Category: UNCATEGORIZED

Toyota is enlisting the help of startup Preferred Networks, a Japanese company founded in 2014 with a focus on artificial intelligence and deep learning, to help move forward its goal of developing useful service robots that can assist people in everyday life.

The two companies announced a partnership today to collaborate on research and development that will use Toyota’s Human Support Robot (HSR) robotics platform. The platform, which Toyota originally created in 2012 and has been developing since, is a basic robot designed to be able to work alongside people in everyday settings. Its primary uses involve offering basic car and support assistance in nursing and long-term care applications. Equipped with one arm, a display, cameras and a wheeled base, it can collect and retrieve items, and provide remote control and communication capabilities.

Preferred Networks already has some experience with Toyota’s HSR – it demonstrated one-such robot programmed to clean a room fully autonomously at Japan’s CEATEC robotics conference in 2018. The system could identify objects, responsd to specific human instructions and, importably pick up and put down objects it couldn’t define from its database in a safe manner.Toyota will be providing “several dozen” HSR units to Preferred Networks for the startup to work on, and then over the next three years, the two will collaborate on R&D, sharing the results of their work and the resulting intellectual property, with no restrictions on how either party uses the results of the joint work.

One of Toyota’s guiding goals as a company is to develop commercial home robotics that can work with people where they live. The automaker has a number of different projects in the works to make this happen, including through research at its Toyota Research Institute (TRI) subsidiary which works with a number of academic institutions. Toyota also recently revealed a number of robotics projects its bringing to the 2020 Olympic Games in Tokyo, which will help it field test a number of its projects.

Zendesk has always been all about customer service. Last spring it purchased Smooch to move more deeply into messaging app integration. Today, the company announced it was integrating WhatsApp, the popular messaging tool, into the Zendesk customer service toolkit.

Smooch was an early participant in the WhatsApp Business API program. What that does in practice says Warren Levitan, who came over as part of the Smooch deal, is provide a direct WhatsApp phone number for businesses using Zendesk . Given how many people, especially in Asia and Latin America, use WhatsApp as a primary channel for communication, this is a big deal.

“The WhatsApp Business API Connector is now fully integrated into Zendesk support. It will allow any Zendesk support customer to be up and running with a new WhatsApp number quicker than ever before, allowing them to connect to the 1.5 billion WhatsApp users worldwide, communicating with them on their channel of choice,” Levitan explained.

Levitan says the entire WhatsApp interaction experience is now fully integrated into the same Zendesk interface that customer service reps are used to using. WhatsApp simply becomes another channel for them.

“They can access WhatsApp conversations from within the same workspace and agent desktop, where they handle all of their other conversations. From an agent perspective, there are no new tools, no new workflows, no new reporting. And that’s what really allows them to get up and running quickly,” he said.

Customers may click or touch a button to dial the WhatsApp number, or they may use a QR code, which is a popular way of accessing WhatsApp customer service. As an example, Levitan says Four Seasons hotels prints a QR code on room key cards, and if customers want to access customer service, they can simply scan the code and the number dials automatically.

Zendesk has been able to get 1000 businesses up and running as part of the early access program, but now it really wants to scale that and allow many more businesses to participate. Up until now, Facebook has taken a controlled approach to on-boarding, having to approve each brand’s number before allowing it on the platform. Zendesk has been working to streamline that.

“We’ve worked tightly with Facebook (the owner of WhatsApp), so that we can have an integrated brand approval and on-boarding/activation to get their number lit up. We can now launch customers at scale, and have them up and running in days, whereas before it was more typically a multi-week process,” Levitan said.

For now, when the person connects to customer service via WhatsApp, it’s only via text messaging, There is no voice connection, and no plans for any for the time being, according to Levitan. Zendesk-WhatsApp integration is available starting today worldwide.

For many years there’s been an accepted way to raise capital as a venture capital fund. Essentially, GPs (General Partners who set up and run venture capital firms) go ‘cap in hand’ to LPs (Limited Partners who invest into their VC firms) in pension funds, privately run ‘family offices’, ‘ultra-high net worths’ and other such oddly-named financial institutions. These meetings are always private and often VCs don’t even reveal who, specifically, has invested in their fund.

