Category: UNCATEGORIZED

Grizzled TechCrunch reporter Matt Burns was on site at yesterday’s big Blue Origin reveal, but if you’re reading this right now, odds are you weren’t. It was a small gathering, and Jeff Bezos, who tends to be fairly secret for such a public billionaire, opted not to live stream the fairly intimate press conference.

The full event is now online, however. You can check that out right here:

The TLDW of all of it is that, well, Earth f*****g rules, man. It’s totally the best planet in the solar system, at least so far as sustaining life is concerned. As such, we’re going to be dependent on this little blue marble for a long while, even as human population and energy consumption push its resources to the brink.

Bezos unveiled some pretty sci-fi sounding plans for off-world industries. In the meantime, however, Blue Origin says it can help the U.S. get back to the moon, with help from its new Blue Moon lunar lander. Bezos says the company can deliver the hardware to NASA by 2024.

A year ago, Amazon -owned Audible announced a deal with Reese Witherspoon’s Hello Sunshine to develop exclusive audio productions for Audible Originals — the company’s entertainment offering which features audio content that’s longer than podcasts, but shorter than audiobooks. Now, the first set of these Hello Sunshine original productions are being announced, including performances from music business matriarch Sophia Chang, judge Rosemarie Aquilina, and comedian/activist Maysoon Zayid.

Like Hello Sunshine’s other efforts, the Audible Originals focus on highlighting female storytelling, and join the brand’s other projects across books, film, TV, podcasts, and streaming services like Apple TV+ and Hulu. In addition, last year Audible and Hello Sunshine collaborated to launch a showcase of Audible audiobooks, selected by Reese’s Book Club, which similarly focuses on strong, but complex female characters.

The Audible Original written and performed by Chang, “Baddest Bitch in the Room,” has her telling the story of growing up as the daughter of Korean immigrants in the suburbs of Vancouver, later falling in love with hip-hop music, then starting her career in the music business, where she influenced the careers of major artists, including the Wu Tang Clan.

Judge Aquilina performs “Magnificent Things,” where she talks about her unusual journey to becoming the judge who presided over the trial of USA Gymnastics doctor Larry Nassar. And Maysoon Zayid performs “Limping on the Edge,” which tells her story of being a Muslim comedian with cerebral palsy, and how she uses her platform for her activism.

“We’re honored to have the opportunity to work with Sophia Chang, Rosemarie Aquilina, and Maysoon Zayid on their audio memoirs,” said Charlotte Koh, Head of Digital Media & Unscripted at Hello Sunshine, in a statement. “Each of these singular women have pursued their dreams with conviction, achieved success in the face of improbable odds, and are redefining societal norms around female identity and power. We’re also deeply appreciative of our friends at Audible for working with us to create these incredible listening experiences and providing these women with a premium service that commands a wide and highly engaged audience,” she added.

The launch comes at a time when the Hello Sunshine brand is on the rise thanks to its various high-profile projects, which include HBO’s “Big Little Lies,” and forthcoming video efforts like Hulu’s “Little Fires Everywhere,” and Apple TV+’s “Are You Sleeping” and “The Morning Show.” The company has a number of films in the works, as well, including “Legally Blonde 3” and those that are being developed from Reese’s Book Club picks, like “Where the Crawdads Sing,” and “Eleanor Oliphant is Completely Fine.”

Meanwhile, Hello Sunshine’s collaboration with Audible gives its parent Amazon a connection to the media company, which could help it in other areas of its business — like Prime Video potentially, Amazon Books, and Amazon Video’s marketplace for film and TV, which benefits from sales of popular titles.

Amazon, by way of its subsidiary Audible, also gains a noteworthy set of audio exclusives at a time when major streaming services like Spotify and Pandora are focusing on podcasting and audio. In addition, the deal indirectly helps boost Amazon’s connected speaker business, as it offers Echo owners the ability to stream exclusive original content from Audible.

The new Audible Original programs will debut starting in late 2019 and early 2020, the company says.

In security, nothing is “unhackable.” When it’s claimed, security researchers see nothing more than a challenge.

Enter the latest findings from Pen Test Partners, a U.K.-based cybersecurity firm. Their latest project was ripping apart the “unhackable” eyeDisk, an allegedly secure USB flash drive that uses iris recognition to unlock and decrypt the device.

eyeDisk raised over $21,000 in its Kickstarter campaign last year and began shipping devices in March.

