Category: UNCATEGORIZED

Meet Alcatraz AI a startup that wants to replace all the bade readers in your office with a Face ID-like camera system. Alcatraz has integrated multiple sensors to identify faces and unlock doors effortlessly.

If you think about it, it’s weird that fingerprint sensors took off on mobile but everybody is still using plastic badges for their offices. Sure, high security buildings use fingerprint and iris scanners. But it adds too much friction in too many cases.

First, when everybody gets back from their lunch break, it can create a traffic jam if everybody needs to place their finger on a sensor. Second, onboarding new employees would require you to add their biometric information to the system. It can be cumbersome for big companies.

Alcatraz AI promises a faster badging experience with facial authentication. When you join a company, you also get a physical badge. The first few times you use the badge, Alcatraz AI scans your face to create a model for future uses — after a while, you can leave your badge at the office.

The company has built custom hardware with three different sensors that include both traditional RGB sensors and infrared sensors for 3D mapping. Customers pay Alcatraz AI to install those hybrid badge/face readers. After that, companies pay an annual fee in order to use the platform.

Alcatraz AI customers get analytics, real-time notifications and can detect tailgating. This way, if somebody isn’t supposed to go in the secret lab, Alcatraz AI can detect if they’re trying to sneak in by following someone who is authorized to go in there.

The idea is that the on-going license cost should cover what your company was paying for guards. The startup has raised nearly $6 million from Hardware Club, Ray Stata, JCI Ventures, Ruvento Ventures and Hemi Ventures.

For ten days in March, millions were caught in the same massive spam campaign.

Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.

The emails were so convincing more than 100,000 people clicked through.

We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.

Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to avoid getting blacklisted by anti-spam providers. But the server was primed to start spamming again.

Given there were more than three million unique exposed credentials sitting on this spammer’s server, we wanted to secure the data as soon as possible. With no contact information for the spammer — surprise, surprise — we asked the hosting provider, Awknet, to pull the server offline. Within a few hours of making contact, the provider nullrouted the server, forcing all its network traffic into a sinkhole.

TechCrunch provided a copy of the database to Troy Hunt. Anyone can now check breach notification site Have I Been Pwned to see if their email was misused.

But the dormant server — while it was still active — offered a rare opportunity to understand how a spam operation works.

The one thing we didn’t have was the spam email itself. We reached out to dozens of people to ask about the email they received. Two replied — but only one still had a copy of the email.

“The same mail appeared on three occasions,” said one of the recipients in an email to TechCrunch. “The subject was related to an email I had sent previously to that person so the attacker had clearly got access to his mailbox or the mail server,” the victim said.

The email, when clicked, would direct the recipient through several websites in quick succession to determine where they were located, based off their IP address. If the recipient was in the U.S., they’d be pushed to a fake CNN site promoting a bogus health remedy. In this case, the spammer was targeting U.K. residents — and most were directed to a fake BBC page promoting a bitcoin scam.

The spammer had other servers that we had no visibility into, but the exposed server revealed many of the cogs and machinery to the operation. The server, running an Elasticsearch database, was well-documented enough that we found one of the three spam emails sent to our recipient.

This entry alone tells us a lot about how the spam operation worked.

Here’s how it works. The spammer logs into a victim’s @btinternet.com email account using their stolen email address and password. The scammer pulls a recently sent email from their victim’s email server, which feeds into another server — like inbox87.host and viewmsgcs.live — tasked with generating the personalized spam email. That email incorporates the subject line of the sent email and the target recipient’s email address to make it look like it’s being sent from the real person.

Once the message is ready to send, it’s pushed through a proxy connection, designed to mask where the email has come from. The proxy server is made up of several cell phones, each connecting to the internet over their cellular connection.

Each spam message is routed through one of the phones, which occasionally rotates its IP address to prevent detection or being flagged as a spammer.

Here’s what that proxy server looks like.

Once the spam message leaves the proxy server, the spam message is pushed through the victim’s own email provider using their email address and password, making it look like a genuine email to both the email provider and the recipient.

Now imagine that hundreds of times a second.

Not only was the spammer’s Elasticsearch database leaking, its Kibana user interface was also exposed. That gave the spammer a detailed at-a-glance look at the operation in action. It was so granular that you could see which spam-sending domains were the most efficient in tricking a recipient into clicking the link in the spam email.