Because it’s so private, it favors fund managers who have been in the business for many years and already have a bulging contact book.

In recent years part of this process has begun to be unpacked by events organizers, recognizing the hearty profits to be made from match-making these two groups. The tickets to attend these events are eye-wateringly expensive, especially for the VCs trying to raise funds.

But in Europe, the VC market has suffered from a certain amount of out-dated practices, plenty of behind-closed-doors negotiations and certain lack of ‘energy’. Europe is a rich mine of startups, and there really ought to be a more competitive environment, but the lack of big exits and large markets (like the US or China) means things tend to only go so far.

Now a new initiative hopes to disrupt this rather cozy state of affairs with an event which will be – comparatively speaking – cheap to attend for VCs in fund-raising mode. But there’s a twist. They will have to pitch ‘on stage’ to the LPs attending.

Yes reader, suddenly they will be put in the exact same shoes as those poor entrepreneurs…

Alloccate which takes place on 19th September in London – is focused on connecting GPs in Europe, with LPs. But, in particular, the newer VC funds and the many sources of finances who would like to invest in VCs but don’t have the contacts. The aim is to accelerate the growth of the next generation of VC funds, which in turn will invest into Europe’s technology startups of the future.

Up to 30 emerging VC fund managers will be chosen by the Allocate selection committee to present their fund in a five-minute pitch to a room full of LPs, in, what appears to be, the first event of its kind in Europe. Speakers at the one-day event will include Simon Cook, CEO and co-founder of Draper Esprit; Lisa Edgar, Managing Director US fund of funds Top Tier Capital Partners and Katie Martin, Chairwoman of Wilson Sonsini Goodrich & Rosati.

This unusual event is being put together as a non-profit venture by two early-stage VC firms: 7Percent Ventures and Luminous Ventures. The lower prices will reflect the fact that the tickets and sponsorship sold will cover the event costs, and not be a venture in its own right.

Andrew J. Scott, Founder Partner at 7percent Ventures tells me: “The cash-raising process for a venture capital firm has traditionally been pretty opaque. University endowments or ‘family offices’ who look after private wealth and sometimes invest into VC firms, can be hard to reach.” He hopes, in particular, to help emerging VC’s “close the investment gap between Europe and the USA”.

Inspired by a VC pitch event in the US and the ‘pay it forward’ attitude of Silicon Valley, Allocate aims to cut out the middleman and make things more efficient for LPs and fund managers, and without paying £2,000+ for a conference ticket to do so.

“There are various PE, profit-led events which are crazy expensive and also just very corporate/PE focused, but not early-stage VC-focused. So we thought we’d do this! I was inspired by an event I saw SF which I pitched at. Our event will not be profit-led but about expanding the new VC industry,” he tells me.

Emerging fund managers are defined as people with up to three to four funds. So this is targeted at those who have not raised before: very much like a startup event.

“Other events in the industry are free for LPs, but this is like the bad old days when founders used to have to pay to pitch investors. These days investors pay more to attend conferences than startups to do, and pitching is often free – that’s how it should be,” says Scott

“But the GP/LP world, is still the wrong way round. VCs pay thru the nose, and LPs go free. Institutional government-backed funds, or an insurance or pension fund, have billions in the bank, yet a GP trying to raise a first fund will have to pay thousands to go to an event which is free for the LPs? That’s at best peculiar,” he says.

It seems like, at the very least, Allocate is trying to level the playing field, and make it accessible for all, and the same price for everyone. For emerging VC fund managers at least, this seems fairer. LPs always want to see low fees with a fund, so it seems better that VCs are not paying £3,000GBP a ticket to go to events to meet them.

“Raising money for a VC firm can be a who-knows-who business, much like raising venture capital money for a startup was 15 years ago. Raising startup investment is now very different, much more democratized, and we feel the European VC/LP investment world needs to catch up and be the same,” says Scott.

“We definitely want to encourage LPs who have or haven’t invested in VCs before. So much less money goes into VC here than in the US from sources like endowment funds and family offices” he says.

