Year: 2019

It has been one week since U.S. border officials denied entry to a 17-year-old Harvard freshman just days before classes were set to begin.

Ismail Ajjawi, a Palestinian student living in Lebanon, had his student visa canceled and was put on a flight home shortly after arriving at Boston Logan International Airport. Customs & Border Protection officers searched his phone and decided he was ineligible for entry because of his friends’ social media posts. Ajjawi told the officers he “should not be held responsible” for others’ posts, but it was not enough for him to clear the border.

The news prompted outcry and fury. But TechCrunch has learned it was not an isolated case.

Since our story broke, we came across another case of a U.S. visa holder who was denied entry to the country on grounds that he was sent a graphic WhatsApp message. Dakhil — whose name we have changed to protect his identity — was detained for hours, but subsequently had his visa canceled. He was sent back to Pakistan and banned from entering the U.S. for five years.

Since 2015, the number of device searches has increased four-fold to over 30,200 each year. Lawmakers have accused the CBP of conducting itself unlawfully by searching devices without a warrant, but CBP says it does not need to obtain a warrant for device searches at the border. Several courts have tried to tackle the question of whether or not device searches are constitutional.

Abed Ayoub, legal and policy director at the American-Arab Anti-Discrimination Committee, told TechCrunch that device searches and subsequent denials of entry had become the “new normal.”

This is Dakhil’s story.

* * *

As a a Pakistani national, Dakhil needed a visa to enter the U.S. He obtained a B1/B2 visa, which allowed him to temporarily enter the U.S. for work and to visit family. Months later, he arrived at George Bush Intercontinental Airport in Houston, Texas, tired but excited to see his cousin for the first time in years.

It didn’t take long before Dakhil realized something wasn’t right.

Dakhil, who had never traveled to the U.S. before, was waiting in the immigration line at the border when a CBP officer approached him to ask why he had traveled to the U.S. He said it was for a vacation to visit his family. The officer took his passport and, after a brief examination of its stamps, asked why Dakhil had visited Saudi Arabia. It was for Hajj and Umrah, he said. As a Muslim, he is obliged to make the pilgrimages to Mecca at least once in his lifetime. The officer handed back his passport and Dakhil continued to wait in line.

At his turn, Dakhil approached the CBP officer in his booth, who repeated much of the same questions. But, unsatisfied with his responses, the officer took Dakhil to a small room close but separate from the main immigration hall.

“He asked me everything,” Dakhil told TechCrunch. The officer asked about his work, his travel history and how long he planned to stay in the U.S. He told the officer he planned to stay for three months with a plan to travel to Disney World in Florida and later New York City with his wife and newborn daughter, who were still waiting for visas.

The officer then rummaged through Dakhil’s carry-on luggage, pulling out his computer and other items. Then the officer took Dakhil’s phone, which he was told to unlock, and took it to another room.

For more than six hours, Dakhil was forced to sit in a bright, cold and windowless airport waiting room. There was nowhere to lie down. Others had pushed chairs together to try to sleep.

Dakhil said when the officer returned, the questioning continued. The officer demanded to know more about what he was planning to do in the U.S. One line of questioning focused on an officer’s accusation that Dakhil was planning to work at a gas station owned by his cousin — which Dakhil denied.

“I told him I had no intention to work,” he told TechCrunch. The officer continued with his line of questioning, he said, but he continued to deny that he wanted to stay or work in the U.S. “I’m quite happy back in Karachi and doing good financially,” he said.

Two more officers had entered the room and began to interrogate him as the first officer continued to search bags. At one point he pulled out a gift for his cousin — a painting with Arabic inscriptions.

But Dakhil was convinced he would be allowed entry — the officers had found nothing derogatory, he said.

“Then the officer who took my phone showed me an image,” he told TechCrunch. It was an image from 2009 of a child, who had been murdered and mutilated. Despite the graphic nature of the image, TechCrunch confirmed the photo was widely distributed on the internet and easily searchable using the name of the child’s murderer.

“I was shocked. What should I say?” he told TechCrunch, describing the panic he felt. “This image is disturbing, but you can’t control the forwarded messages,” he explained.

