and adding EV-production at facilities in Anting and Foshan, in China, in 2020, and in the German cities of Emden and Hanover by 2022.
The Tennessee factory (along with the other new facilities) will produce EVs using Volkswagen’s modular electric toolkit chassis, or MEB, introduced by the company in 2016. The MEB is a flexible modular system — really a matrix of common parts — for producing electric vehicles that VW says make it more efficient and cost-effective.
Electric vehicle production at the Tennessee site will begin in 2022. However, Volkswagen of America says it will offer the first EV based on the MEB platform to customers in 2020.
This EV will be a series-production version of the I.D. CROZZ SUV concept that was first shown at the North American International Auto Show last year. This vehicle will have the interior space of a midsize SUV in the footprint of a compact SUV. Volkswagen of America will also offer a multi-purpose EV based off the I.D. BUZZ concept.
Volkswagen builds the midsize Atlas SUV and the Passat sedan at the Chattanooga factory, which opened in 2011. A five-seat version of the Atlas, the Atlas Cross Sport, is slated to begin production in Chattanooga later this year.
“Volkswagen is continuing to invest in the U.S. to broaden its manufacturing and R&D footprint,” Diess said. “Projects like the electric car production announced today and changes in our sourcing decisions are in line with the current direction of trade policy including the USMCA.”

Continue Reading...
Posted in Tech News

Facebook adds the option to share events to Stories, message friends ‘interested’ in going

Facebook wants to make it easier for users to share events and coordinate with friends before an event starts. The company this morning said it will test a new feature that lets users share to their Story those events they’re interested in attending, then make plans to meet up with friends who also plan to attend.
The test will involve a new option to “Share to Your Story” that appears when you visit an event’s page on Facebook. If shared, friends will see a tappable sticker within your Story that includes the event details and lets friends respond that they’re also “interested” right from the Story itself.
Friends also can tap on the sticker in the Story to visit the event page.
In addition, the new feature will offer a list of friends who plan to attend the event, so you can easily create a group chat with those users.
While the feature is available to all in the test markets, it seems particularly targeted toward younger users.
It arrives at a time when Facebook has been losing its younger users at an even faster pace than previously expected. According to a 2018 report from eMarketer, for instance, last year was the first time when less than half of U.S. internet users ages 12 to 17 would use Facebook at least once a month.
Instead, Facebook’s monthly user growth was coming from older demographics, the report said. It predicted Facebook would lose 2 million users age 24 and younger during the year.
Those users would be migrating to other social networks, including Instagram and Snapchat.
A separate report from Pew Research Center released in fall 2018 confirmed this trend, saying that 44 percent of younger users (ages 18 to 29) had deleted the Facebook app from their phone over the past year.
Meanwhile, the younger demographic has begun to organize events on Instagram, a report from The Atlantic recently noted.
Teens are creating private Instagram accounts for their events. The account will include the date and handles of the organizers, in some cases. If the account follows you, it’s your invite. If you send a follow request and are approved, you’re also invited.
Of course, Instagram wasn’t designed for events the way that Facebook is, but it can be popular because the party account can remain private and anonymous — helpful for staying under the radar of snooping parents, for instance.
With the Stories feature, the company now hopes that a different way to share and track events on Facebook itself will offer a similar ability to rally friends that appeals to younger users.
To use the new feature, you’ll go to the Events page, click “Share” below the date and time of the event, then tap “Share to Story.” Friends tap “interested” to say they may attend, and you’ll be able to see these responses. To kick off the group chat, tap on the circle next to the friends in the list.
The test is rolling out now to users in the U.S., Mexico and Brazil, Facebook says.

