5
Technology
If you&ve ever bought an Android phone, therea good chance you booted it up to find it pre-loaded with junk you definitely didn&t ask for.
These pre-installed apps can be clunky, annoying to remove, rarely updated… and, it turns out, full of security holes.
Security firm Kryptowire built a tool to automatically scan a large number of Android devices for signs of security shortcomings and, in a study funded by the U.S. Department of Homeland Security, ran it on phones from 29 different vendors. Now, the majority of these vendors are ones most people have never heard of — but a few big names like Asus, Samsung and Sony make appearances.
Kryptowire says they found vulnerabilities of all different varieties, from apps that can be forced to install other apps, to tools that can be tricked into recording audio, to those that can silently mess with your system settings. Some of the vulnerabilities can only be triggered by other apps that come pre-installed (thus limiting the attack vector to those along the supply chain); others, meanwhile, can seemingly be triggered by any app the user might install down the road.
Kryptowire has a full list of observed vulnerabilities here, broken down by type and manufacturer. The firm says it found 146 vulnerabilities in all.
As Wired points out, Google is well aware of this potential attack route. In 2018 it launched a program called the Build Test Suite (or BTS) that all partner OEMs must pass. BTS scans a devicefirmware for any known security issues hiding amongst its pre-installed apps, flagging these bad apps as Potentially Harmful Applications (or PHAs). As Google puts it in its 2018 Android security report:
OEMs submit their new or updated build images to BTS. BTS then runs a series of tests that look for security issues on the system image. One of these security tests scans for pre-installed PHAs included in the system image. If we find a PHA on the build, we work with the OEM partner to remediate and remove the PHA from the build before it can be offered to users.
During its first calendar year, BTS prevented 242 builds with PHAs from entering the ecosystem.
Anytime BTS detects an issue we work with our OEM partners to remediate and understand how the application was included in the build. This teamwork has allowed us to identify and mitigate systemic threats to the ecosystem.
Alas, one automated system can&t catch everything — and when an issue does sneak by, thereno certainty that a patch or fix will ever arrive (especially on lower-end devices, where long-term support tends to be limited).
We reached out to Google for comment on the report, but have yet to hear back.
Update —Googleresponse:
We appreciate the work of the research community who collaborate with us to responsibly fix and disclose issues such as these.
- Details
- Category: Technology
Read more: Those crappy pre-installed Android apps can be full of security holes
Write comment (92 Comments)&5 months and growing strong& the Libra Association announced today in a post about its technical infrastructure that completely omits the fierce regulatory backlash to its cryptocurrency.
Forty wallets, tools and block explorers plus 1,700 GitHub commits have how now been built on its blockchain testnet thatseen 51,000 mock transactions in the past two months. Libra nodes that process transactions are now being run by Coinbase, Uber, BisonTrails, Iliad, Xapo, Anchorage and FacebookCalibra. Six more nodes are being established, plus there are 8 more getting set up from members who lack technical teams, meaning all 21 members have nodes running or in the works.
But the update on the Libra backend doesn&t explain how the association plans to get all the way to its goal of 100 members and nodes by next year when it originally projected a launch. And it gives no nod to the fact that even if Libra is technically ready to deploy its mainnet in 2020, government regulators in the U.S. and around the world still won&t necessarily let it launch.
Facebook itself seems to be hedging its bets on fintech in the face of pushback against Libra. This week it began the launch of Facebook Pay, which will let users pay friends, merchants and charities with a single payment method across Facebook, Messenger, WhatsApp and Instagram.
Facebook Pay could help the company drive more purchases on its platform, get more insights into transactions and lead merchants to spend more on ads to lure in sales facilitated by quicker payments. Thatmost of what Facebook was trying to get out of Libra in the first place, beyond better financial inclusion.
Last monthcongressional testimony from Facebook CEO Mark Zuckerberg was less contentious than Libra board member David Marcus& appearances on Capitol Hill in July. Yet few of lawmakers& core concerns about how Libra could facilitate money laundering, endanger users& assets and give Facebook even more power amidst ongoing anti-trust investigations were assuaged.
This set of announcements from the Libra Core summit of technical members was an opportunity for the project to show how it was focused on addressing fraud, security and decentralization of power. Instead, the Libra Association took the easy route of focusing on what the Facebook-led development team knows best: writing code, not fixing policy. TechCrunch provided questions to the Libra Association and some members, but the promised answers were not returned before press time.