Dakhil told the officer that the image was sent to him in a WhatsApp group. It’s difficult to distinguish where a saved image came from on WhatsApp, because it automatically downloads received images and videos to a user’s phone. Questionable content — even from unsolicited messages — found during a border search could be enough to deny the traveler entry.

The image was used to warn parents about kidnappings and abductions of children in his native Karachi. He described it as one of those viral messages that you forward to your friends and family to warn parents about the dangers to their children. The officer pressed for details about who sent the message. Dakhil told the officer that the sender was someone he met on his Hajj pilgrimage in 2011.

“We hardly knew each other,” he said, saying they stayed in touch through WhatsApp but barely spoke.

Dakhil told the officer that the image could be easily found on the internet, but the officer was more interested in the names of the WhatsApp group members.

“You can search the image over the internet,” Dakhil told the officer. But the officer declined and said the images were his responsibility. “We found this on your cellphone,” the officer said. At one point the officer demanded to know if Dakhil was organ smuggling.

After 15 hours answering questions and waiting, the officers decided that Dakhil would be denied entry and would have his five-year visa cancelled. He was also told his family would also have their visas cancelled. The officers asked Dakhil if he wanted to claim for asylum, which he declined.

“I was treated like a criminal,” Dakhil said. “They made my life miserable.”

* * *

It’s been almost nine months since Dakhil was turned away at the U.S. border.

He went back to the U.S. Embassy in Karachi twice to try to seek answers, but embassy officials said they could not reverse a CBP decision to deny a traveler entry to the United States. Frustrated but determined to know more, Dakhil asked for his records through a Freedom of Information Act (FOIA) request — which anyone can do — but had to pay hundreds of dollars for its processing.

He provided TechCrunch with the documents he obtained. One record said that Dakhil was singled out because his name matched a “rule hit,” such as a name on a watchlist or a visit to a country under sanctions or embargoes, which typically requires additional vetting before the traveler can be allowed into the U.S.

The record did not say what flagged Dakhil for additional screening, and his travel history did not include an embargoed country.

One document said CBP denied Dakhil entry to the U.S. “due to the derogatory images found on his cellphone,” and his alleged “intent to engage in unauthorized employment during his entry.” But Dakhil told TechCrunch that he vehemently denies the CBP’s allegations that he was traveling to the U.S. to work.

He said the document portrays a different version of events than what he experienced.

“They totally changed this scenario,” he said, rebutting several remarks and descriptions reported by the officers. “They only disclosed what they wanted to disclose,” he said. “They want to justify their decision, so they mentioned working in a gas station by themselves,” he claimed.

The document also said Dakhil “was permitted to view the WhatsApp group message thread on his phone and he stated that it was sent to him in September 2018,” but this was not enough to satisfy the CBP officers who ruled he should be denied entry. The document said Dakhil stated that he “never took this photo and doesn’t believe [the sender is] involved either,” but he was “advised that he was responsible for all the contents on his phone to include all media and he stated that he understood.”

The same document confirmed the contents of his phone was uploaded to the CBP’s central database and provided to the FBI’s Joint Terrorism Task Force.

Dakhil was “found inadmissible” and was put on the next flight back to Karachi, more than a day after he was first approached by the CBP officer in the immigration line.

A spokesperson for Customs & Border Protection declined to comment on individual cases, but provided a boilerplate statement.

“CBP is responsible for ensuring the safety and admissibility of the goods and people entering the United States. Applicants must demonstrate they are admissible into the U.S. by overcoming all grounds of inadmissibility including health-related grounds, criminality, security reasons, public charge, labor certification, illegal entrants and immigration violations, documentation requirements, and miscellaneous grounds,” the spokesperson said. “This individual was deemed inadmissible to the United States based on information discovered during the CBP inspection.”

CBP said it also has the right to cancel visas if a traveler is deemed inadmissible to the United States.

It’s unlikely Dakhil will return to the U.S., but he said he had hope for the Harvard student who suffered a similar fate.

“Let’s hope he can fight and make it,” he said.

Facebook could soon start hiding the Like counter on News Feed posts to protect users’ from envy and dissuade them from self-censorship. Instagram is already testing this in 7 countries including Canada and Brazil, showing a post’s audience just a few names of mutual friends who’ve Liked it instead of the total number. The idea is to prevent users from destructively comparing themselves to others and potentially feeing inadequate if their posts don’t get as many Likes. It could also stop users from deleting posts they think aren’t getting enough Likes or not sharing in the first place.

