Amazon announces a new game service and plenty of hardware upgrades, tech companies team up against app stores and United Airlines tests a program for rapid COVID-19 testing. This is your Daily Crunch for September 24, 2020.
The big story: Amazon unveils its own game-streaming platform
Amazon’s competitor to Google Stadia and Microsoft xCloud is called Luna, and it’s available starting today at an early access price of $5.99 per month. Subscribers will be able to play games across PC, Mac and iOS, with more than 50 games in the library.
The company made the announcement at a virtual press event, where it also revealed a redesigned Echo line (with spherical speakers and swiveling screens), the latest Ring security camera and a new, lower-cost Fire TV Stick Lite.
You can also check out our full roundup of Amazon’s announcements.
The tech giants
App makers band together to fight for App Store changes with new ‘Coalition for App Fairness’ — Thirteen app publishers, including Epic Games, Deezer, Basecamp, Tile, Spotify and others, launched a coalition formalizing their efforts to force app store providers to change their policies or face regulation.
LinkedIn launches Stories, plus Zoom, BlueJeans and Teams video integrations as part of wider redesign — LinkedIn has built its business around recruitment, so this redesign pushes engagement in other ways as it waits for the job economy to pick up.
Facebook gives more details about its efforts against hate speech before Myanmar’s general election — This includes adding Burmese language warning screens to flag information rated false by third-party fact-checkers.
Startups, funding and venture capital
Why isn’t Robinhood a verb yet? — The latest episode of Equity discusses a giant funding round for Robinhood.
Twitter-backed Indian social network ShareChat raises $40 million — Following TikTok’s ban in India, scores of startups have launched short-video apps, but ShareChat has clearly established dominance.
Spotify CEO Daniel Ek pledges $1Bn of his wealth to back deeptech startups from Europe — Ek pointed to machine learning, biotechnology, materials sciences and energy as the sectors he’d like to invest in.
Advice and analysis from Extra Crunch
3 founders on why they pursued alternative startup ownership structures — At Disrupt, we heard about alternative approaches to ensuring that VCs and early founders aren’t the only ones who benefit from startup success.
Coinbase UX teardown: 5 fails and how to fix them — Many of these lessons, including the need to avoid the “Get Started” trap, can be applied to other digital products.
As tech stocks dip, is insurtech startup Root targeting an IPO? — Alex Wilhelm writes that Root’s debut could clarify Lemonade’s IPO and valuation.
(Reminder: Extra Crunch is our subscription membership program, which aims to democratize information about startups. You can sign up here.)
United Airlines is making COVID-19 tests available to passengers, powered in part by Color — United is embarking on a new pilot project to see if easy access to COVID-19 testing immediately prior to a flight can help ease freedom of mobility.
Announcing the final agenda for TC Sessions: Mobility 2020 — TechCrunch reporters and editors will interview some of the top leaders in transportation.
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.
From new Ring flying indoor drone cameras to an adorable new kids version of one of its most popular Amazon home products, Jeff Bezos’ Seattle retailer unveiled a slew of new hardware goodies just ahead of the holiday shopping season.
Image Credits: Amazon
Amazon kicked off its latest hardware showcase by unveiling a new version of the company’s Echo devices, which now include spherical speakers (with a version for kids featuring cute animal graphics). Amazon also unveiled an updated, more personalized Echo capabilities and a new tracking feature for its Show 10 that mirrors Facebook’s Portal in its ability to follow users as they move around a room.
Ring’s new things
Ring also had plenty to pitch at the Amazon hardware show. The security camera company is updating its line with the Always Home Cam, a diminutive drone that can be scheduled to fly preset paths, which users can determine themselves.
It also rolled out new hardware for the automotive market with three different devices focused on car owners. A Ring Car Alarm that will retail for $59.99; and the Car Cam and Car Connect will both be $199.99. Ring Car Alarm provides basic features that work with the Ring app, sending alerts to trigger a series of potential responses. The alarm also integrates with other Ring devices or Amazon Alexa hardware and connects using Amazon’s low-bandwidth Sidewalk wireless network protocol.
Meanwhile, the Car Cam allows users to check in on their car via video as long as users are in range of a wifi network, or opt-in to the additional LTE companion plan Ring is selling. The cam also includes an Emergency Crash Assist feature that alerts first responders, and a recording feature that turns on if a user says “Alexa, I’m being pulled over”. Finally, the car connect is an API that manufacturers, starting with Tesla, can use to provide Ring customers with mobile alerts for events detected around vehicles or watch footage recorded with onboard cameras.
Ring also added new opt-in end-to-end video encryption for those users who want it.