Each spam email includes a tracker in the link that fed information back to the spammer. In bulk, that allows the spammer to figure out which email domain — like outlook.com or yahoo.com users — is more likely to click on a spam email. That can also indicate how an email provider’s spam filter acts. The greater number of clicks, the more likelihood of its spam going through — allowing the spammer to target specific email domains in the future.

The dashboard also contained other information related to the spam campaign, such as how many emails were successfully sent and how many bounced. That helps the spammer home in on the most valuable logins in the future, allowing them to send more spam for lower bandwidth and server costs.

In all, some 5.1 million emails were sent during the 10-day campaign — between March 8 and March 18, with some 162,980 people clicking on the spam email, according to the data on the dashboard.

It’s not the first time we’ve seen a spam operation in action, but it’s rare to see how successful it is.

“This case reminds me on several other occasions I reported at some points in the past — when malicious actors create a sophisticated system of proxying and logging, leaving so much tracks to identify their patterns for authorities in the investigations to come,” Diachenko told TechCrunch. “This shows us — again! — how important a proper cyber hygiene should be.”

What’s clear is that the spammer knows how to cover their tracks.

The language settings in the Kibana instance suggested the spammer may be based in Belgium. We found several other associated spamming domains using data collected by RiskIQ, a cyberthreat intelligence firm, which scours the web for information. Of the domains we found, all were registered with fake names and addresses.

As for the server itself, the provider said it was possibly hacked.

“This was a resold box and the customer already responded to the abuse forward saying it was supposed to have been terminated long ago,” said Awknet’s Justin Robertson in an email to TechCrunch.

And we still can’t figure out where the email addresses and passwords came from used to send the spam.

Since the hosting provider pulled the spammer’s server offline, several of their fake sites and domains associated with the spam campaign no longer load. But given the spread of domains and servers propping up the campaign, we suspect the sunken server is only a single casualty in an otherwise continuing spam campaign.

---

Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

While the public is asking, “When are we going to ride in autonomous cars?” Technology companies have been moving apace to test them on designated roads. In China’s capital city Beijing, eight firms drove a total of 153,600 kilometers (95442.6 miles) through their autonomous fleets in 2018, and Baidu, the country’s largest search engine service seen as a local answer to Google, has built a big lead.

That’s according to new data released by Beijing’s transportation regulators in their first report on the city’s licensed self-driving cars. While the authority did not specify conditions of the road tests, say, the number of instances when a human driver had to intervene to prevent an accident, namely the level of “disengagement” that California’s counterpart report asked for, Beijing’s data offers the public an early glimpse into a fledgling field.

Baidu registered nearly 140,000 kilometers in Beijing last year, representing about 91 percent of total self-driving distances traveled by the eight licensed transportation companies in the city. The firm’s leading position is closely linked to its pledge to go all out for artificial intelligence. When it comes to AI’s application in mobility, Baidu stays clear of making hardware and runs an open platform called Apollo that lets third-party developers tap its autonomous tech.

Apollo has joined hands with 135 car manufacturers, parts suppliers and other car allies at last count. Its partners range from international automakers Volvo and Ford, to local electric vehicle startups Byton and Nasdaq-listed NIO.

Baidu was also the first to nab a batch of L3 licenses to trial self-driving cars in Beijing, where Baidu is headquartered and is the country’s first city to allow such road tests. Robocars are now testing in more than ten Chinese cities, including first-tier Beijing and Shanghai as well as smaller urban centers like Changsha, where Baidu is working with the municipal government to bring 100 automated cabs to the city by end of this year.

The runner-up on Beijing’s road-test list, Pony.ai, lagged behind Baidu by a large margin at 10132.9 kilometers. But the three-year-old company has attracted large sums of investor money, in part thanks to the resume of co-founder James Peng, who was the former chief architect of Baidu’s autonomous driving unit. The southern China-based startup counts Sequoia Capital China as one of its seed investors and nearly reached $1 billion in valuation after raising $102 million in funding last July.

Other self-driving companies testing in Beijing included social and gaming giant Tencent, ride-hailing platform Didi Chuxing, and carmakers NIO, Audi AG, Daimler AG and Beijing’s state-owned BAIC Group. Didi, which made safety a priority across company divisions following two passenger murders last year, ran the least self-driving miles in Beijing last year but the company holds great potential to unlock mountains of car-hailing data that could help autonomous vehicles predict road conditions.