Continue Reading...
Posted in Tech News

Geoengineering could solve our climate problems if anyone allowed it

This weekend, I finished reading Oliver Morton’s The Planet Remade (thanks to reader Eliot Peper for recommending it). Morton has a multitude of goals with the book, but there were two I think are deeply valuable. First, geoengineering is a plausible approach to solving our climate problems this century, and second, engineering the climate generates tough policy challenges, but also opportunities to make the planet more equitable.
TechCrunch is experimenting with new content forms. This is a rough draft of something new — provide your feedback directly to the author (Danny at if you like or hate something here.
First and foremost: the book is mind-expanding in the best way possible. Morton confronts an extremely contentious issue with judicious facts and supreme insight gleaned over many years of studying geoengineering. Whether you are a dedicated acolyte of cloud seeding and veils or a committed opponent to any tampering of earth’s environment, he has developed a book that forces us to think about our actions and ultimately what the consequences of those choices are.
Frankly, those choices offer stark consequences. Morton describes the challenge of climate this century:
The world’s population is expected to grow from seven billion today to more or less ten billion by 2100. By that time the number of people enjoying rich-world energy privileges should also reach ten billion. So the challenge is to achieve for an extra eight billion people in the twenty-first century what was achieved for two billion in the twentieth century. Meeting that challenge implies a lot more energy usage.
Morton is a staunch environmentalist and deeply concerned about environmental justice and the inequities of the planet. But he is also a “climate realist” — he understands that our current solutions to climate change are not really solutions at all, since they either lack the scale required to solve the problem, or will continue to exacerbate existing inequities between different people of this planet.
For example, take emissions-free nuclear power, which is brought up as a panacea to our fossil fuel-driven economy. Morton writes:
If the world had the capacity to deliver one of the largest nuclear power plants ever built once a week, week in and week out, it would take 20 years to replace the current stock of coal-fired plants (at present, the world builds about three or four nuclear power plants a year, and retires old ones almost as quickly).
Sure, nuclear power plants are a literal solution, but most definitely not a pragmatic one since the scale required is just not there.
He also spends significant time deconstructing recent climate negotiations, finding that the focus on carbon has been something of a red herring (many other emissions are far worse than carbon and less directly connected to the modern industrial economy). Instead, they have been driven by the alignment of different environmentally-concerned parties:
Carbon dioxide suited scientists because it seemed like a straightforward measure of the problem. It suited greens because it was a pretty good proxy for the industrial society against which their movement was a reaction. The international negotiations that set up the UNFCCC showed that it suited developing countries because it was primarily a developed-country issue; at the time of Rio, the vast majority of all the industrial emissions since the the eighteenth century had come from Europe and America.
Carbon is of course a problem, but it has become a tagline, a brand, a cri de coeur of the international climate movement. Yet the challenges facing the planet are so much deeper than just carbon.
To avoid that narrow focus, Morton argues for a complete reframing of the climate debate toward solutions that can actually repair the climate, and even improve it for diverse populations around the world.
Now, the term “geoengineering” brings with it a bag of Hollywood-induced imagery of nuclear winters and globe-spanning hurricanes. Morton addresses those risks across his chapters, noting that geoengineering can indeed go wrong.
Even so, he convincingly argues that there are geoengineering techniques designed around key climate processes that can be high leverage, reversible, testable, and that have the scale required to actually solve climate challenges in a sustainable way. These processes aren’t speculation — we (mostly) understand the science today, and have pathways toward the technology required to execute a strategy.
The real challenge — as it always is — are humans and their governments. Morton notes that climate change has a huge deleterious impact on nations such as Maldives, but that it can also benefit certain regions by transitioning them from colder to more temperate climates.
That means that any geoengineering solution is going to face the prospect of creating winners and losers. Any international agreement is going to have to contend with those politics, and design mechanisms to ameliorate their effects.
Much as Morton calls for a planet remade, he sees an opportunity for geoengineering to trigger reflection among governments on their own interests:
Much better, rather than treating geoengineering as a technocratic way of avoiding politics, to use it as a way of reinventing politics. Exploring the potential of geoengineering could spur and shape the development of a new way of making planetary decisions. The aim should not be the development of a thermostat alone; it should be the development of a new hand to use it.
Environmentalists may balk at the idea of allowing humans to have their hands on any part of the earth system. But we are here, all seven billion of us, and we already have our brutal hands on the system. The question is whether we can start to use our hands in a far more productive way that can make the earth sustainable for centuries to come. As Morton notes, “The planet has been remade, is being remade, will be remade.” Geoengineering technologies offer solutions, if we can agree in how to use them.
Share your feedback on your startup’s attorney
My colleague Eric Eldon and I are reaching out to startup founders and execs about their experiences with their attorneys. Our goal is to identify the leading lights of the industry and help spark discussions around best practices. If you have an attorney you thought did a fantastic job for your startup, let us know using this short Google Forms survey and also spread the word. We will share the results and more in the coming weeks.
Stray Thoughts (aka, what I am reading)
Short summaries and analysis of important news stories
Why Gutenberg can still recognize the book
Craig Mod wrote a compelling piece in Wired on the future of the book, and why today’s books essentially look the same as when the printing press was first invented. Despite the prognosticators expecting books to have moving pictures, interactivity, and dynamic narratives, almost nothing in that direction has actually occurred as readers continue to enjoy the traditional format. Instead, where the real innovation has taken place is on the business side, where new models from crowdfunding to email subscriptions have transformed the economics of book publishing.
Automattic’s Newspack to drive revenue for smaller publishers
While content management systems have been around for decades, almost none of these systems are designed to create revenues for their users out of the box. WordPress doesn’t have any subscription features or advertising networks built-in, which means that sites that want to make money have to spend a lot of dollars just to get setup and started.
So the announcement this morning that Automattic, the owner of, is going to offer a new platform combining content management with revenue called Newspack is both interesting and definitely needed. It’s a proper extension of their existing platform, and a reminder for product managers that the sustainability of their customers is critical for long-term success.
Huawei sales executive arrested in Poland
We have been following Huawei’s travails in the West for some time. One major point of contention is whether the company spies on behalf of the Chinese government. Western governments have argued that it does, but as China has repeatedly noted, they have never provided any proof.
On Friday in Poland, a Huawei executive was arrested for alleged espionage, which could provide the first public evidence of collusion between Huawei and Beijing. The company subsequently fired the executive and claimed that his actions were unrelated to the company. Poland has since called on NATO countries to remove Huawei equipment from their telecommunications infrastructure. Huawei equipment is widely installed in Europe and European governments have so far evaded calls by the U.S. to boycott the company. As the largest telecom equipment manufacturer in the world, Huawei’s response could have vast repercussions for the deployment of 5G networks.
PG&E – oh boy
Silicon Valley’s (and much of California’s) gas and electric utility is going bankrupt following massive liability claims against the utility due to its equipment sparking wildfires over the past few years. California may lead the world in innovation, but it seems to always be on the precipice of disaster when it comes to infrastructure.
What’s next & obsessions