Lomax Ward, Partner at Luminous Ventures, adds: “We need to support and work with new and emerging fund managers and investors in a collaborative environment. The start-up scene in Europe is getting great momentum, evidenced by more and more success stories. But, the fact remains that launching an early-stage venture capital fund is very tough and we have founded Allocate to make it that little bit easier. Also, for LPs it will be a fantastic showcase of Europe’s leading emerging funds.”

Commenting on the idea, Raph Crouan, formerly of Apple and Startup Bootcamp tells me it’s a “Great idea and quite well apparently.”

Speaking off the record another VC tells me “It looks like it’s geared towards newer funds, particularly those raising Fund I maybe II, as opposed to the more established VCs and Seed funds. That’s a good idea.”

Another says: “It’s a good format in principle. It’s clever of 7 percent and Luminous to organise this to help their and other early-stage VCs with fund-raising, provided of course they succeed in getting lots of LPs to attend.”

Allocate chose London because, despite the uncertainty of BREXIT, the team says it remains at the center of the European startup sector. Though America still leads the world, its share of the global VC market has decreased significantly from 79% in 2008 to 53% last year, with the UK’s share of European VC having increased from 31% to 42% over the same period.

In comparison, until recently China was in the ascendant, VC investments in China in Q2 2019 are down nearly 77% year-on-year, while European investment continues to go from strength to strength. A third of the world’s top start-up cities are in Europe.

It seems therefore like it’s really time to put booster-rockets on the European VC scene. And hopefully and events like this can help it along.

Twitter has disclosed more bugs related to how it uses personal data for ad targeting that means it may have shared users data with advertising partners even when a user had expressly told it not to.

Back in May the social network disclosed a bug that in certain conditions resulted in an account’s location data being shared with a Twitter ad partner, during real-time bidding (RTB) auctions.

In a blog post on its Help Center about the latest “issues” Twitter says it “recently” found, it admits to finding two problems with users’ ad settings choices that mean they “may not have worked as intended”.

It claims both problems were fixed on August 5. Though it does not specify when it realized it was processing user data without their consent.

The first bug relates to tracking ad conversions. This meant that if a Twitter user clicked or viewed an ad for a mobile application on the platform and subsequently interacted with the mobile app Twitter says it “may have shared certain data (e.g., country code; if you engaged with the ad and when; information about the ad, etc)” with its ad measurement and advertising partners — regardless of whether the user had agreed their personal data could be shared in this way.

It suggests this leak of data has been happening since May 2018 — which is also the day when Europe’s updated privacy framework, GDPR, came into force. The regulation mandates disclosure of data breaches (which explains why you’re hearing about all these issues from Twitter) — and means that quite a lot is riding on how “recently” Twitter found these latest bugs. Because GDPR also includes a supersized regime of fines for confirmed data protection violations.

Though it remains to be seen whether Twitter’s now repeatedly leaky adtech will attract regulatory attention…

Twitter specifies that it does not share users’ names, Twitter handles, email or phone number with ad partners. However it does share a user’s mobile device identifier, which GDPR treats as personal data as it acts as a unique identifier. Using this identifier, Twitter and Twitter’s ad partners can work together to link a device identifier to other pieces of identity-linked personal data they collectively hold on the same user to track their use of the wider Internet, thereby allowing user profiling and creepy ad targeting to take place in the background.

The second issue Twitter discloses in the blog post also relates to tracking users’ wider web browsing to serve them targeted ads.

Here Twitter admits that, since September 2018, it may have served targeted ads that used inferences made about the user’s interests based on tracking their wider use of the Internet — even when the user had not given permission to be tracked.

This sounds like another breach of GDPR, given that in cases where the user did not consent to being tracked for ad targeting Twitter would lack a legal basis for processing their personal data. But it’s saying it processed it anyway — albeit, it claims accidentally.

This type of creepy ad targeting — based on so-called ‘inferences’ — is made possible because Twitter associates the devices you use (including mobile and browsers) when you’re logged in to its service with your Twitter account, and then receives information linked to these same device identifiers (IP addresses and potentially browser fingerprinting) back from its ad partners, likely gathered via tracking cookies (including Twitter’s own social plug-ins) which are larded all over the mainstream Internet for the purpose of tracking what you look at online.