Notably missing from the list is Roadstar.ai, a self-driving startup that once rivaled Pony.ai and secured a record $128 million Series A round less than a year ago. Chinese tech news blog Liangziwei reported this week that shareholders are asking to dissolve and liquidate the Shenzhen and Silicon Valley-based firm following months of infighting among its senior executives.

Also unmentioned is Huawei, a potentially formidable player in autonomous driving. The telecom equipment maker’s foray into self-driving predates many other familiar names. Back in 2016, Huawei was among a group of tech firms and carmakers to form the Global Cross-industry 5G Automotive Association aimed at developing communications technology and commercial solutions for automated driving. Members of the alliance included Audi, BMW, Daimler, Ericsson, Intel, Nokia and Qualcomm. More recently, Huawei’s partnership with Audi brought more light to its ambition in autonomous tech, as it provided chipsets to power Audi’s L4 (which is more autonomous than L3) self-driving sedans.

Ford today is taking the wraps off the latest generation of the Escape . It’s a major re-work inside and out with new sheetmetal and powertrain options. The 2020 Escape is sportier, loaded with technology, and with hybrid and electric options, clearly built for the future.

The Escape has been Ford’s most affordable SUV since its debut in 2000. Smaller than the stalwart Explorer and more traditional than the Edge or Flex, Ford has always positioned the Escape as an easy and accessible sport utility vehicle. The upcoming version carries on that tradition while offering buyers new options.

The 2020 Escape comes in several variants. The base model sports a 1.5L EcoBoost engine or buyers can step up to a 2.0L EcoBoost. Ford is also offering the Escape in a traditional hybrid configuration and, for the first time, a plug-in hybrid setup. But buyers will have to wait for the plug-in version. This trim level will hit dealers next spring while the rest of the line will be available this fall.

Pricing hasn’t been released yet. The current Escape retails between $25k and $30k.

The driving range is competitive. Ford says the front-rear drive Escape equipped with the standard hybrid has an EPA-estimated range of 550 miles. The plug-in hybrid is expected to get 30 miles of range while just on electric while its 11 gallon fuel tank ensures it can still travel over 400 miles before needing a pitstop.

This is the second Escape generation offered in a hybrid setup but the first with a plug-in variant. Ford sold 114,000 hybrid Escapes between 2004 and 2012, but dropped the option for the current model line that debuted in 2012.

Ford has lofty ambitions for hybrid models. In 2018 the automaker stated it was going all-in on hybrid SUVs while stepping back from traditional cars. By 2020, Ford aims to have high-performance SUVs in market, including five with hybrid powertrains and one fully battery electric model. This includes the 2020 Ford Explorer Hybrid that should hit dealers this summer, and two entirely new off-road SUVs, including a new Bronco, and a small SUV that has yet to be named. There’s also that “performance battery electric utility” that will make up part of its overall SUV lineup, which is set for a 2020 release and will spearhead a plan to release six electric vehicle models by 2022. To help support this effort, the automaker/a> to add more production capacity at a second U.S. factory for its next-generation battery-electric vehicle program.

The Escape is available in either front-wheel drive or all-wheel drive configurations. At this time, though, the plug-in hybrid will only be offered with front-wheel drive while models equipped with the 250 HP 2.0L EcoBoost will only come paired with all-wheel drive.

Ford says the new Escape has best-in-class second-row legroom with a sliding backseat. While it steals a bit storage, this feature should make the backseat a bit more comfortable for passengers. Sadly, this option is only available in models feature gas engines. In the hybrid models, the battery pack lives under the rear seat, which prevents the seat from sliding — even still, by placing the battery under the seat, it doesn’t consume valuable storage space in the rear of the vehicle.

Ford made sure the Escape is equipped with a good assortment of standard and optional driver assist features. The standard suite includes Ford’s so-called Co-Pilot360 which includes automatic emergency breaking, rear view camera, andblind spot monitoring system. Other systems are options: parking assist, heads-up display, and adaptive cruise control.

An 8-inch touch screen is standard on SE models and features Ford’s Sync 3 system.

The outgoing Escape was in a need for an overhaul. Compared to its most direct competitors, car reviews often state the current Ford Edge falls short. Most reviews point to options like the Honda CR-V, Toyota RAV-4 and Mazda CX-5, stating they give drivers roomier cabins and offer lively powertrains. Ford released the third generation Escape in 2012 and updated the exterior in 2017 as sales were starting to falter.