I am reading The Color of Law by Richard Rothstein
Arman and I are interested in societal resilience startups that are targeting areas like water security, housing, infrastructure, climate change, disaster response, etc. Reach out if you have ideas or companies here.

Continue Reading...
Posted in Tech News

Rumor suggests Apple’s AirPower mat has finally gone into production

In 2017, Apple announced the Qi-compatible AirPower Mat, a device that would charge multiple devices at once simply by placing them on the mat.
That product has been seriously delayed due to reported interference and overheating issues, with a whole year going by without hearing much about the availability of the product. In fact, Apple’s total silence on the matter led some to believe it may have been canceled altogether.
Today, however, a new rumor has breathed life back into hopes for an AirPower Mat.
Hong Kong website ChargerLAB tweeted that a credible source in the supply chain said Luxshare Precision (the same manufacturer that builds AirPods and USB-C cables) has started production on the AirPower charging pad.

Breaking: AirPower is finally coming. We just learned from credible source in supply chain that the manufacture Luxshare Precision has already started producing Apple AirPower wireless charging pad. Luxshare Precision is also the maker of Apple AirPods and USB-C cables.
— ChargerLAB (@chargerlab) January 12, 2019

MacRumors took a look at the tweet and used Google Translate to translate the WeChat screenshot included in the tweet, saying that the conversation is consistent with the information in the tweet.
ChargerLAB went on to tweet that another manufacturer, Pegatron, would start production on January 21st alongside Luxshare Precision. A report from June said that Pegatron would also be involved in manufacturing, so these tweets at least line up with what we’ve already heard.
Respected Apple analyst Ming-Chi Kuo said in October that the AirPower Mat could be released in first quarter 2019.
That said, this is just a rumor being passed along the Twitter grapevine for now.