There’s just one problem: it’s anything but “unhackable.”

Pen Test Partners researcher David Lodge found the device’s backup password — to access data in the event of device failure or a sudden eye-gouging accident — could be easily obtained using a software tool able to sniff USB device traffic.

The secret password — “SecretPass” — can be seen in plaintext. (Image: Pen Test Partners)

“That string in red, that’s the password I set on the device. In the clear. Across an easy to sniff bus,” he said in a blog post detailing his findings. The password is

Worse, he said, the device’s real password can be picked up even when the wrong password has been entered. Lodge explained this as the device revealing its password first, then validating it against whatever password the user submitted before the unlock password is sent.

Lodge said anyone using one of these devices should use additional encryption on the device.

The researcher disclosed the flaw to eyeDisk, which promised a fix, but has yet to release it. eyeDisk did not return a request for comment.

The UK’s data protection watchdog has issued the government department responsible for collecting taxes with a final enforcement notice, after an investigation found HMRC had collected biometric data from millions of citizens without obtaining proper consent.

HMRC has 28 days from the May 9 notice to delete any Voice ID records where it did not obtain explicit consent to record and create a unique biometric voiceprint linked to the individual’s identity. 

The Voice ID system was introduced in January 2017, with HMRC instructing callers to a helpline to record a phrase to use their voiceprint as a password. The system soon attracted criticism for failing to make it clear that people did not have to agree to their biometric data being recorded by the tax office.

In total some seven million UK citizens have had voiceprints recorded via the system. HMRC will now have to delete the majority of these records (~five million voiceprints) — only retaining biometric data where it has fully informed consent to do so.

The Information Commissioner’s Office (ICO) investigation into Voice ID was triggered by a complaint by privacy advocacy group Big Brother Watch — which said more than 160,000 people opted out of the system after its campaign highlighted questions over how the data was being collected.

Announcing the conclusion of its probe last week, the ICO said it had found the tax office unlawfully processed people’s biometric data.

“Innovative digital services help make our lives easier but it must not be at the expense of people’s fundamental right to privacy. Organisations must be transparent and fair and, when necessary, obtain consent from people about how their information will be used. When that doesn’t happen, the ICO will take action to protect the public,” said deputy commissioner, Steve Wood, in a statement.

Blogging about its final enforcement notice, the regulator said today that it intends to carry out an audit to assess HMRC’s wider compliance with data protection rules.

“With the adoption of new systems comes the responsibility to make sure that data protection obligations are fulfilled and customers’ privacy rights addressed alongside any organisational benefit. The public must be able to trust that their privacy is at the forefront of the decisions made about their personal data,” writes Woods offering guidance for using biometric data “in a fair, transparent and accountable way”.

Under Europe’s General Data Protection Regulation (GDPR) biometric data that’s used for identifying a person is classed as so-called “special category” data — meaning if a data controller is relying on consent as their legal basis for collecting this information the data subject must provide explicit consent.

In the case of HMRC, the ICO found it had failed to give customers sufficient information about how their biometric data would be processed, and failed to give them the chance to give or withhold consent.

It also collected voiceprints prior to publishing a Voice ID-specific privacy notice on its website. The ICO found it had not carried out an adequate data protection impact assessment prior to launching the system.

In October 2018 HMRC tweaked the automated options it offered to callers to provide clearer information about the system and their options.

That amended Voice ID system remains in operation. And in a letter to the ICO last week HMRC’s chief executive, Jon Thompson, defended it — claiming it is “popular with our customers, is a more secure way of protecting customer data, and enables us to get callers through to an adviser faster”.

As a result of the regulator’s investigation HMRC retrospectively contacted around a fifth of the seven million Brits whose data it had gathered to ask for consent. Of those it said more than 995,000 provided consent for the use of their biometric data and more than 260,000 withheld it.

More than 95 percent of the smartphones that ship in India run Android operating system, according to industry estimates. Now the Indian antitrust watchdog is convinced that the nation should investigate if Google is abusing the dominant position of its mobile operating system to hurt local rivals.

The Competition Commission of India (CCI), the local antimonopoly regulator, began looking at Google’s Android business in India last year after it received a complaint from unspecified people. In mid-April, the regulator decided that there was merit in the accusations and ordered its investigation unit to conduct a full-investigation, according to a report by Reuters, which cites unnamed sources.