Ford has big plans for its SUVs. In early 2018 it announced it was canceling production of all of its sedans leaving the Mustang as the only traditional car it sold in North America. The auto maker would instead turn to crossovers and SUVs to take the place of the Fusion, Taurus, Fiesta and Focus. Sales of traditional cars have been declining for years and Ford clearly felt it needed to embrace the latest trend by offering what most buyers want.

The 2020 Ford Escape is a notable leap forward for Ford’s smallest SUV. With the new hybrid options and larger interior, it should resonate well with shoppers looking for an eco-friendly people mover.

Guest writing for Extra Crunch / TechCrunch

We have published a smattering of interesting guest posts on TechCrunch and Extra Crunch from experts in their fields who want to spread their smart ideas to more people. Know someone who is brimming with ideas that deserves a larger platform? Definitely drop us a line and read what we are looking for.

Remote workers are the next “tech hub”

We have a provocative argument from Sherwood Morrison about the rise of the remote worker, which is near-and-dear to my heart. Morrison writes:

You don’t have to look far to find startup gurus and VCs who strongly advise against being remote, much less a nomad. The basic reasoning is simple: Not having a location doesn’t add anything, so why do it? Startups are fragile, so it’s best to avoid any work practice that could disrupt delicate growth cycles.

But that view is incorrect. For companies that have chosen to be distributed, remote has added value. Some claim they wouldn’t have grown as fast or as well if they weren’t remote. And there’s more to being a nomad than making sure your prime years go to better experiences than a daily commute between San Francisco and San Mateo.

At an education event in New York today, LEGO announced the launch of Education Spike. The company’s latest STEAM offering is designed for use in classroom settings — specifically grades sixth through eight (~ages 11 to 14).

The kits combine LEGO bricks with sensors, motors and the “Prime Hub.” In spite of title that sounds like it was created by an Amazon name generator, the product is essentially the working “brain” of all Spike creations.

It features a 100MHz processor, accelerometer, gyroscope, speaker, display and six input/output ports. The system is controlled on a mobile device via an app, which also features a number of 45 minute lessons to get students started and help them design programs using Scratch.

“We are seeing a challenge globally in middle school children, typically aged 11 – 14,” LEGO Education head Esben Stærk Jørgensen said in a release tied to the news. “At that age, children start losing their confidence in learning. The Confidence Poll data shows that most students say if they failed at something once, they don’t want to try again. With Spike Prime and the lessons featured in the SPIKE app, these children will be inspired to experiment with different solutions, try new things and ultimately become more confident learners.”

The system is available for pre-order starting today. It starts shipping in August.

Following the latest wave of price cuts at Amazon’s Whole Foods announced Monday evening, Walmart today introduced its own plans to challenge Amazon on grocery shopping through a partnership with Google. The company is rolling out a new voice ordering capability, Walmart Voice Order, which works across Google Assistant-powered platforms, including Google’s smart speakers and displays, smartphones, smartwatches, and more.

The news follows several efforts by Walmart to enter voice-based commerce, despite not offering its own hardware or voice assistant platform, as Amazon does with Echo and Alexa, respectively.

Two years ago, Walmart and Google partnered on voice-based shopping through Google Home devices. Specifically, customers could easily reorder favorites through Google’s shopping service, Google Express. However, Walmart disappeared from Google Express’ marketplace this January, and was more recently said to be testing an online grocery voice application with a small number of VIP customers, ahead of a spring launch.

The technology works similarly to what was developed for the Walmart-Google Express deal. For example, when a customer asks to order an item, the assistant will know to reorder the customer’s preferred item based on their order history. The assistant will also inform the customer what item it’s choosing and the price point.

This feature means the customer doesn’t have to speak the full name of an item when making a request. Instead, they could say just “milk” and the assistant would know they mean the “1 gallon of 1% Great Value organic milk” they ordered the last time.

To get started, Google Assistant users launch the feature as they would any other voice application. They’ll say: “OK Google, talk to Walmart.”

That’s still not as simple as Amazon’s assistant, though. Because of its first-party platform advantage, you can say, “Alexa, order milk” to order from Whole Foods, or “Alexa, add milk to my shopping list” for future orders or general list-making.

Walmart’s voice app is meant to be used to round-up items for a later purchase by adding them to a cart, instead of forcing a checkout upon each new addition. This lets you add an item as you realize you’re out – something that better reflects how customers use voice to shop.