Continue Reading...
Posted in Tech News

This Brooklyn man makes massive robotic costumes out of junk

One Man’s Trash from We Are Films on Vimeo.
Peter Kokis makes robots. Or more correctly, he turns into robots. This Brooklyn artists takes parts from different things — slicers, juicers and the like — and sticks them together to make some amazing costumes. He then wanders the streets of Brooklyn looking like an escaped Transformer.
His studio site, Brooklyn RobotWorks, features many of his creations, including an alien-looking robot and an exosuit that looks like something out of Gears of War.
“I look at the shape of objects and see their potential to portray something,” he wrote. “Virtually everything can be changed to suit my needs: re-shaped, cut-down, painted…altered in my ‘foundry’, to be seen as something else.”
This cute video shows Kokis’ foundry — actually his kitchen table — up close and explores the dedication of an artist who likes to make cool stuff to make people happy — a mission that applies to us all.

Continue Reading...
Posted in Tech News

Spotify and India’s T-Series ink a global content deal for over 160,000 songs

Ahead of Spotify’s entry into the Indian market, the streaming service this morning announced a global content deal with a leading Indian film and music company, T-Series, which gives it access to T-Series’ entire Indian song catalog. This includes Bollywood and regional movie soundtracks, plus other non-film albums and emerging artist content, the company says.
In total the catalog boasts more than 160,000 songs, and is available to Spotify listeners as of today.
The deal has been rumored to be in the works for some time, as Spotify has been negotiating with top Indian labels like T-Series as well as Times Music, Eros Music and Zee Music to expand its catalog of local content before a launch in India.
In November, T-Series managing director Bhushan Kumar confirmed a deal with Spotify was in its final stages.
“We are bullish about India’s most popular music company tying up with the world’s most popular music streaming service,” Kumar said today, in a statement. “We are confident that together we will be able to reach new markets and spread the love for Indian music far and wide.”
Deals with labels aren’t the only way Spotify is prepping for its Indian debut. This past summer, it launched an Indian music hub on its service called Desi, which now counts more than 930,000 followers and includes its own playlist, Desi Hits.
The Indian market won’t be simple for Spotify to win, as it will go up against local players, including Gaana, which has more than 80 million users, in addition to Saavn, Wynk and global music services provided by Apple, Amazon and Google.
But gaining a foothold is key to Spotify’s continued international growth, due to the market’s sheer size.
Spotify has grown to more than 200 million monthly users worldwide ahead of its launch in India, but is not profitable. (Except for that brief moment it had, thanks to a tax benefit.)
Despite not yet operating in India, Spotify says more than 4 million users are now regularly listening to Indian music on the service. There also are an estimated 30 million Indians living overseas, including in markets where Spotify operates, like the U.S., Mexico, Brazil, the U.K, and Germany, says Spotify.
The company is expected to launch in India in the first half of 2019, and that time frame hasn’t changed, we understand.
“One of the ways Spotify has helped revolutionise music discovery is through its ability to connect millions of fans with the best music and artists from all over the world in a way that just wasn’t possible before streaming,” said Paul Smith, director, Head of International Licensing at Spotify, in a statement. “Today’s deal with T-Series significantly strengthens our Indian music catalogue, bringing Bollywood to more than 200 million Spotify users worldwide. Having T-Series on Spotify is hugely significant and shows our commitment towards providing the very best music for our users,” he added.

Continue Reading...
Posted in Tech News

Open Bionics closes $5.9M Series A for its affordable and cool bionic limbs

The world wowed a few years ago when a very clever startup from Bristol, U.K., came up with 3D-printed bionic limbs for amputees. Uniquely, the limbs were lightweight, cheap to make and could even be made into Iron Man-style arms to enthuse amputee children.
They went on to sign a deal with the huge U.K. National Health Service to bring new technologies to amputees, announced at a TechCrunch Crunch Disrupt.
Today, Open Bionics has successfully raised $5.9 million from investors, including F1’s Williams Advanced Engineering Group.
Their Series A round was led by Foresight Williams Technology EIS Fund, joined by Ananda Impact Ventures and Downing Ventures, which continued to support the company with follow-on funding from their seed round.
The funding marks another success for the Bristol Robotics Lab, arguably the largest in the world, which plays host to other robotics startups such as Reach Robotics, which closed $7.5 million Series A for its augmented reality bots last year.
Open Bionics says it has achieved a price point that means their multi-grip bionic hand is the only advanced device that’s affordable enough to be covered by national healthcare systems in major western markets such as the U.K., France, Germany and the U.S.
The company launched private sales in May 2018 with its “Hero Arm”, which is now the best-selling multi-grip bionic hand in the U.K. and also is selling in France and Spain, with goals to serve more European countries this year. The bionic hands are small enough to fit children as young as nine years old.
The Hero Arm allows amputees to choose between different finger speeds and movements, enabling the wearer to pick up small objects like marbles with a fine pinch or carry shopping baskets with a full-hand grasp.