These third party ad cookies link individuals’ browsing data (which gets turned into inferred interests) with unique device/browser identifiers (linked to individuals) to enable the adtech industry (platforms, data brokers, ad exchanges and so on) to track web users across the web and serve them “relevant” (aka creepy) ads.

“As part of a process we use to try and serve more relevant advertising on Twitter and other services since September 2018, we may have shown you ads based on inferences we made about the devices you use, even if you did not give us permission to do so,” it how Twitter explains this second ‘issue’.

“The data involved stayed within Twitter and did not contain things like passwords, email accounts, etc.,” it adds. Although the key point here is one of a lack of consent, not where the data ended up.

(Also, the users’ wider Internet browsing activity linked to their devices via cookie tracking did not originate with Twitter — even if it’s claiming the surveillance files it received from its “trusted” partners stayed on its servers. Bits and pieces of that tracked data would, in any case, exist all over the place.)

In an explainer on its website on “personalization based on your inferred identity” Twitter seeks to reassure users that it will not track them without their consent, writing:

We are committed to providing you meaningful privacy choices. You can control whether we operate and personalize your experience based on browsers or devices other than the ones you use to log in to Twitter (or if you’re logged out, browsers or devices other than the one you’re currently using), or email addresses and phone numbers similar to those linked to your Twitter account. You can do this by visiting your Personalization and data settings and adjusting the Personalize based on your inferred identity setting.

The problem in this case is that users’ privacy choices were simply overridden. Twitter says it did not do so intentionally. But either way it’s not consent. Ergo, a breach.

“We know you will want to know if you were personally affected, and how many people in total were involved. We are still conducting our investigation to determine who may have been impacted and If we discover more information that is useful we will share it,” Twitter goes on. “What is there for you to do? Aside from checking your settings, we don’t believe there is anything for you to do.

“You trust us to follow your choices and we failed here. We’re sorry this happened, and are taking steps to make sure we don’t make a mistake like this again. If you have any questions, you may contact Twitter’s Office of Data Protection through this form.”

While the company may “believe” there is nothing Twitter users can do — aside from accept its apology for screwing up — European Twitter users who believe it processed their data without their consent do have a course of action they can take: They can complain to their local data protection watchdog.

Zooming out, there are also major legal question marks hanging over behaviourally targeted ads in Europe.

The UK’s privacy regulator warned in June that systematic profiling of web users via invasive tracking technologies such as cookies is in breach of pan-EU privacy laws — following multiple complaints filed in the region that argue RTB is in breach of the GDPR.

While, back in May Google’s lead regulator in Europe, the Irish Data Protection Commission, confirmed it has opened a formal investigation into use of personal data in the context of its online Ad Exchange.

So the wider point here is that the whole leaky business of creepy ads looks to be operating on borrowed time.

Brolly, the U.K. insurance app that lets you keep track of your various policies so that you are correctly and competitively covered, is launching a new product to plug what it sees as a gap in home contents insurance.

Dubbed “Brolly Contents,” the new offering promises “flexible” monthly cover for all or a subset of the items you own, transparently priced and delivered in a more convenient way via Brolly’s mobile app. Features of Brolly Contents include the ability to insure up to £40,000 worth of belongings, suitable for renters or property owners, and no fees for updates to your cover.

In addition, there’s a promised loyalty discount of up to 25% that increases each month you stay with Brolly and haven’t made a claim. That’s the antithesis to incumbent providers who offer large discounts for new customers, which are then clawed back the following years on the premise that you are too lazy or time poor to bother switching.

Brolly founder and CEO Phoebe Hugh tells me her aim is to rid customers of what she calls the “loyalty tax,” while simultaneously upgrading contents insurance for the digital age.

“For the majority of consumers, contents insurance is the first voluntary insurance product they will come across,” says Hugh. “A digital native generation are approaching this for the first time and are confused and unhappy with what is currently available. 9 out of 10 households headed by someone between 65-75 have contents insurance, versus just 4 out of 10 of under 30’s. This newer customer has become accustomed to digital delivery of everything, from banking to food delivery, and cannot find an insurance product that suits them. Brolly Contents is the first Brolly product to address these problems head on”.