The investigation, not the first of its kind, will take about a year to conclude and could see Google executives be asked to be summoned before the regulator, the news agency reported. We’ve reached out to Google for comment. The CCI has not publicly commented on the probe.

If found guilty, Google may be fined up to 10 percent of its local revenue or 300 percent of its net profits. Even as India has emerged as one of Google’s largest markets, the company makes relatively a tiny amount in the nation. It clocked $1.4 billion in revenue in India in the year that ended in March 2018, according to regulatory filings, compared to over $100 billion it generated globally in a comparable time period.

The specific accusations, as well as identity of those who filed the complaint, remains unclear for now. In a statement to Reuters, Google said that it was looking forward to working with the CCI to “to demonstrate how Android has led to more competition and innovation, not less.”

With the launch of this investigation, India is joining the EU, which continues to look at several businesses of Google — including Android — to ensure that the company is not abusing its dominant position in the market. Earlier this year, the EU regulators concluded that Google had forced its OEM partners to prebundle Google Search, Chrome browser, and Google Play Store on their Android handsets.

Following the verdict, which Google has appealed, the Android maker announced it will give users more choices for browsers and search engines.

India’s regulator has previously investigated Google’s search business and Apple’s partnerships with local carriers for sale of iPhones. Apple’s iOS has tiny market share in India, where most people have annual income of less than $2,000.

For the past few years, Apple has been inviting student developers to attend its WWDC conference, which centers on development topics and software. A few students from this year’s batch are getting some more personal attention from Apple as it tries to raise awareness of the program and coding literacy via its Swift Playgrounds and other resources for students and teachers.

Most of those students, though, won’t get a surprise personal visit from CEO Tim Cook, which is what happened this week when Lyman High School student Liam Rosenfeld got to the Millenia Mall Apple Store in Orlando, Florida. Liam was there to participate, he thought, in an interview with myself and a local journalist from the Orlando Sentinel about his admission to the program.

As a surprise, and fresh off an appearance at the SAP Sapphire conference to announce an expanded partnership, Cook came to visit the store to greet employees, and to spend some time with Liam and his teacher, Mary Acken.

I was on hand to spend some time of my own with Liam, to talk to him about his experiences coding in high school and shipping on a global App Store. I also spoke to Cook about coding literacy, the SAP partnership and some other interesting topics.

The confab was set for Wednesday afternoon, with the store making an ideal meeting place given its rough proximity to the conference and airport. Liam arrived earlier than expected and some interference had to be ran so that Cook’s appearance and the surprise, could be kept secret.

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines.

This week we had the full Equity staff on hand to dig through the week’s news, helmed by Kate Clark and Connie Loizos with Alex Wilhelm in the studio too. Plus, Om Malik, a former scribbler and current venture capitalist, joined us to riff on the latest.

Before we dig into what we covered, a small note from the team: As this episode is going out before Uber will trade, we’ll have another episode coming to you tomorrow after the madness. Stay tuned.

Uber priced its IPO at $45 per share right before we hit record, so we first touched on the final pricing of what should be the year’s largest tech IPO. Pricing towards the lower-end of its range, Uber could be setting itself up for a strong first day. Or, demand was lower than expected following Lyft’s slide. Either way, Uber will trade tomorrow as a public company at last. Om predicts Uber and Lyft rides will get a whole lot more expensive in the next eighteen months, so hold onto your hats, the future for riders and drivers alike is… unclear.

Next, we debated Harry’s exit to Edgewell Personal Care. The direct-to-consumer razor supplier sold this week for more than $1 billion in a deal reminiscent of the Dollar Shave Club’s sale to Unilever. From there, we spoke about the latest from the Luckin Coffee IPO. The news, in brief, is that its IPO is moving forward. Next up is pricing, we’ll be sure to discuss any updates on the podcast.

In big deal news, Carta closed a $300 million round. Connie has learned a lot about the business in recent weeks and it turns out, Om wishes he was an investor!

Finally, Cruise’s latest new round, and the capital needs of autonomous driving. As we all quickly agree, it’s an expensive business and not one that will get cheaper. But, given that so many companies are working on the tech, we hope it works out. Especially Om, who doesn’t have a driver’s license, it turns out.

All that and we had fun! Chat tomorrow!

A popular GPS tracker — used as a panic alarm for elderly patients, to monitor kids, and track vehicles — contains security flaws, which security researchers say are so severe the device should be recalled.