Reverse engineering master Jane Manchun Wong spotted Facebook prototyping the hidden Like counts in its Android app. When we asked Facebook, the company confirmed to TechCrunch that it’s considering testing removal of Like counts. However it’s not live for users yet. Facebook declined to share results from the Instagram Like hiding tests, its exact motives, or any schedule for starting testing.

Still, the prototype might indicate positive results from hiding Like tallies in Instagram, which we first reported in April after it was spotted by Wong there as well. After beginning testing in Canada later that month. Instagram added Brazil, Australia, New Zealand, Italy, Ireland, and Japan to the test in July. There, a post’s author can still see the Like total, but everyone else can’t. The expansion of that Instagram test and Facebook potentially trying it in its own app signals that it might have positive or negligible impacts on sharing while aiding mental health, or at least be worth a slight drop in engagement.

Facebook has gradually been relegated to the place for sharing showy life events like marriages or new jobs while Instagram and Snapchat take over for day-to-day sharing. The problem is that people have so many fewer of those big moments, and the large Like counts they attract can make other users self-conscious of their of own lives and content. That’s all problematic for Facebook’s ad views. Facebook wants to avoid scenarios such as “Look how many Likes they get. My life is lame in comparison” or “why even share if it’s not going to get as many Likes as her post and people will think I’m unpopular”.

Removing Like counts could put less pressure on users and encourage them to share more freely and frequently, as I wrote in 2017. It could also obscure Facebook’s own potential decline in popularity as users switch to other apps. Posts not getting as many Likes as they used to could hasten the exodus.

India’s Oyo said on Monday it has acquired Copenhagen-based data science firm Danamica as the giant lodging startup works to expand its business in Europe.

Neither of the parties disclosed financial terms of the deal, but a source familiar with the matter told TechCrunch that Oyo paid about $10 million to acquire the Danish firm.

Danamica, which was founded in 2016, has built machine learning tools and “business intelligence capabilities” to specialize in dynamic pricing of rental properties and hotels.Oyo said Danamica would help it scale its technical expertise as the Indian startup expands its footprint in overseas markets.

Today’s announcement comes weeks after Oyo said it planned to invest €300 million in its vacation rental business in Europe, and $300 million toward U.S. expansion over the coming years.

In May this year, Oyo bought Amsterdam-based holiday rental company Leisure from Axel Springer for $415 million.

In a prepared statement, Maninder Gulati, Global Head of OYO Vacation and Urban Homes and Chief Strategy Officer of OYO Hotels & Homes, said, “We are delighted to announce our acquisition of Danamica, a Europe based, machine learning and business intelligence company specialized in dynamic pricing, that will help us be more accurate with pricing, leading to higher efficiencies and yield for our real estate owners and value for money for our millions of global guests, both everyday travellers and city dwellers, that choose an OYO Vacation Homes as their abode.”

More to follow…

In a nondescript building near Moffett Field, still undistracted by any VC funding, an 80-person company named Made In Space is building tools for the next generation of satellites and space exploration, including most remarkably, the first self-manufacturing satellite, due for launch in three years’ time.

Building in space rather than on the ground, courtesy of 3D printers and automated assembly, comes with many advantages. You can save volume by sending dense feedstock for 3D printers rather than capacious constructed objects. More importantly, if you don’t have to build to survive the traumatic forces of launch, you can use more fragile designs, and hence less mass.

Made in Space’s 3D printers have already done several tours of duty on the International Space Station, “Five years ago, manufacturing in space was a dream,” says Andrew Rush, co-founder and CEO. “Now there are months we’re manufacturing so much stuff in orbit it seems almost pedestrian.”

“We have manufacturing, we have printing, now let’s get assembly, let’s get robotic operations,” concurs Jim Bridenstine, as behind him a robot arm loops wires onto a full-size 3D-printed reflector disk, in a headquarters decorated with classic Star Trek posters and the world’s largest 3D-printed object. (A 37.7-meter long tube of aerospace polymer. They stopped there because they ran out of hallway.) That breakthrough launch, targeted for 2022, is called Archinaut One.