Developed in partnership with specialist insurer Hiscox, Brolly Contents promises to be more flexible than similar products after Hugh and her team concluded that the current market wasn’t meeting existing Brolly customers’ needs, let alone expanding the market for contents insurance as a whole.

Contents insurance is typically sold as blanket cover but with lots of caveats, and/or requires tedious form filling and is still opaque at best. This leaves many not bothering to take out cover at all or discovering that the cover they have falls short when it’s time to make a claim.

In contrast, Brolly Contents claims to be more transparent, with a much simpler to understand product and an on-boarding experience delivered via in-app chat that walks you through how much cover you require and the amount of excess you wish to pay should you make a claim.

“With Brolly Contents, you can choose how much you want to insure and it doesn’t need to be everything in your home,” says Hugh. “You can get insured from as little as £4.50 a month, if you only want to protect a few things. There are no add-ons, and you can add valuables for no additional cost. Many businesses in this space, particularly some of the newer ones, are offering a branded product to customers which, in the background, consists of multiple underwriters with policies stitched together. As soon as you add some valuables and accidental damage, the price skyrockets. It’s pretty tricky to keep pricing competitive if this is how you operate”.

Meanwhile, Hugh — who before starting Brolly was an underwriter at Aviva — says that despite the insurtech hype, the insurance industry remains a “pre-disrupted market”. Incumbents are focused on where the profit currently is, and therefore the uninsured or beginner insurance customers aren’t well served. In the meantime, insurtech startups typically have to work with those same incumbents.

“A new business gaining traction in insurance is challenging; it’s unlikely you can underwrite yourself at the outset so you have to take a patient approach,” she says. “We found a world-class underwriting partner in Hiscox who shared our vision to simplify insurance, and who wanted to challenge the status quo, but are also trusted to pay out on claims. We’ve been working on Brolly Contents for over a year to deliver something genuinely new”.

Adds Matt Churchill, Head of Hiscox Futures: “Consumer expectations of insurance are changing. We identified early on that Brolly were leading the charge in exploring new ways of engaging customers. Together, we’ve designed a simple insurance product and brought it to life on Brolly’s proven technology driven platform. We hope it brings positive benefits to consumers looking for simplicity and flexibility from a home contents policy”.

We’re still in the hunt for innovative early-stage hardware startup founders. And by that, we mean boundary-pushers, exceptional disrupters and all-around game-changers. If that sounds like you, you still have time to apply to compete in Hardware Battlefield at TC Shenzhen on November 11-12.

Don’t miss your chance to compete in our epic, hardware-focused pitch competition. Apply to TC Hardware Battlefield 2019. The grand prize is a cool $25,000, but there’s a lot more than money on the line. If you’re selected, you’ll launch your startup on a world stage — in front of eager investors and tech media. And you’ll do it in Shenzhen, the world’s hardware heartland. The exposure alone can be life-changing.

First things first. Does your startup qualify? The answer is yes — if you meet the following stipulations.

• Submit your application by August 14
• You must have a minimally viable product to demo onstage
• Your product has received little or no international press coverage to date
• Your product must be a hardware device or component (Enterprise hardware eligible)

Our discerning TechCrunch editors will thoroughly review every qualified application and pick approximately 10-15 startups to compete. If you’re selected, get ready to work, because you’ll receive free pitch coaching from our editors. That’s six rigorous weeks to get you primed and prepped to pitch your hardware on a world stage — and outshine the competition

Founders have just six minutes to pitch and demo their products — followed by an in-depth Q&A with the judges. If you make it to the final round, you’ll repeat the process in front of a new set of judges. After the hardware dust settles, the judges will name the Hardware Battlefield TC Shenzhen champion — who takes home the Battlefield Cup along with a check for an equity-free $25,000.

All the fast-paced action takes place in front of a live audience, and we capture the entire event on video and post it to our global audience on TechCrunch. That translates to a lot of exposure, and it can change the trajectory of your business — whether you win or not.