[Update: In response to our article and criticisms about the lack of acknowledgement of regulatory issues, a Libra spokesperson provided the following statement.]
TodayLibra Core Summit was the first step towards a collaborative development plan for Libra Core and Move. The summit was designed to educate and support members in areas include running a Libra node, building a Libra wallet, scaling the Libra network and interoperability between Libra wallet. There are many facets of the Libra project that are working in tandem. The Libra Association executive leadership team is continuing the critical work to listen to, engage and collaborate with regulators around the world.
&For those organizations without a technical team to implement a node, the Libra Association is working on a strategy to support deployment in 2020, when the Libra Core feature set is complete& the AssociationMichael Engle writes. &The Libra Association intends to deploy 100 nodes on the mainnet, representing a mix of on-premises and cloud-hosted infrastructure.& It feels a bit like Libra is plugging its ears.
Having proper documentation, setting up CLAs to ease GitHub contributions, standardizing the Move code language, a Bug Bounty program and a public technical roadmap are a good start. But until the Association can answers Congress& questions directly, they&re likely to refuse Libra approval, which Zuckerberg said the project won&t launch without.
- Details
- Category: Technology
Read more: Facebook’s Libra code chugs along ignoring regulatory deadlock
Write comment (95 Comments)
When Salesforce announced this week that it was moving Marketing Cloud to Microsoft Azure, it was easy to see this as another case of wacky enterprise partnerships. But there had to be sound business reasons why the partnership came together, rather than going with AWS or Google Cloud Platform, both of which are also Salesforce partners in other contexts.
If you ask Salesforce, it says it was ultimately because of compatibility with Microsoft SQL.
&Salesforce chose Azure because it is a trusted platform with a global footprint, multi-layered security approach, robust disaster recovery strategy with auto failover, automatic updates and more,& a Salesforce spokesperson told TechCrunch. &Marketing Cloud also has a long standing relationship with Microsoft SQL which makes the transition to SQL on Azure a natural decision.&
Except for the SQL part, Microsoftchief rivals at AWS and Google Cloud Platform also provide those benefits. In fact, each of those reasons cited by the spokesperson — with the exception of SQL — are all part of the general cloud infrastructure value proposition that all the major cloud vendors provide.
Thereprobably more to it than simply compatibility. There is also a long-standing rivalry between the two companies, and why in spite of their competition, they continue to make deals like this in the spirit of co-opetition. We spoke to a few industry experts to get their take on the deal to find out why these two seeming rivals decided to come together.
Retailerdilemma
Tony Byrne, founder and principal analyst at Real Story Group, thinks it could be related to the fact ita marketing tool and some customers may be wary about hosting their businesses on AWS while competing with Amazon on the retail side. This is a common argument for why retail customers in particular are more likely to go with Microsoft or Google over AWS.
&Salesforce Marketing Cloud tends to target B2C enterprises, so the choice of Azure makes sense in one context where some B2C firms are wary of Amazon for competitive reasons. But I&d also imagine theremore to the decision than that,& Byrne said.
- Details
- Category: Technology
Read more: Why Salesforce is moving Marketing Cloud to Microsoft Azure
Write comment (96 Comments)Earlier this month, at the WebSummit conference in Lisbon, D-Wave and Volkswagen teamed up to manage a fleet of buses using a new system that, among other things, used D-Wave quantum technology to help generate the most efficient routes. While D-Wave2000Q only played a small part in this process, itnevertheless a sign that quantum computing is slowly getting ready for production use and that D-Waveapproach, somewhat controversial in its early days, is paying off.
Unlike other players in the quantum computing market, D-Wave always bet on quantum annealing as its core technology. This technology lends itself perfectly to optimization problems like the kind of routing problem the company tackled with VW, as well as sampling problems, which, in the context of quantum computing, are useful for improving machine learning models, for example. Depending on their complexity, some of these problems are nearly impossible to solve with classical computers (at least in a reasonable time).
Grossly simplified, with quantum annealing, you are building a system that almost naturally optimizes itself for the lowest energy state, which then represents the solution to your problem.
Microsoft, IBM, Rigetti and others are mostly focused on building gate-model quantum computers and they are starting to see results (with the exception of Microsoft, which doesn&t have a working computer just yet and is hence betting on partnerships for the time being). But this is also a far more complex problem. And while you can&t really compare these technologies qubit to qubit, ittelling that D-Wavelatest machines, the Advantage, will feature 5,000 qubits — while the state of the art among the gate-model proponents is just over 50. Scaling these machines up is hard, though, especially given that the industry is still trying to figure out how to manage the noise issues.