It’s not that the entire satellite will be constructed in orbit from bricks of polymer and wire, obviously. But Archinaut One, for which NASA has awarded Made in Space $73.7 million, will manufacture two ten-meter-long wings of solar arrays rather than unfold the customary smaller panels, generating “as much as five times more power than traditional solar panels on spacecraft of similar size.”

The potential commercial applications are numerous. Most obviously, Internet-via-satellite solutions require bandwidth, and, basically, power equals bandwidth. Bridenstine, who extols how this work was done by a small business rather than by NASA proper, clearly prefers NASA as a customer of the private space sector, or better yet “one of many customers,” rather than owning / building new technologies itself. Archinaut One is in turn something of a prototype for eventual robotic construction of the controversial Lunar Gateway.

But whether you’re convinced by the Gateway architecture serious skeptic, Made in Space’s technology is genuinely exciting, and impressively multifaceted. They intend to recycle waste polymer on the ISS. They plan to manufacture optical fiber in space which would “greatly outperform” standard fibers. They do sheet-metal extrusion and are interested in 3D printing metals as well as polymers in space.

Most interesting of all is their approach to converting lunar and other regolith into 3D-printing feedstock and using it that to construct extremely strong, and airtight, structures. It turns out that 70% moondust can be mixed with 30% polymer nodules into a mix that can be heated into 3D feedstock for a remarkable one-thirtieth the energy cost of sintering. Their ridiculously awesome, ridiculously ambitious long-term plan to construct spacecraft from asteroids is called “Project RAMA,” presumably a nod to the Clarke novel.

That sounds a lot like the proverbial pie in the sky, but given their accomplishments to date, Made in Space has earned the right to be taken seriously. The company’s four co-founders met in Singularity University, talked NASA into giving them a dusty disused basement room as their initial office, and, despite being just a few miles from Sand Hill Road, have since grown to their current size without taking any dilutive funding — no less an achievement than their science and engineering feats to date.

You’ve worked hard to build your dream to this point, and now it’s time to launch your early-stage startup on a world-class stage and shift your momentum into high gear. If that description fits, we want you to apply to compete in the Startup Battlefield at Disrupt Berlin 2019.

Our early-stage startup pitch competition — known around the world — is the most effective way to place your startup in front of the investors, tech leaders and media outlets that can change the trajectory of your business in the best way possible. Oh, and the winning founders also receive $50,000. Sweet!

What’s more, applying to and participating in Startup Battlefield is absolutely free — no fees, no equity, no nothing.

Applying is easy, but the selection process is extremely competitive. TechCrunch editors with a keen eye for potential will vet every application and then select 15-20 companies to compete. Founders of those startups will receive six rigorous weeks of pitch coaching — you’ll work hard to craft your pitch, prepare your demo and be ready to strut your stuff with confidence.

When the big day finally arrives, each team will have six minutes to pitch to a world-class panel of judges — followed by a six-minute Q&A session. The founders who make it through to the second round will present again to a fresh set of judges. It’s a lather, rinse, repeat scenario.

One startup will emerge victorious, raise the Disrupt Cup and take home the $50,000 prize. The event takes place in front of a huge audience filled with investors, media and tech icons — and we record and live-stream the whole shooting match around the world.

Not only that, all Startup Battlefield competitors get to exhibit in Startup Alley for the entire show. Even if you don’t win the top prize, you still benefit from the exposure. Plus, you’ll join the ranks of the Startup Battlefield alumni community — now there’s an impressive group.

Since 2007, 857 startups have launched their dreams on the Startup Battlefield stage and gone on to collectively raise $8.9 billion while producing 112 exits. This alumni community includes companies like Vurb, Dropbox, Mint, Yammer and many more. You’ll be among their ranks…let the networking begin!

The Startup Battlefield takes place at Disrupt Berlin 2019 on 11-12 December. You’ve worked hard to build your dream — now take it to the next level. Apply to Startup Battlefield today.

Pro Tip: If you’re not quite ready to compete in the Battlefield, there’s more than one way to receive the VIP treatment at Disrupt. Use the same application and apply for the TC Top Picks program. If you make the cut, you’ll receive a free Startup Alley Exhibitor Package and stand in a bright spotlight of media and investor attention.