The Chinese manufactured white-label location tracker, rebranded and sold by over a dozen companies — including Pebbell by HoIP Telecom, OwnFone Footprint, and SureSafeGo — uses a SIM card to connect to the 2G/GPRS cell network. Although none of the devices have internet connectivity and won’t on exposed device database sites like Shodan, they can still be remotely accessed and controlled by SMS.

Researchers at U.K. cybersecurity firm Fidus Information Security say the device can be tricked into turning over its real-time location simply by anyone sending it a text message with a  keyword. Through another command, anyone can call the device and remotely listen in to its in-built microphone without alerting anyone.

Another command can remotely kill the cell signal altogether, rendering the device effectively useless.

Although the device can be protected with a PIN, it’s not enabled by default. Worse, the researchers found the device can be remotely reset without needing a PIN — opening up the device to further commands.

“This device is marketed at keeping the most vulnerable safe and yet anybody can locate and listen into thousands of people’s lives without their knowledge,” said Fidus’ Andrew Mabbitt, who wrote up the team’s findings. “This day and age, everything is connected one way or another and we seem to be leaving security behind; this isn’t going to end well.”

An attacker only requires the phone number of the device, Mabbitt told TechCrunch. His team showed it was easy to extrapolate hundreds of working phone numbers connected to vulnerable devices based off a single known device. “We made the assumption that these numbers were purchased in a batch,” said the team’s write-up.

The team bought a device and allowed TechCrunch to verify their findings. With a single command, we got a text message back in seconds with the precise co-ordinates of its location. We could also pull other information from the device, including its IMEI number and battery level.

The phone call trick, which Mabbitt called a “glorified wiretap,” also worked.

One text message to a vulnerable device, bought by the security researchers, allowed us to remotely grab its real-time coordinates. The geolocation was precise to a few meters. (Image: TechCrunch)

There are an estimated 10,000 devices are in the U.K. — and thousands more around the world. But Mabbitt said there’s no way to fix the vulnerabilities without recalling every device.

“Fixing this broken security would be trivial,” said the team. “All they needed to do was print a unique code on each pendant and require that to be used to change configurations. The location and call functions could be locked down to calls and texts only from those numbers previously programmed in as emergency contacts.”

The U.K. just last week announced a proposed new cybersecurity law that would require connected devices to be sold with a unique password, and not a default.

None of the device sellers we contacted responded to a request for comment.

Read more:

• An unsecured SMS spam operation doxxed its owners
• Samsung spilled SmartThings app source code and secret keys
• Security lapse exposed a Chinese smart city surveillance system
• A leaky database of SMS text messages exposed password resets and two-factor codes
• Chipotle customers are saying their accounts have been hacked
• We found a massive spam operation — and sunk its server
• Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
• Robocaller firm Stratics Networks exposed millions of call recordings
• Massive mortgage and loan data leak gets worse as original documents also exposed

Binance has vowed to raise the quality of its security in the aftermath of a hack that saw thieves make off with over $40 million in Bitcoin from the exchange.

The company — which is widely believed to operate the world’s largest crypto exchange based on trading volumes — said today that it will “significantly revamp” its security measures, procedures and practices in response. In particular, CEO Changpeng Zhao wrote in a blog post that Binance will make “significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident.”

Speaking on a livestream following the disclosure of the hack earlier this week, Zhao said the hackers had been “very patient” and, in addition to targeting high-net-worth Binance users, he suggested that attack had used both internal and external vectors. That might well mean phishing, and that’s an area where Zhao has pledged to work on “more innovative ways” to combat threats, alongside improved KYC and better user and threat analysis.

“We are working with a dozen or so industry-leading security expert teams to help improve our security as well as track down the hackers,” Zhao wrote. He added that other exchanges are helping as best they can to track and freeze the stolen assets.

The real focus must be to look forward, and in that spirit, Binance said it will soon add support for hardware-based two-factor-authentication keys as a method to log in to its site.

That’s probably long overdue and, perhaps to make up for the delay, Zhao said the company plans to give away 1,000 YubiKeys when the feature goes live. That’s a worthy gesture but, unless Binance is giving out a discount code to redeem on the website directly, security purists would likely recommend users to buy their own key to ensure it has not been tampered with.

The final notable update is when Binance will resume withdrawals and deposits, which it froze in the wake of the attack. There’s no definitive word on that yet, with Zhao suggesting that the timeframe is “early next week.”