D-Wave remains the only major player thatbetting on annealing, but the companyCEO Vern Brownell remains optimistic that this is the right approach. &We feel more strongly about our decision to do quantum annealing now that there are a few companies that actually have quantum computers that people can access,& he said in an interview earlier this month.
&We have customers, Volkswagen included, that have run problems against those other computers and seeing what they can actually do and itvastly different. Our capability is many orders of magnitude faster for most problems than what you can do with other quantum computers. And that is because of the choice of quantum annealing. And that is because quantum healing is more robust to errors.& Error correction, he argues, remains the fundamental problem, and will hamper the performance of these systems for the foreseeable future. &And in order to move into the enterprise or any kind of practical application, that error correction needs to be wrestled with,& he noted.
- Details
- Category: Technology
Read more: D-Wave sticks with its approach to quantum computing
Write comment (96 Comments)Cyan Banister is an American success story. A homeless teenager who originally supported herself by making hemp necklaces, then silk-screen T-shirts, she went on to become a self-taught engineer and to later hold several management roles at the security startup IronPort. It was a life-changing experience for her. She made an early fortune when it sold to Cisco for $830 million in 2007. She also met her husband, Scott Banister, who co-founded the company, and the two together and separately began writing seed-stage checks, including to SpaceX, Uber and a long list of companies that are now household names.
When seed-stage valuations began soaring to levels that gave them both pause, they hit the brakes, and Banister, a self-described workaholic, headed over to AngelList as an &ev-angel-list& to help recruit people like herself to its platform. Soon after, Peter ThielFounders Fund reached out to her and invited her to become a partner.
In a wide-ranging conversation at a San Francisco event on Wednesday, we talked with Banister about that path, along with her investing style, which still sees her make angel investments of $1.5 million or less in companies that are often ambitiously futuristic or boringly practical and very much needed. (She kidded that they balance out one another.)
We also chatted about Founders Fund, which has changed considerably since its 2005 founding yet maintained its reputation as a top fund — and we discussed why she thinks many of its original partners no longer live in San Francisco.
Among the things we learned: that Founders Fund doesn&t have Monday morning partner meetings, as do many firms. It doesn&t even have weekly meetings, with Banister instead describing a highly decentralized operation. &We have very few meetings, actually,& she said. &We have a brunch every two or three weeks thatan hour, hour-and-a-half long. We submit the agenda over Slack; sometimes, we have nothing to talk about and itvery short. You literally get a plate of food, talk about the one or two items, and you&re done.&
Founders Fund also has quarterly off-sites, typically at a partnerhouse, and these are &all day affairs,& she said, adding that the team &doesn&t talk about specific deals. We talk about the future, about whatexciting to all of us, what our different strategies might be.&
As for how decisions get made, Banister explained that the voting structure is dependent on the size of the check. &So you&d meet with one or two or three or four partners, depending on your [investing] stage,& she told attendees. Because shelooking at very early-stage startups, for example, she doesn&t have to meet with many people to make a decision. As &dollar amounts gets larger,& she continued, &you&re looking at full GP oversight,& including the involvement of senior members like Brian Singerman and Keith Rabois, and &that can a little more difficult.&
Asked how involved Thiel himself is in these decisions, Banister said that therea certain threshold above which he is always involved. Pressed on what that number is, Banister smiled, adding, &Letjust say ita lot.&
Pointing to the other senior members of the team, she offered that the partnership doesn&t &need Peteradvice all the time, but therea certain point where he has to get involved and meet the founders. Ideally, ita company that we brought in at its early stages and has grown with us and he has already developed a relationship with [its founders]. We also do an off-site once a year, which is a great opportunity for him& to see everyone involved in the firmportfolio. &But hepretty involved,& she said. &He comes to these brunches and [quarterly] off-sites. We see him more now [since he called it quits in San Francisco and moved to LA] than we did when he lived next door because hestuck. If he comes to San Francisco, wherehe going to go? He has to stay in his office,& she joked.
Banister declined to confirm or comment on a recent WSJ report that Founders Fund is in the process of closing on $3 billion in capital commitments across two funds — a flagship fund and an opportunity type of fund to support its companies as they remain private ever longer.