The Hardware Battlefield takes place during our second TC Shenzhen event (produced with TechNode, our partner in China). The show features top speakers from the startup world in China and beyond, plenty of startups exhibiting in Startup Alley and a hackathon. Stay tuned — we’ll have tickets available soon.

Take your shot — apply to TC Hardware Battlefield 2019 by August 14. Come to Shenzhen on November 11-12 and show us your hardware!

Is your company interested in sponsoring or exhibiting at Hardware Battlefield TC Shenzhen? Contact our sponsorship sales team by filling out this form.

For nearly fifteen years LanzaTech has been developing a carbon capture technology that can turn waste streams into ethanol that can be used for chemicals and fuel.

Now, with $72 million in fresh funding at a nearly $1 billion valuation and a newly inked partnership with biotechnology giant, Novo Holdings, the company is looking to expand its suite of products beyond ethanol manufacturing, thanks, in part, to the intellectual property held by Novozymes (a Novo Holdings subsidiary).

“We are learning how to modify our organisms so they can make things other than ethanol directly,” said LanzaTech chief executive officer, Jennifer Holmgren.

From its headquarters in Skokie, Ill., where LanzaTech relocated in 2014 from New Zealand, the biotechnology company has been plotting ways to reduce carbon emissions and create a more circular manufacturing system. That’s one where waste gases and solid waste sources that were previously considered to be un-recyclable are converted into chemicals by LanzaTech’s genetically modified microbes.

The company already has a commercial manufacturing facility in China, attached to a steel plant operated by the Shougang Group, which produces 16 million gallons of ethanol per-year. LanzaTech’s technology pipes the waste gas into a fermenter, which is filled with genetically modified yeast that uses the carbon dioxide to produce ethanol. Another plant, using a similar technology is under construction in Europe.

Through a partnership with Indian Oil, LanzaTech is working on a third waste gas to ethanol using a different waste gas taken from a Hydrogen plant.

The company has also inked early deals with airlines like Virgin in the UK and ANA in Japan to make an ethanol-based jet fuel for commercial flight. And a third application of the technology is being explored in Japan which takes previously un-recyclable waste streams from consumer products and converts that into ethanol and polyethylene that can be used to make bio-plastics or bio-based nylon fabrics.

Through the partnership with Novo Holdings, LanzaTech will be able to use the company’s technology to expand its work into other chemicals, according to chief executive Jennifer Holmgren. “We are making product to sell into that [chemicals market] right now. We are taking ethanol and making products out of it. Taking ethylene and we will make polyethylene and we will make PET to substitute for fiber.”

Holmgren said that LanzaTech’s operations were currently reducing carbon dioxide emissions by the equivalent of taking 70,000 cars off the road.

“LanzaTech is addressing our collective need for sustainable fuels and materials, enabling industrial players to be part of building a truly circular economy,” said Anders Bendsen Spohr, Senior Director at Novo Holdings, in a statement. “Novo Holdings’ investment underlines our commitment to supporting the bio-industrials sector and, in particular, companies that are developing cutting-edge technology platforms. We are excited to work with the LanzaTech team and look forward to supporting the company in its next phase of growth.”

Holmgren said that the push into new chemicals by LanzaTech is symbolic of a resurgence of industrial biotechnology as one of the critical pathways to reducing carbon emissions and setting industry on a more sustainable production pathway.

“Industrial biotechnology ca unlock the utility of a lot of waste carbon emissions. ” said Holmgren. “[Municipal solid waste] is an urban oil field. And we are working to find new sources of sustainable carbon.”

LanzaTech isn’t alone in its quest to create sustainable pathways for chemical manufacturing. Solugen, an upstart biotechnology company out of Houston, is looking to commercialize the bio-production of hydrogen peroxide. It’s another chemical that’s at the heart of modern industrial processes — and is incredibly hazardous to make using traditional methods.

As the world warms, and carbon emissions continue to rise, it’s important that both companies find pathways to commercial success, according to Holmgren.

“It’s going to get much much worse if we don’t do anything,” she said.

Gogoro, the Taiwanese electric vehicle company, has announced its first manufacturing partners. Yamaha, Aeon Motor and PGO will all launch new scooters this summer that run on Gogoro’s swappable batteries and charging infrastructure.