Is your company interested in sponsoring or exhibiting at Disrupt Berlin 2019? Contact our sponsorship sales team by filling out this form.

Porsche is squeezing in one more teaser ahead of the global debut of the all-electric Porsche Taycan. And this time, the German automaker didn’t hold back.

Professional racer Shea Holbrook drove a prototype Taycan from a standstill up to 90.58 miles per hour (145 km/h), then slammed on the brakes back to zero all within 10.7 seconds. Shea accelerated the Taycan to 90.58 mph in just 422 feet before braking hard.

If that wasn’t splashy enough, Porsche took it up a level and conducted the demonstration on the flight deck of the USS Hornet, the 27,500-ton aircraft carrier used to recover astronauts from the Apollo 11 and Apollo 12 missions to the moon. You can watch the entire test run in the video below.

Yes, this is gratuitous automotive theater and a marketing ploy. It’s also a spectacularly fun way to show off the stability and performance of Porsche’s big bet on electric vehicles.

Now, the 0-90-0 run falls short of the traditional 0-100-0 tests. It’s not clear why Porsche didn’t make a 0-100-0 run, although available space might have been a factor.

Stefan Weckbach, vice president of the Taycan product line, admitted that the demonstration was “some kind of fun testing than a completely serious one.” But he added that it was a fitting way to demonstrate the power of the car as it nears the end of its development.

“On a tough, changeable surface the Taycan’s composure, its incredible acceleration and stopping power were absolutely impressive – though we decided not to take it to the max, just to reach the 0-100 mph margin.” Weckbach said. While I was completely sure both Shea and the car could achieve something special, I’m really relieved no one went for a swim.”

 

Holbrook said that despite appearances, the deck was quite bumpy.

“Deliberately accelerating towards thin air and the ocean is a new experience for me, but the Taycan gave me a huge amount of confidence — it was really stable but under acceleration and, more importantly, under braking,” she added.

 

Our super early bird countdown continues startup fans. If you don’t have your pass to Disrupt Berlin 2019 yet, it’s time to mach schnell — make it quick! Buy your pass now before the deadline strikes on 6 September at 11:59 p.m. (CEST), and you’ll save up to €600. Just five days left, friends. What are you waiting for?

You can save even more money with our group discounts. Buy in bulk, bring your whole team and leave no startup entrepreneur behind. You’ll save 20% when you buy five or more Innovator passes at once. Buy two or more Founder or Investor passes at once and enjoy a 10% savings.

We love Disrupt Berlin’s international diversity. More than 3,000 attendees from more than 50 countries gather to learn about and showcase the latest tech innovations and to connect, collaborate and move their business forward. Disrupt is the crossroad of now and future tech.

You’ll hear from an impressive array of tech leaders, makers, founders and investors on a range of hot topics. One example is Nigel Toon, the co-founder and CEO of Graphcore — a company that’s designing its own dedicated AI chipset. The company has raised more than $300 million from top investors, such as Sequoia Capital, BMW, Microsoft and Samsung. Pretty impressive, but even crazier — the tiny startup competes directly with giant chip companies, such as Nvidia, AMD, Intel and Qualcomm. It’s a race to see who can create the most efficient AI chip.

Director Roxanne Varza will be on hand to give us an update on Station F, the world’s biggest campus for startups. Housed in an historic monument (a beautiful building constructed in 1929), Station F is also a high-tech building and a cornerstone of the French tech ecosystem. Companies like Facebook, Naver (Line), Ubisoft, Microsoft and a host of others run incubators out of Station F, and its also home to more than 1,000 startups.

You can’t talk European success stories without talking UiPath. Currently valued at $7 billion, the company’s wild success comes from creating enterprise software that focuses on repetitive tasks and helps customers automate as many actions as possible. We can’t wait to talk with founder and CEO Daniel Dines — who started the company 15 years ago — about his automation journey.

There’s so much more to do at Disrupt Berlin 2019 and you can do it all for a whole lot less if you buy your pass before the super early bird price vanishes in just five days at 11:59 p.m. (CEST) on 6 September. Mach schnell!