“We know when using voice technology, customers like to add items to their cart one at a time over a few days – not complete their shopping for the week all at once,” noted Walmart’s SVP of Digital Operations, Tom Ward.

This was also one of the big oversights in the 2018 report that claimed voice shopping was a dud – it didn’t incorporate one of the most popular voice features – list-making – into its findings. It only considered voice shopping when orders were placed immediately. In reality, lists are big driver of later e-commerce purchases but aren’t as easily tracked.

Walmart says the new voice shopping feature will launch to all Google Assistant-powered devices this month, including Google Home, Android and iPhones, smartwatches, and other platforms, including those from third parties like JBL or Lenovo, among others. The rollout will be staged, meaning over the next few weeks more and more customers will get the update.

The retailer says other platforms besides Google will be added in time, but that isn’t likely to include Alexa.

MIT Media Lab spinoff Formlabs is one of the few 3D desktop 3D printing companies that has managed to buck the trends of a shrinking field. The startup found success by embracing stereolithography (SLA) printing, a technology that was previously the realm of hulking, industrial printers.

Previously far too expensive an unwieldy for many prototypers and hobbyists, the technology was much sought after for precision and detail you can’t get with standard FDM printing. With its latest devices, unveiled today at the Additive Manufacturing conference in Hannover, Germany, the company promises even more accuracy and detail than earlier models.

The Form 3 and and Form 3L mark the debut of a technology the company has deemed Low Force Stereolithography — or LFS. The new spin on the tech utilizes a similar resin based approach as SLA, but can offer more repeatable design for small scale manufacturing.

“We entered the industry seven years ago with the first powerful, affordable desktop SLA 3D printer and since then have shipped more than 50 thousand printers, and our customers have printed more than 40 million parts,” co-founder and CEO Max Lobovsky said in a release tied to the announcement. “We’re excited to take another huge leap forward with LFS 3D printing, dramatically improving the print quality and reliability people can expect while still offering the most powerful and affordable 3D printer on the market.”

Along with increased accuracy, the new machines feature real-time health updates, remote printing and modular designs, so users can swap out parts to keep them going. Like many of the updates, these appear to be designed at moving these machines beyond prototyping into small manufacturing devices.

That, after all, is commonly agreed to be the next major step for these sorts of products. In 2017, the company introduced the Form Cell, an array of top to five connected Form 2 printers That device was paired with a Wash and Cure system to ready products for small scale manufacturer.

The Form 3L, meanwhile, features a print size that’s between three to four times the size of the one offered on the Form 2, which puts it more in line with the build volume offered on far more expensive 3D printers.

FireHydrant, a NYC startup wants to help companies recover from IT disasters more quickly, and understand why they happened with the goal of preventing similar future scenarios from happening again. Today, the fledgling startup announced a $1.5 million seed investment from Work-Bench, a New York City venture capital firm that invests in early stage enterprise startups.

In addition to the funding, the company announced it was opening registration for its FireHydrant incident management platform. The product has been designed with Google’s Site Reliability Engineering (SRE) methodology in mind, but company co-founder and CEO Bobby Ross says the tool is designed to help anyone understand the cause of a disaster, regardless of what happened, and whether they practice SRE or not.

“I had been involved in several fire fighting scenarios — from production databases being dropped to Kubernetes upgrades gone wrong — and every incident had a common theme: ​absolute chaos​,” Ross wrote in a blog post announcing the new product.

The product has two main purposes, according to Ross. It helps you figure out what’s happening as you attempt to recover from an on-going disaster scenario, and once you’ve put out the fire, it lets you do a post-mortem to figure out exactly what happened with the hope of making sure that particular disaster doesn’t happen again.

As Ross describes it, a tool like PagerDuty can alert you that there’s a problem, but FireHydrant lets you figure out what specifically is going wrong and how to solve it. He says that the tool works by analyzing change logs, as a change is often the primary culprit of IT incidents. When you have an incident, FireHydrant will surface that suspected change, so you can check it first.

“We’ll say, hey, you had something change recently in this vicinity where you have an alert going off. There is a high likelihood that this change was actually causing your incident. And we actually bubble that up and mark it as a suspect,” Ross explained.

Like so many startups the company developed from a pain point the founders were feeling. The three founders were responsible for solving major outages at companies like Namely, DigitalOcean, CoreOS, and Paperless Post.

