Category: StartUps

Mercedes-Benz car owners have said that the app they used to remotely locate, unlock and start their cars was displaying other people’s account and vehicle information.

TechCrunch spoke to two customers who said the Mercedes-Benz’ connected car app was pulling in information from other accounts and not their own, allowing them to see other car owners’ names, recent activity, phone numbers, and more.

The apparent security lapse happened late-Friday before the app went offline “due to site maintenance” a few hours later.

It’s not uncommon for modern vehicles these days to come with an accompanying phone app. These apps connect to your car and let you remotely locate them, lock or unlock them, and start or stop the engine. But as cars become internet-connected and hooked up to apps, security flaws have allowed researchers to remotely hijack or track vehicles.

One Seattle-based car owner told TechCrunch that their app pulled in information from several other accounts. He said that both he and a friend, who are both Mercedes owners, had the same car belonging to another customer, in their respective apps but every other account detail was different.

Screenshots of the Mercedes-Benz app showing another person’s vehicle, and exposed data belonging to another car owner. (Image: supplied)

The car owners we spoke to said they were able to see the car’s recent activity, including the locations of where it had recently been, but they were unable to track the real-time location using the app’s feature.

When he contacted Mercedes-Benz, a customer service representative told him to “delete the app” until it was fixed, he said.

The other car owner we spoke to said he opened the app and found it also pulled in someone else’s profile.

“I got in contact with the person who owns the car that was showing up,” he told TechCrunch. “I could see the car was in Los Angeles, where he had been, and he was in fact there,” he added.

He said that he wasn’t sure if the app has exposed his private information to another customer.

“Pretty bad fuck up in my opinion,” he said.

The first customer reported that the “lock and unlock” and the engine “start and stop” features did not work on his app, somewhat limiting the impact of the security lapse. The other customer said they did not attempt to test either feature.

It’s not clear how the security lapse happened or how widespread the problem was. A spokesperson for Daimler, the parent company of Mercedes-Benz, did not respond to a request for comment on Saturday.

According to Google Play’s rankings, more than 100,000 customers have installed the app.

A similar security lapse hit Credit Karma’s mobile app in August. The credit monitoring company admitted that users were inadvertently shown other users’ account information, including details about credit card accounts and balances. But despite disclosing other people’s information, the company denied a data breach.

Source: Tech Crunch

Whatever you might say about HTC (and believe me, there’s plenty to say), at least the company takes some fascinating chance. As newly minted CEO Yves Maitre admitted to me at Disrupt a couple of weeks back, the once mighty smartphone giant has lost the thread in recent years. But if nothing else, the Exodus project marks a glimpse at some potential smartphone future.

With this weekend’s launch of the Exodus 1s at Berlin’s Lightning conference, HTC aims to make it clear that the project is more than just a one-off. The new device lowers the barrier of entry to €219 (~$244). All said, not a bad price for those looking to dabble in the technology. Oh, and obviously it’s available in all of the various equivalent cryptocurrencies.

The specs are fittingly pretty dismal. There’s a Snapdragon 435, running Android 8.1. The screen is a 5.7 inch HD+, coupled with a decent 4GB of RAM and 64GB of storage. Oh, and there’s a microUSB port and, good news, a headphone jack. Honestly, it’s a pretty low-end device, all told.

The big difference here being the the inclusion of a hardware wallet and Bitcoin node access. “We gave users the ability to own their own keys, and now we’ve gone one step further to allow users to run their own full Bitcoin node,” HTC’s Phil Chen said in a release tied to the news. “We are providing the tools for access to universal basic finance; the tools to have a metaphorical Swiss bank in your pocket.”

Maitre told me the other week he still believes mainstream use of blockchain on these devices is more than two or three years out. What the 1s provides, however, is an inexpensive way to see what the technology provides today. Interested parties in Europe, Taiwan, Saudi Arabia and the UAE can order it online starting today.

Source: Tech Crunch

Alphabet -owned drone delivery spin-out Wing is starting to service U.S. customers, after becoming the first drone delivery company to get the federal go-ahead to do so earlier this year. Wing is working with FedEx Express and Walgreens on this pilot, and their first customers are Michael and Kelly Collver, who will get a “cough and cold pack,” which includes Tylenol, cough drops, facial tissues, Emergen-C and bottled water (do people who have colds need bottled water?).

The Collvers are receiving their package in Christianburg, Va., which is where Wing and Walgreens will run this inaugural pilot of the drone delivery service. Walgreens gets a noteworthy credit in the bargain, becoming the first U.S. retailer to do a store-to-customer doorstep delivery via drone, while FedEx will be the first logistics provider to deliver an e-commerce drone delivery with a separate shipment.

Wing is also working with Virginia’s Sugar Magnolia, a retailer local to the state, and that part of the equation is focused on proving out how Wing and drone delivery can service last-mile e-commerce customers at their homes. Sugar Magnolia customers can get small items, including chocolates and paper goods, delivered directly to them via drone through the new pilot.

Wing was able to do this with a new Air Carrier Certificate from the FAA that clears it for expanded service, specifically allowing Wing’s pilots to manage multiple aircraft flying without any human pilot on board at the same time, while providing service to the public.

It’s a big milestone when it comes to U.S.-based drone delivery, and another sign that people should get ready for these services to start to be a more regular fixture. Earlier this month, UPS also secured FAA approval to operate a commercial drone delivery service, so the trials will probably come fast and furious at this point — though widespread service is probably still quite a ways off as both regulators and operators look to learn from their first limited deployments.