Is your company interested in sponsoring or exhibiting at Disrupt Berlin 2019? Contact our sponsorship sales team by filling out this form.

Urban, the London-headquartered company that lets you book a growing range of “wellness” services on demand — spanning massage, osteopathy, to various beauty treatments — is adding physiotherapy to its roster in a bid to become a “one-stop-shop” for physical wellbeing.

The new pay-as-you-go physiotherapy offering will let you book a HCPC-registered physio via the Urban app or website for treatment in your home. With NHS wait times several weeks if not months for access to physiotherapy, Urban thinks it has spotted a gap in the market for people that need ongoing treatment or a quick appraisal for a recently sustained injury — and are willing to pay “out of pocket” for the privilege.

In a call with Urban founder Jack Tang and the company’s general manager for physical wellbeing, Joe Jarman, the pair explained that the new service aims to provide access to a private physiotherapist with as little as two hours’ notice, available seven days per week. It will initially be available in London, with a focus on central London where demand (and, presumably, ability to pay) is highest, followed by Manchester and Birmingham.

With that said, pricing is competitive with physiotherapy that is typically offered at a private clinic, and compared to arranging a home visit from a private clinic, it is considerably cheaper. That’s because, claims Jarman, Urban is able to cut down on travel time by clustering nearby bookings via its app in order to maximise potential sessions per day, similar to what it does for other existing Urban wellbeing services. Of course, it doesn’t have the same brick ‘n’ mortar overheads, either.

Jarman says that many of Urban’s physiotherapists work in the NHS during the day but are looking to earn additional income in the evenings and at weekends or want to transition into private practice.

Asked if a service like Urban could place more pressure on the NHS by stretching an already scare resource, he says that the sector as a whole is growing. This has seen a 22% increase in the number of physiotherapists since 2015. In addition, Jarman says one in every three GP consultations relates to MSK issues, and early access to an Urban physiotherapist could help lessen this.

Either way, it’s certainly true that at present and within its current funding and organisational structure, the NHS isn’t very well-positioned to provide speedy MSK-related advice or treatment. Physiotherapy is also an obvious extension to Urban’s existing osteopathy and sports massage treatments.

“We see physiotherapy as the final vital piece so that we can offer a complete package to attain good physical health,” adds Jarman in a statement. “If someone has a problem with their body, we make sure they get the right treatment plan – and they get to choose the time and place”.

Meanwhile, Tang says that now Urban has completed its suite for physical wellbeing, the startup’s attention now turns to “doubling down” on its beauty and body confidence category with more news to share “very soon”.

Spotawheel, a startup operating in Greece and Poland with a car dealership model quite similar to Carvana in the U.S., has picked up €5 million in new funding. Backing the online used car dealership is Venture Friends, which led the round, with participation from Velocity Partners and unnamed “strategic” investors.

The investment includes both equity and debt financing, since part of Spotawheel’s business includes purchasing used cars upfront. It brings total raised by the Athens-headquartered startup to €8 million since launching in 2016.

“Used cars is one of the largest markets in value worldwide growing at a 5-7% rate annually, operating still primarily offline in a notoriously non-transparent way,” says Charis Arvanitis, Spotawheel co-founder and CEO.

This sees potential buyers fear buying a “lemon,” coupled with over-complicated processes, hidden-fees, and fragmented supply. The latter is largely a combination of private sellers via classified ads, and traditional offline used car dealerships.

“The lack of centralized control on the industry’s hugely fragmented seller structure, has prevented any meaningful innovation over the past 20 years, when the typical online classified ads emerged,” says Arvanitis. “That problem is even more evident in Europe, where car trade flows between countries make it much harder to control quality and trace cars history”.

To address this, Spotawheel offers an online B2C platform for used cars that Arvanitis says has redesigned the buy-sell process from scratch to create a “frictionless” and trusted buying experience. The idea is to bring e-commerce levels of convenience and protection to purchasing a used car.

“Customers can opt in for a test drive or have the car delivered countrywide under a 7-day return policy, while enjoying up to 5 years of limited warranty, the largest in Europe,” he says. This is underpinned by Spotawheel’s “predictive analytics” covering the condition and expected failures on a per car basis.