Samantha Payne and Joel Gibbard, named by The Europas startup awards as the “hottest founders” in Europe, founded the “tech for good” company in 2014.
Payne, co-founder and COO said: “This funding enables us to serve multiple international markets and we’re thrilled to finally be able to deliver bionic hands to amputees and people with limb differences in the USA later this year. We’re exceptionally excited to receive this support from such high calibre investors who not only offer financial backing but incredible experience in commercialisation, measuring impact, and engineering high-performance hardware.”
Gibbard, co-founder and CEO said: “This investment provides crucial capital to help Open Bionics deliver on its vision of making advanced prostheses available to a much wider audience of limb-different users. We look forward to offering the Hero Arm in multiple international markets and continuing the development of great products that solve challenges within mobility and independence.”
Last year Open Bionics received support from Luke Skywalker himself, Mark Hamill, and the Dalai Lama.
Matthew Burke, head of Technology Ventures, Williams Advanced Engineering, said: “Williams Advanced Engineering is excited to work with the team at Open Bionics and share our expertise in product development systems. Alongside the Fund’s investment, Open Bionics will benefit from the engineering and technology experience at Williams and the investment management and growth experience of Foresight’s team of investment professionals. Together this aims to be an ideal combination to deliver for the sector, its customers and the wider U.K. economy.”
Johannes Weber, founder of Ananda Impact Ventures said: “I have been in Kosovo as a NATO soldier in 1999 and during my deployment had to deal with many cases of limb differences. Since then I have always wanted to become more active in the field. At Ananda we are really excited to be supporting Open Bionics and seeing its products changing society’s perceptions around limb difference and drastically changing users’ self image.”

Continue Reading...
Posted in Tech News

Ford is making a hybrid Explorer SUV

Ford is adding a hybrid Explorer to the mix, the first time the popular SUV has been offered with any kind of electrification.
The automaker unveiled Monday the Explorer hybrid, as well as a new Explorer ST, at the North American International Auto Show in Detroit. The reveal followed the debut last week of the 2020 Explorer, a re-crafted model that has a new platform and is loaded with technology. The final assembly for the entire Explorer lineup will be at the Ford Chicago Assembly plant. The Explorer hybrid will be manufactured at the Lima engine plant in Ohio.
The new Explorer hybrid, which will hit dealerships in summer, features a 3.3-liter hybrid powertrain that Ford projects will produce 318 horsepower combined. The company said it’s targeting a range of more than 500 miles between gas station fill-ups in the rear-wheel-drive model.
The hybrid SUV has a new 10-speed modular hybrid transmission and liquid-cooled, lithium-ion battery built into the Explorer chassis below the second-row seats. This new configuration preserves cargo and passenger space, unlike previous hybrid vehicles, Ford said.
“Lost cargo space in hybrids is a thing of the past for Ford customers,” said Bill Gubing, Explorer chief engineer.
Ford’s unveiling follows a strategic roadmap developed last year that will place an emphasis on SUVs and hybrids. Or hybrid SUVs.
Ford estimated in March that SUVs could represent half of the U.S. retail market by 2020. The company said at the time that it planned to bring high-performance SUVs to the market, including five with hybrid powertrains and one fully battery electric model.

Continue Reading...
Posted in Tech News

Some of the biggest web hosting sites were vulnerable to simple account takeover hacks