But before we let her go, we asked Banister about turnover at the firm. Specifically, we noted, while Founders Fund was formed by Thiel, along with co-founders Ken Howery, Luke Nosek and Sean Parker, Howery is now the U.S. ambassador to Sweden, Nosek runs a separate fund in Austin called Gigafund and Parker is off doing a variety of other things, many of them also in LA.
She explained that everyone is encouraged to do what they want. For instance, she said, &Ken was encouraged to pursue his political aspirations; thatsomething he has always wanted to do.&
But she also acknowledged that San Francisco itself might be a common thread. &Ittoo expensive here. Thatthe problem. We need to build more housing. We can&t afford people to even serve us in this town, they come in from other cities, they can&t even live here. And thata huge problem when you&re investing and your thesis is to invest only in Silicon Valley and the surrounding area.& In fact, Founders Fund is &already starting to look elsewhere [for startups], including in the Midwest,& she said.
As for whether San Francisco is doing enough for founders — or founders enough for San Francisco — Banister suggested both are coming up far short, saying of the city that &it should be the most technologically advanced& in the world. &Thereno reason we shouldn&t be like Tokyo . . . when we gave birth to Airbnb and Uber, and yet our city looks the way it does and operates the way it does and ita disaster.&
Tech founders and employees are in a particularly &weird situation& where on the one side a &large part of this city hates technology and hates all of us,& and on the other are people like Salesforce founder Marc Benioff who are funneling money into the city but whose efforts don&t appear to her to be making a difference. &I&ve yet to see a dent& in homelessness, she said as an example. In the meantime, &crime is going up and we now have a district attorney who won&t prosecute crimes that have to do with any sort of quality-of-life [issue]. [San Francisco is] going to start something instead where if your [car] window is broken, they&ll replace it with some kind of window Uber app at a discounted rate.&
The crowd laughed. Some attendees thought she was joking about the window replacement service. She wasn&t. &This is a really bad direction [we&re headed in],& she said. &We need diversity of thinking here, and we don&t have it on the political level, and we all need to get more involved.&
- Details
- Category: Technology
Read more: VC Cyan Banister on who decides what at Founders Fund (and much more)
Write comment (99 Comments)The Daily Crunch is TechCrunchroundup of our biggest and most important stories. If you&d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.
1. TikTok tests social commerce
The short-form video app said itallowing some users to add links to e-commerce sites (or any other destination) to their profile, while also offering creators the ability to easily send their viewers to shopping websites.
On their own, these changes might not sound that dramatic, and parent company ByteDance characterizes them as experiments. But it could eventually lead TikTok to become a major force in commerce — and to follow the lead of Instagram, where &link in bio& has become one of the most common promotional messages.
2. Despite bans, Giphy still hosts self-harm, hate speech and child sex abuse content
A new report from Israeli online child protection startup L1ght has uncovered a host of toxic content hiding within the popular GIF-sharing community, including illegal child abuse content, depictions of rape and other toxic imagery associated with topics like white supremacy and hate speech.
3. Lyft is ceasing scooter operations in six cities and laying off 20 employees
Lyft notified employees today that itpulling its scooters from six markets: Nashville, San Antonio, Atlanta, the Phoenix area, Dallas and Columbus. A spokesperson told us, &We&re choosing to focus on the markets where we can have the biggest impact.&
4. Takeaways from Nvidialatest quarterly earnings
After yesterdayearnings report, Wall Street seems to have barely budged on the stock price — everyonewaiting for resolution on some of the key questions facing the company. (Extra Crunch membership required.)
5. Virgin Galactic begins ‘Astronaut Readiness Program& for first paying customers
The program is being run out of the global headquarters of Under Armour, Virgin Galacticpartner for its official astronaut uniforms. The training, with instruction from Chief Astronaut Instructor Beth Moses and Chief Pilot Dave Mackay, is required for all Virgin Galactic passengers.
6. AWS confirms reports it will challenge JEDI contract award to Microsoft
In a statement, an Amazon spokesperson suggested that there was possible bias in the selection process: &AWS is uniquely experienced and qualified to provide the critical technology the U.S. military needs, and remains committed to supporting the DoDmodernization efforts.&
7. SoftBank Vision FundCarolina Brochado is coming to Disrupt Berlin
At SoftBankVision Fund, Brochado focuses on fintech, digital health and marketplace startups. Some of her past investments with both Atomico and SoftBank include LendInvest, Gympass, Hinge Health, Ontruck and Rekki.
- Details
- Category: Technology
Read more: Daily Crunch: TikTok starts experimenting with commerce
Write comment (96 Comments)Page 345 of 5614