Source: Tech Crunch

Facebook just lost a battle in its war to stop a $35 billion class action lawsuit regarding alleged misuse of facial recognition data in Illinois. Today it was denied its request for an en banc hearing before the full slate of ninth circuit judges that could have halted the case. Now the case will go to trial unless the Supreme Court intercedes.

The suit alleges that Illinois citizens didn’t consent to having their uploaded photos scanned with facial recognition and weren’t informed of how long the data would be saved when the mapping started in 2011. Facebook could face $1000 to $5000 in penalties per user for 7 million people, which could sum to a maximum of $35 billion.

A three-judge panel of ninth circuit judges rejected Facebook’s motion to dismiss the case and its appeal of the class certification of the plaintiffs back in August. One of those judges said that it “seems likely” that the Facebook facial recognition data could be used to identify them in surveillance footage or even unlock a biometrically secured cell phone. Facebook had originally built the feature to power photo tag suggestions, asking users if it’s them or a particular friend in an untagged photo.

Nicholas Iovino spotted the announcement today that we’ve attained and embedded below. When asked for comment, a Facebook spokesperson responded “Facebook has always told people about its use of face recognition technology and given them control over whether it’s used for them. We are reviewing our options and will continue to defend ourselves vigorously.”

Filed in 2015, Facebook has done everything to try to block the class action case, from objecting to definitions of tons of words in the suit to lobbying against the underlying Biometric Information Privacy Act.

The class action poses an even greater penalty than the record-breaking $5 billion settlement Facebook agreed to over violations of its FTC consent decree. Though that payment amounts to a fraction of the $55 billion in revenue Facebook earned last year, it’s also been sidled with tons of new data privacy and transparency requirements. The $35 billion threat coming into focus contributed to a 2.25% share price drop for Facebook today.

[Image Credit: Mike MacKenzie]

Additional reporting by Zack Whittaker

Source: Tech Crunch

Atlassian today announced that it has acquired Code Barrel, the makers of Automation for Jira, a low-code tool for easily automating many aspects of Jira that’s also one of the most popular add-ons for Jira Software and Jira Service Desk in Atlassian’s marketplace. The two companies did not disclose the price of the acquisition.

Sydney-based Code Barrel was founded by two of the first engineers who built Jira at Atlassian, Nick Menere and Andreas Knecht. With this acquisition, they are returning to Atlassian after four years in startup land.

“For me and Andreas, it’s almost like coming home,” said Menere, who joined the Jira team in 2005 when there were only a handful of developers working on the product. “It’s the place where we pretty much learned how to develop software and how to develop product. For us, this was the only company we would ever go back to.”

As the name implies, Automation for Jira makes it easy to automate recurring tasks in Atlassian’s issue and project tracking service. “Increasingly, [our customers] are having to spend a lot of time on the mundane,” Noah Wasmer, the VP of Product for Tech Teams at Atlassian, told me. “What we’re seeing is that with Jira as the backbone, they are interacting with a lot of systems, are duplicating work, are manually entering work into different systems. And so what we’re finding is that they’re spending an inordinate amount of time doing things that aren’t actually helping them build and create those next-generation things that help change our world.”

If you want to reduce this kind of duplication of work, then automation is the obvious thing to look at. And with more than 6,000 companies that found Code Barrel’s solution in Atlassian’s marketplace, plus the founders’ obvious connection to the company, Automation for Jira must have been an obvious candidate for an acquisition.

Wasmer also stressed that the fact that they built a no-code tool will allow anybody who uses Jira to create scripts without having to be a programmer. Automation for Jira allows users to set up time-based rules or those that run based on triggers inside of Jira. It also features third-party integrations with SMS, Slack and Microsoft Teams, among others.

For the time being, Automation for Jira will remain in the Atlassian Marketplace and will continue to sell at the same price of $5/user/month for teams with up to 10 users and $2.5/user/month for teams between 11 and 100 users, with prices going down from there for larger enterprises. Surely, Atlassian will start integrating some of the tool’s features into Jira, but for the time being the company doesn’t have anything to announce on that front.

Source: Tech Crunch

Bosch is set to launch a new AI-based sensor system to the International Space Station that could change the way astronauts and ground crew monitor the ISS’s continued healthy operation. The so-called “SoundSee” module will be roughly the size of a lunch box, and will make its way to the ISS via Northrop Grumman’s forthcoming CRS-12 resupply mission, which is currently set for a November 2 launch.

The SoundSee module combines microphones with machine learning to perform analysis of sounds it picks up from the station, which it can use to effectively establish a healthy baseline, and then continually use new audio data to compare in order to get advance notice of potential mechanical issues via changes that could signal problems.

SoundSee will be mobile via installation on Astrobee, an autonomous floating cube-shaped robot that took its first totally self-guided flight in reduced gravity in June this year. Astrobee’s roving role is a perfect way for Bosch’s SoundSee tech, which it developed in partnership with Astrobotic and NASA, to work on and develop its autonomous sensing tech which it will eventually use to provide info about how systems are currently performing on the ISS, and when specific systems might need maintenance or repairs – ideally before it becomes an issue.

The first autonomous flight of Astrobee took place in June, 2019 on the ISS.

As with other things that Astrobee is designed to help with, SoundSee’s ultimate aim is to automate things that the astronaut crew of the ISS currently have to do manually. Already, SoundSee has been undergoing extensive ground testing here on Earth in a simulated environment similar to what it will experience on the ISS, but once in space, it’ll face the real test of its intended use scenario.

Source: Tech Crunch