A security researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet.
In some cases, clicking on a simple link would have been enough for Paulos Yibelo, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers — Bluehost, DreamHost, Hostgator, OVH and iPage.
“All five had at least one serious vulnerability allowing a user account hijack,” he told TechCrunch, with which he shared his findings before going public.
The results of his vulnerability testing likely wouldn’t fill customers with much confidence. The bugs, now fixed — according to Yibelo’s writeup — represent cases of aging infrastructure, complicated and sprawling web-based back-end systems and companies each with a massive user base — with the potential to go easily wrong.
In all, the bugs could have been used to target any number of the collective two million domains under Endurance-owned Bluehost, Hostgator and iPage, DreamHost’s one million domains and OVH’s four million domains — totaling some seven million domains.
Most of Yibelo’s attacks were simple enough, but effective if combined with a targeted spearphishing campaign that targeted high-profile users. With domain registration data available for most large clients on registrar WHOIS databases, most of the attacks would have relied on sending the domain owner a malicious link by email and hoping that they click.
In the case of Bluehost, Yibelo embedded malicious JavaScript on a page full of kittens or puppies, or anything he wants. As soon as a logged-in Bluehost user clicks on a link from an email or a tweet to that page, the hidden JavaScript will activate on the page and inject the attacker’s own profile information into the victim’s account — assuming that the user is already logged in to Bluehost — by exploiting a cross-site request forgery (CSRF) flaw. That allows the attacker to modify data on the server from his malicious site, while the victim is none the wiser. By injecting their own information — including email address — the attacker can request a new password to that attacker’s email address and take over the account.

A demo of a simple hack, involving a one-click link that lets an attacker break in and take over a user’s account. (Paulos Yibelo/YouTube)
Yibelo also found that the attack could work in the form of a cross-site scripting (XSS) attack. He demonstrated how a single click on a malicious link could instantly swap out a DreamHost account owner’s email address for one that an attacker uses, allowing Yibelo — or an attacker — to send a password reset code to be sent to the email of the attacker, permitting an account takeover.
Hostgator, meanwhile, suffered from several vulnerabilities, including a similar CSRF flaw that tricked countermeasures to prevent a cross-site script from running, which allowed him to add, edit or modify any data in the victim’s profile, such as an email address that could be used to reset the user’s password.
Yibelo also found several other lesser-likely but still serious flaws, allowing man-in-the-middle attacks on a local network — such as a public Wi-Fi hotspot.
OVH, meanwhile, had a similar flaw that allowed Yibelo to bypass its CSRF protections that allow him to add, change or edit user profile data. By using another vulnerability in its API, it could’ve allowed an attacker to fetch and read responses from OVH.
iPage had a similar one-click flaw that could be easily exploited because the web host doesn’t require an old or current password when resetting the account’s login details. That made it possible for an attacker to craft a malicious web address which, when clicked, would reset the password to one of the attacker’s choosing — allowing them to log in as that user.
Most of the web hosting companies also fixed other information and data-leaking flaws, also discovered by Yibelo.
All of the companies except OVH — which didn’t respond to a request for comment sent prior to publication — confirmed that the bugs were fixed.
Kristen Andrews, a spokesperson for Endurance, a web hosting company that owns Bluehost, Hostgator and iPage, said the company has “taken steps to address and patch the potential vulnerabilities in question,” but, when asked, did not say if the bugs had been exploited or if customer accounts or data had been compromised.
DreamHost, meanwhile, said it fixed the bugs “less than 48 hours later,” according to spokesperson Brett Dunst, and found no evidence to suggest anyone exploited the bug outside Yibelo’s testing.
“After a thorough review of our system access logs we can confirm that no customer accounts were affected and no customer data was compromised,” he said. “The exploit would have required a logged-in DreamHost user to click a specially formatted malicious link to alter their own account’s contact information.”
It’s remarkable to think that of all the ways to break into a website, it often — as Yibelo showed — isn’t through any convoluted attack or busting firewalls. It’s simply through the front door of the site’s host, requiring little effort for the average hacker.

Cybersecurity 101: Five simple security guides for protecting your privacy

Continue Reading...
Posted in Tech News

Schneider’s EVLink car charging stations were easily hackable, thanks to a hardcoded password