In addition, Arvanitis explains Spotawheel’s car sourcing model combines both debt-financed and marketplace practices, allowing the startup to source the best cars from private owners and B2B resellers across Europe. The includes deploying working capital purchasing vehicles upfront or via a commission-basis agreement.

There’s not a week that goes by where cybersecurity doesn’t dominates the headlines. This week was no different. Struggling to keep up? We’ve collected some of the biggest cybersecurity stories from the week to keep you in the know and up to speed.

Malicious websites were used to secretly hack into iPhones for years, says Google

TechCrunch: This was the biggest iPhone security story of the year. Google researchers found a number of websites that were stealthily hacking into thousands of iPhones every week. The operation was carried out by China to target Uyghur Muslims, according to sources, and also targeted Android and Windows users. Google said it was an “indiscriminate” attack through the use of previously undisclosed so-called “zero-day” vulnerabilities.

Hackers could steal a Tesla Model S by cloning its key fob — again

Wired: For the second time in two years, researchers found a serious flaw in the key fobs used to unlock Tesla’s Model S cars. It’s the second time in two years that hackers have successfully cracked the fob’s encryption. Turns out the encryption key was doubled in size from the first time it was cracked. Using twice the resources, the researchers cracked the key again. The good news is that a software update can fix the issue.

Microsoft’s lead EU data watchdog is looking into fresh Windows 10 privacy concerns

TechCrunch: Microsoft could be back in hot water with the Europeans after the Dutch data protection authority asked its Irish counterpart, which oversees the software giant, to investigate Windows 10 for allegedly breaking EU data protection rules. A chief complaint is that Windows 10 collects too much telemetry from its users. Microsoft made some changes after the issue was brought up for the first time in 2017, but the Irish regulator is looking at if these changes go far enough — and if users are adequately informed. Microsoft could be fined up to 4% of its global annual revenue if found to have flouted the law. Based off 2018’s figures, Microsoft could see fines as high as $4.4 billion.

U.S. cyberattack hurt Iran’s ability to target oil tankers, officials say

The New York Times: A secret cyberattack against Iran in June but only reported this week significantly degraded Tehran’s ability to track and target oil tankers in the region. It’s one of several recent offensive operations against a foreign target by the U.S. government in recent moths. Iran’s military seized a British tanker in July in retaliation over a U.S. operation that downed an Iranian drone. According to a senior official, the strike “diminished Iran’s ability to conduct covert attacks” against tankers, but sparked concern that Iran may be able to quickly get back on its feet by fixing the vulnerability used by the Americans to shut down Iran’s operation in the first place.

Apple is turning Siri audio clip review off by default and bringing it in house

TechCrunch: After Apple was caught paying contractors to review Siri queries without user permission, the technology giant said this week it will turn off human review of Siri audio by default and bringing any opt-in review in-house. That means users actively have to allow Apple staff to “grade” audio snippets made through Siri. Apple began audio grading to improve the Siri voice assistant. Amazon, Facebook, Google, and Microsoft have all been caught out using contractors to review user-generated audio.

Hackers are actively trying to steal passwords from two widely used VPNs

Ars Technica: Hackers are targeting and exploiting vulnerabilities in two popular corporate virtual private network (VPN) services. Fortigate and Pulse Secure let remote employees tunnel into their corporate networks from outside the firewall. But these VPN services contain flaws which, if exploited, could let a skilled attacker tunnel into a corporate network without needing an employee’s username or password. That means they can get access to all of the internal resources on that network — potentially leading to a major data breach. News of the attacks came a month after the vulnerabilities in widely used corporate VPNs were first revealed. Thousands of vulnerable endpoints exist — months after the bugs were fixed.

Grand jury indicts alleged Capital One hacker over cryptojacking claims

TechCrunch: And finally, just when you thought the Capital One breach couldn’t get any worse, it does. A federal grand jury said the accused hacker, Paige Thompson, should be indicted on new charges. The alleged hacker is said to have created a tool to detect cloud instances hosted by Amazon Web Services with misconfigured web firewalls. Using that tool, she is accused of breaking into those cloud instances and installing cryptocurrency mining software. This is known as “cryptojacking,” and relies on using computer resources to mine cryptocurrency.