But the actual idea for the company came about almost accidentally. In 2017, Ross was working on a series of videos and needed a way to explain what he was teaching. “I began writing every line of code with live commentary, and soon FireHydrant started to take the shape of what I envisioned as an SRE while at Namely, and I started to want it more than the video series. 40 hours of screencasts recorded later, I decided to stop recording and focus on the product…,” Ross wrote in the blog post.

Today it integrates with PagerDuty, Github and Slack, but the company is just getting started with the three founders, all engineers, working on the product and a handful of Beta customers. It is planning to hire more engineers to keep building out the product. It’s early days, but if this tool works as described, it could go a long way toward solving the fire fighting issues that every company faces at some point.

Amazon-owned Whole Foods announced on Monday a third round of price cuts this morning that will see the grocer discounting hundreds of items, offering an average savings of 20 percent. Produce is an area of specific focus in this wave of price cuts, with lowered prices on seasonal items including greens, tomatoes, tropical fruits, and more. In addition, Amazon will expand its Prime benefits offered to Whole Foods shoppers with a larger selection of weekly deals, the company says.

Lowering prices at Whole Foods was one of the first major changes Amazon introduced following its $13.7 billion acquisition of the grocery chain in 2017. Almost immediately, discounts were put into place ranging from 6 percent on the low-end to as much as nearly 30 percent, in some cases. Last year, Amazon also introduced 10 percent savings for Prime members shopping at Whole Foods across the U.S. – including for its delivery services, where available.

Through previous rounds of price cuts and Prime member deals, Whole Foods says customers have saved “hundreds of millions” of dollars since the chain’s merger with Amazon.

Today, the retailer says it will again lower prices storewide, with a focus on produce. Some of the new savings include large yellow mangoes for $1 each; mixed-medley cherry tomatoes for $3.49 per 12oz, and organic bunched rainbow chard at $1.99 each. The WSJ reports over 500 products have seen price cuts, and are the broadest cuts to date.

In addition, Whole Foods will double the number of exclusive weekly Prime Member deals and discounts.

Over the next few months, Prime members shopping the store will be able to take advantage of over 300 Prime member deals on the season’s most popular items, the company notes. This includes, in April, discounts on things like organic asparagus and strawberries, antibiotics-free chicken, sliced ham, wild-caught halibut, Justin’s brand products, prepared sandwiches and wraps, and more. Every week, up to 20 deals are available to Prime members.

In some cases, these new discounts for Prime shoppers as high as 35 to 40 percent.

Prime members also save the usual 10 percent on hundreds of other items, not discounted through weekly sales.

“When Whole Foods Market joined the Amazon family, we set out to make healthy and organic food more accessible. Over the last year, we’ve been working together tirelessly to pass on savings to customers,” said Jeff Wilke, CEO of Amazon Worldwide Consumer, in a statement about the new cuts. “Every time a customer walks into a Whole Foods Market, they expect and trust industry-leading quality standards across aisles. And now they will experience that same Whole Foods Market quality with even more savings across departments.”

To kick off the new price cuts and encourage foot traffic in-store, customers who try Prime will get $10 off their $20 purchase for signing up for a membership. Membership includes Whole Foods’ weekly deals, free grocery pickup, free grocery delivery on orders over $35, Alexa shopping, and all the other Prime perks on Amazon.com.

The move to cut prices comes at a time when Walmart and Amazon are battling for grocery customers, with the former leveraging its existing brick-and-mortar footprint for free pickups, as well as its reputation as a low price leader. Unlike grocery delivery services such as Instacart or Target’s Shipt, Walmart’s groceries cost the same to pickup or deliver as they are in-store. (Target is now offering the same deal on Shipt, but only for Target items – not those delivered by other stores, which are still marked up.)

Walmart is also countering Amazon Alexa’s shopping features through a deal with Google, which now offers voice-activated shopping through Google Assistant, announced today.

To cater to grocery shoppers, Amazon is leaning more on its Prime membership program to entice customers used to the convenience of near-instant gratification and fast delivery. Whole Foods Market groceries ordered through Prime Now can arrive in 2 hours in over 60 metros, with more cities on the way. And grocery pickup is offered in 30 minutes at some Whole Foods locations.

Whole Foods isn’t Amazon’s only angle on food shopping: Amazon is also reportedly looking into retail space to open its own U.S. grocery chain separate from Whole Foods, and runs a handful of cashierless Amazon Go convenience stores.