Schneider has fixed three vulnerabilities in one of its popular electric car charging stations, which security researchers said could have easily allowed an attacker to remotely take over the unit.
At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a “denial-of-service state,” an attack favored by some threat actors as it’s an effective way of forcing something to stop working.
The bugs were fixed with a software update that rolled out on September 2, shortly after the bugs were first disclosed, and limited details of the bugs were revealed in a supporting document on December 20. A fuller picture of the vulnerabilities, found by New York-based security firm Positive Technologies, were released today — almost a month later.
Schneider’s EVLink charging stations come in all shapes and sizes — some for the garage wall and some at gas stations. It’s the charging stations at offices, hotels, shopping malls and parking garages that are vulnerable, said Positive.
At the center of Positive’s disclosure is Schneider’s EVLink Parking electric charging stations, one of several charging products that Schneider sells, and primarily marketed to apartment complexes, private parking area, offices and municipalities. These charging stations are, like others, designed for all-electric and plug-in hybrid electric vehicles — including Teslas, which have their own proprietary connector.
Because the EVLink Parking station can be connected to Schneider’s cloud with internet connectivity, either over a cell or a broadband connection, Positive said that the web-based user interface on the charging unit can be remotely accessed by anyone and easily send commands to the charging station — even while it’s in use.
“A hacker can stop the charging process, switch the device to the reservation mode, which would render it inaccessible to any customer until reservation mode is turned off, and even unlock the cable during the charging by manipulating the socket locking hatch, meaning attackers could walk away with the cable,” said Positive.
“For electric car drivers, this means not being able to use their vehicles since they cannot be charged,” it said. The company also said that it’s also possible to charge a car for free by exploiting these vulnerabilities.
Positive didn’t say what the since-removed password was. We asked for it — out of sheer curiosity more than anything — but the company isn’t releasing the password to prevent anyone exploiting the bug in unpatched systems.
The researchers, Vladimir Kononovich and Vyacheslav Moskvin, also found two other bugs that gives an attacker full access over a device — a code injection flaw and a SQL injection vulnerability. Both were fixed in the same software update.
When reached, a Schneider spokesperson did not immediately have comment. If that changes, we’ll update.
Additional reporting: Kirsten Korosec.
Updated at 12:15pm ET: with additional details, including about the unreleased password.

Cybersecurity 101: Five simple security guides for protecting your privacy

Continue Reading...
Posted in Tech News

Salesforce Commerce Cloud updates keep us shopping with AI-fueled APIs

As people increasingly use their mobile phones and other devices to shop, it has become imperative for vendors to improve the shopping experience, making it as simple as possible, given the small footprint. One way to do that is using artificial intelligence. Today, Salesforce announced some AI-enhanced APIs designed to keep us engaged as shoppers.
For starters, the company wants to keep you shopping. That means providing an intelligent recommendation engine. If you searched for a particular jacket, you might like these similar styles, or this scarf and gloves. That’s fairly basic as shopping experiences go, but Salesforce didn’t stop there. It’s letting developers embed this ability to recommend products in any app, whether that’s maps, social or mobile.
That means shopping recommendations could pop up anywhere developers think it makes sense, like on your maps app. Whether consumers see this as a positive thing, Salesforce says when you add intelligence to the shopping experience, it increases sales anywhere from 7-16 percent, so however you feel about it, it seems to be working.
The company also wants to make it simple to shop. Instead of entering a multi-faceted search, as has been the traditional way of shopping in the past — footwear, men’s, sneakers, red — you can take a picture of a sneaker (or anything you like) and the visual search algorithm should recognize it and make recommendations based on that picture. It reduces data entry for users, which is typically a pain on the mobile device, even if it has been simplified by checkboxes.
Salesforce has also made inventory availability as a service, allowing shoppers to know exactly where the item they want is available in the world. If they want to pick up in-store that day, it shows where the store is on a map and could even embed that into your ridesharing app to indicate exactly where you want to go. The idea is to create this seamless experience between consumer desire and purchase.
Finally, Salesforce has added some goodies to make developers happy, too, including the ability to browse the Salesforce API library and find the ones that make the most sense for what they are creating. This includes code snippets to get started. It may not seem like a big deal, but as companies the size of Salesforce increase their API capabilities (especially with the MuleSoft acquisition), it’s harder to know what’s available. The company has also created a sandboxing capability to let developers experiment and build capabilities with these APIs in a safe way.
The basis of Commerce Cloud is Demandware, the company Salesforce acquired two years ago for $2.8 billion. Salesforce’s intelligence platform is called Einstein. In spite of its attempt to personify the technology, it’s really about bringing artificial intelligence across the Salesforce platform of products, as it has with today’s API announcements.