This means consumers who like Gogoro’s battery system will have a choice between buying Gogoro’s own scooters or scooters from its three partners. All scooters that use Gogoro’s energy network can exchange batteries at the 1,300 GoStations currently in Taiwan.

Beyond its own electric scooters, Gogoro sees its technology, most of which is developed in-house, as an open platform for electric vehicles, with the goal of reducing pollution in cities with heavy traffic. It recently launched a ride-sharing platform that can be used as a white-label solution by companies that want to launch their own electric scooter sharing program (Gogoro’s scooters are already use by Coup, the European ride-sharing startup).

For a deeper look into the company’s origins and plans, Extra Crunch subscribers can read a recently published interview with Gogoro co-founder and CEO Horace Luke.

Why break into a company’s network when you can just walk right in — literally?

Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password.

Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door.

This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network.

“It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit.

The researchers developed a proof-of-concept device — the warship — which has a similar size to a small phone, into a package and dropped it off in the mail. The device, which cost about $100 to build, was equipped with a 3G-enabled modem, allowing it to be remote controlled so long as it had cell service. With its onboard wireless chip, the device would periodically scan for nearby networks — like most laptops do when they’re switched on — to track the location of the device in its parcel.

“Once we see that a warship has arrived at the target destination’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively, or actively, attack the target’s wireless access,” wrote Henderson.

Once the warship locates a Wi-Fi network from the mailroom or the recipient’s desk, it listens for wireless data packets it can use to break into the network. The warship listens for a handshake — the process of authorizing a user to log onto the Wi-Fi network — then sends that scrambled data back over the cellular network back to the attacker’s servers, which has far more processing power to crack the hash into a readable Wi-Fi password.

With access to the Wi-Fi network, the attacker can navigate through the company’s network, seeking out vulnerable systems and exposed data, and steal sensitive data or user passwords.

All of this done could be done covertly without anyone noticing — so long as nobody opens the parcel.

“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose –all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”

The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.

“If we can educate a company about an attack vector like this, it dramatically reduces the likelihood of the success of it by criminals,” Henderson said.

Kik Interactive has hit back at the Securities and Exchange Commission lawsuit that claims a $100 million token sale was illegal. The company, which owns Kik Messenger, filed a 130-page response today in U.S. District Court for the Southern District of New York, alleging that the SEC is “twisting” the facts about its token, called Kin, and asking for an early trial date and dismissal of the complaint.

One of the key issues in the case is if Kin was just an in-app token used to buy games, digital products and other services in Kik Messenger, or if it was meant to be an investment opportunity, as the SEC alleges.

Kik’s general counsel Eileen Lyon said in a press statement that “since Kin is not itself a security, the SEC must show that it was sold in a way that violates the securities laws. The SEC had access to over 50,000 documents and took testimony from nearly 20 witnesses prior to filing its Complaint, yet it is unable to make the case that Kik’s token sale violated the securities laws without bending the facts to distort the record.”

The SEC alleges that the token sale, announced in 2017, came at a time when the company had predicted that it would run out of money after Kik Messenger had been losing money for years, and that it then used proceeds from that sale to build an online marketplace for the app.

In the filing, Kik’s legal team denied that charge, claiming that the SEC’s allegations about its financial condition “is solely designed for misdirection, thereby prejudicing Kik and portraying it in a negative light” and that Kik began working on a cryptocurrency-based model after exploring monetization options that would help it compete against larger techc companies.

They added that “Kik’s Board and Executive Team alike believed that Kin was a bold idea that could solve the monetization challenges faced by all developers (not just Kik) in the existing advertising-based economy, by changing the way people buy and sell digital products and services.”

The SEC also alleges that the sale of digital tokens to U.S. investors was illegal because Kik did not register their offer as required by United States law, even though it claims that Kik marketed Kin as an investment opportunity whose value would increase. In its response, Kik denied that it offered or sold securities, or violated federal securities laws.

In the company’s press statement, Kik CEO Ted Livingston said “The SEC tries to paint a picture that the Kin project was an act of desperation rather than the bold move that it was to win the game, and one that Kakao, Line, Telegram and Facebook have all now followed.”