Oh, and on that proposed Bitcoin blockchain “reorg” — which attracted a mocking reaction from many in the blockchain space — Zhao, who is also known as CZ, said he is sorry.

“It is my strong view that our constant and transparent communication is what sets us apart from the “old way of doing things”, even and especially in tough times,” he wrote defiantly, adding that he doesn’t intend to reduce his activity on Twitter — where is approaching 350,000 followers.

Daye, a “femcare” startup developing a new type of tampon that uses CBD to help tackle dysmenorrhea, has quietly raised $5.5 million in funding from high-profile investors in the U.S. and Europe, TechCrunch has learned.

Backing the round is Silicon Valley’s Khosla Ventures, along with London’s Index Ventures and Kindred Capital. The investment sees Khosla’s chief of staff Kristina Simmons, Khosla venture partner Tim Westergren (who also founded Pandora), and Hannah Seal, principle at Index, join Daye’s board.

Other investors in the London-based company include Sophia Bendz (former global director of Marketing at Spotify and now a partner at VC firm Atomico), Irina Havas (a principle of Atomico), David Schiff (founding partner at United Talent Agency) and Kristin Cardwell (VP of International Business Development at Refinery29).

Founded by 24-year-old Valentina Milanova and launching later this year, Daye has set out to build a new brand for female health products “designed with women in mind.” The startup’s first product is a newly developed tampon that uses CBD to help tackle period cramps (or dysmenorrhea) as an alternative to traditional painkillers (CBD is the extract derived from the flower of the industrial hemp plant, a legal relative to marijuana). Daye also claims its product will be more hygienic and sustainable than legacy tampons, and if successful could be a wake-up call to the incumbent and stagnant tampon industry, which has seen little innovation in decades.

“Our goal is to raise the standards of women’s hygiene products by tackling three primary issues: dysmenorrhea, manufacturing standards and sustainability,” Milanova tells TechCrunch. “Women have largely been left out of medical innovation. In fact, until 1993, researchers banned women from participating in [early] clinical trials, as it was believed female hormone fluctuations polluted medical data. To this day, most medications, including those for pain relief, depression and sleeping aids, have not been tested on women. We’re redefining localised cramp-relief, relying on an ingredient that we’ve tested on women first.”

Milanova says she first had the idea for a cramp-fighting tampon in November 2017 and initially used her salary from a day job and credit cards to fund product development. In September 2018, she quit her job to work on the business full-time and build a team, and to finalise clinical trials for the product.

Describing CBD as “having its 15 minutes of fame,” Milanova says the company doesn’t believe cannabidiol should be added to everything, from dry shampoo to cocktails. However, she says CBD is much safer than over-the-counter painkillers, and that the vaginal canal has the highest concentration of cannabinoid receptors and is also the fastest route of absorption into the bloodstream when it comes to pain relief.

“Unlike most CBD products on the market today, our product does not contain any tetrahydrocannabinol (THC),” she explains. “This is why we believe we’re going to be attractive to every consumer who experiences menstrual discomfort.”

Beyond the novel idea of a cramp-fighting CBD tampon, Milanova says Daye wants to raise the bar for tampon production standards and sustainability.

“In Europe, tampons are not classified as medical devices, which means there are no manufacturing guidelines — for context, plasters are more regulated and better sanitised than tampons,” she tells me, to my astonishment. To address this, Daye is introducing pharmaceutical-grade standards and will keep manufacturing in-house.

Period care is also “wreaking havoc” on the environment. “Over the course of her lifetime, the average woman uses enough tampons to fill two double-decker buses. That waste either ends up in our oceans or landfills. We want to relieve the burden period care has on the environment, and offer a product that is equal parts body-safe, effective and as sustainable as possible.”

To begin to answer the question of why something like this hasn’t been done before, Milanova says that menstrual discomfort in general is a massively overlooked problem and that “even the mention of the word tampon makes most people feel uncomfortable.”

The existing market is also monopolised “to the point where innovation suffers.” All tampons on the market today perform and look the same, using the same materials and the same manufacturing processes. Yet, because there’s barely any product differentiation, the Daye founder says most women remain loyal to the first tampon brand they ever tried.

“What we’re bringing to market is a completely novel product, and we’re operating in a very sensitive, intimate area of consumer goods. As a newcomer, we have to gain consumer trust by ensuring we’re in constant contact with our users, taking note of their feedback and iterating on our proposition fast.”