Salesforce buys Demandware for $2.8B, taking a big step into e-commerce

Continue Reading...
Posted in Tech News

Wiliot nabs $30M from Amazon, Avery Dennison, Samsung for a chip that runs on power from ambient radio frequencies

As we continue the quest for better and more efficient sources of energy to link up our connected world, companies that are developing new power solutions are attracting attention.
Today, a startup called Wiliot, which makes semiconductors that harness ambient nanowatts of electromagnetic energy from cellular, WiFi and Bluetooth networks to work without batteries or other traditional wired power sources, announced that it has closed a $30 million round of funding.
The backers are a notable mix of strategic and financial names: they include Amazon, Avery Dennison, Samsung and previous investors Norwest Venture Partners, 83North Venture Capital, Grove Venture Partners, Qualcomm Ventures, and M Ventures. Another “retail giant” is also involved in this round but the name is not being disclosed.
Sources close to the company tell me the valuation of it is $120 million post-money. It has raised $50 million to date.
Co-headquartered in San Diego and Israel, it’s important to note that the startup has yet to manufacture or commercialise its chips, which are being publicly unveiled for the first time today.
(I’ve seen a demo of them, and they definitely appear to work: Wiliot chips pasted to small pieces of paper, and supported by clothes pins arranged on a desk but linked up no way to anything else, were hooked up to small buttons and other items. When you press a button, for example, the chip transmits that information to the cloud, where you can in turn see the activity on a dashboard.)
The plan, according to co-founder and CEO Tal Tamir, will be to use this latest Series B funding to work on that next stage of the business: figuring out how to produce its chips at scale and at a competitive price point versus other solutions like RFID tags, as well as secure its first customers.
There are potentially a number of applications where you might imagine a battery-free chip and sensor — today the Wiliot chip can measure temperature, location, air pressure, and can transmit data back to the cloud — could come in handy, such as in manufacturing, logistics, and tagging and providing data about anything that isn’t inherently an electronic device, expanding the universe of what can be covered in an internet-of-things network.
But Steve Statler, Wiliot’s SVP of marketing and business development, said that likely first customers will be in the apparel industry, where the startup’s chips could be embedded on the care labels both to help track items of clothes from manufacture to sale, and subsequently to provide services to the people who buy those items.
“That can cover anything from washing instructions to helping provide wardrobing recommendations,” he noted. That will, of course, depend on whether the customer opts in for such assistance and/or doesn’t cut the label off the clothes.
Wiliot’s chip has yet to roll out commercially, but the company is banking on its investors to help it get there.
Avery Dennison is one of the world’s biggest label makers and producers of RFID tags; Samsung (and Qualcomm) have a huge presence in the global semiconductor market; and Amazon is apparently most interested by way of its cloud services business AWS — the Wiliot chip architecture hinges on most of the computing happening in the cloud — but don’t forget that Amazon has also been making some interesting moves into apparel and AI-based fashion assistance itself.
“We think that at some point in future every item will have its own identity,” said Francisco Melo, VP & GM, Global RFID, in an interview, who points out that Wiliot’s primary way of transmitting information out — by way of Bluetooth — makes the information “readable” by the most basic of devices these days, the smartphone. “How do we take that digital identity to help consumers at the end of line to know what they should or could do with a product? There are a number of use cases that you can think of and trigger with Bluetooth that you couldn’t do with RFID.”
Another boost to the company is the track record of its founders. Tamir and co-founders Yaron Elboim and Alon Yehevkely, as well as others on the founding team of Wiliot, had previously founded and worked at another startup, Wilocity, a maker of 60 GHz wireless chipsets, which was acquired by Qualcomm for about $400 million. Before that the three co-founders were together at Intel, speaking to a strong track record of chip-making.
Ambient energy harnessing has to date focused on a variety of natural, non-human produced sources such as solar energy, geothermal energy, wind, waves, river currents and so on.
A newer iteration on that has been tapping into the vast amount of electromagnetic energy that gets produced through existing wireless services, potentially a much bigger and readily available source in areas where wireless services already exist, and that is where Wiliot plays.
Of course, this will mean that Wiliot’s chips will not work in the most remote of areas where there is no connectivity at all. That is one of the challenges that the startup has yet to tackle. Another is, of course, more energy efficiency on devices themselves to operate on nanowatts rather than watts of power.
But ultimately, Wiliot and others in the same area like France’s Sigfox are taking the first steps that could open the door to more sophisticated ambient power solutions.
“This is just the tip of the iceberg,” Tamir said. “We think many edge devices will come that will harvest radio frequency energy. But the problem is not what you harvest but how much you need. If you get nanowatts of energy and a phone consumes 3-5 watts when active, you can see where this has to go.”

Continue Reading...