New ways to Fire TV
Image Credits: Amazon
The company’s TV platform got several updates. The biggest is probably the addition of the new, lower cost Fire TV Stick Lite at $29.99. For $39.99, meanwhile, you can pick up the new Fire TV Stick, which features a process that’s 50% faster. The platform is also adding Video Calling — a nice addition in the era of working from home — along with a new, improved layout.
Amazon goes ga-ga for gaming
Last, but certainly not least, Amazon announced its new game-streaming platform, Luna.
The long-awaited gaming competitor to Google Stadia and Microsoft xCloud is launching an early access version at a price of $5.99 per-month, the company said. Users will be able to stream titles wirelessly without downloading games and can play across PC, Mac, and iOS (via the web).
Initially, the company will have more than 50 titles in the Luna+ app, including at least one Sonic title and Remedy Entertainment’s control. There’s a partnership with Ubisoft in the works, but access to those games may require a separate subscription.
The company is launching the product in early access at an introductory price of $5.99 per month. Users will be able to stream titles wirelessly without downloading the games and can play across PC, Mac and iOS (via the web). Users in the United States can request early access starting today.
Amazon says they will be launching with more than 50 games in the Luna+ app, including at least one Sonic title and Remedy Entertainment’s Control. The company has also partnered with Ubisoft but it seems users will have to subscribe separately to get access to those titles. The whole service is powered by AWS. Amazon says that users will be able to play titles at up to 4K 60fps performance.
One of the big selling points for the platform will be its Twitch integration, which will theoretically allow gamers to dive right into the titles they just saw their favorite streamers playing. This will depend heavily on coaxing streamers to play the limited subsection of titles that are present on Luna, however. Google made much the same pitch with Stadia and YouTube Gaming, but that dream hasn’t been fully realized yet.
Much like Google Stadia, Amazon will also be selling a custom controller that connects directly to the service to reduce latency. The Alexa-enabled Luna Controller will go for $49.99 during the early access period.
With this entrance, now Google, Microsoft and Amazon are each competing to define a new gaming platform. It’s apparent that Microsoft has a huge advantage given its existing relationships with developers and its own network of Microsoft-owned studios, but we’ll see what Amazon can cook up during the platform’s early access period.
The headlines aren’t always kind to the National Security Agency, a spy agency that operates almost entirely in the shadows. But a year ago, the NSA launched its new Cybersecurity Directorate, which in the past year has emerged as one of the more visible divisions of the spy agency.
At its core, the directorate focuses on defending and securing critical national security systems that the government uses for its sensitive and classified communications. But the directorate has become best known for sharing some of the more emerging, large-scale cyber threats from foreign hackers. In the past year the directorate has warned against attacks targeting secure boot features in most modern computers, and doxxed a malware operation linked to Russian intelligence. By going public, NSA aims to make it harder for foreign hackers to reuse their tools and techniques, while helping to defend critical systems at home.
But six months after the directorate started its work, COVID-19 was declared a pandemic and large swathes of the world — and the U.S. — went into lockdown, prompting hackers to shift gears and change tactics.
“The threat landscape has changed,” Anne Neuberger, NSA’s director of cybersecurity, told TechCrunch at Disrupt 2020. “We’ve moved to telework, we move to new infrastructure, and we’ve watched cyber adversaries move to take advantage of that as well,” she said.
Publicly, the NSA advised on which videoconferencing and collaboration software was secure, and warned about the risks associated with virtual private networks, of which usage boomed after lockdowns began.
But behind the scenes, the NSA is working with federal partners to help protect the efforts to produce and distribute a vaccine for COVID-19, a feat that the U.S. government called Operation Warp Speed. News of NSA’s involvement in the operation was first reported by Cyberscoop. As the world races to develop a working COVID-19 vaccine, which experts say is the only long-term way to end the pandemic, NSA and its U.K. and Canadian partners went public with another Russian intelligence operation aimed at targeting COVID-19 research.
“We’re part of a partnership across the U.S. government, we each have different roles,” said Neuberger. “The role we play as part of ‘Team America for Cyber’ is working to understand foreign actors, who are they, who are seeking to steal COVID-19 vaccine information — or more importantly, disrupt vaccine information or shake confidence in a given vaccine.”
Neuberger said that protecting the pharma companies developing a vaccine is just one part of the massive supply chain operation that goes into getting a vaccine out to millions of Americans. Ensuring the cybersecurity of the government agencies tasked with approving a vaccine is also a top priority.
Here are more takeaways from the talk, and you can watch the interview in full (embedded above).
TikTok is just days away from an app store ban, after the Trump administration earlier this year accused the Chinese-owned company of posing a threat to national security. But the government has been less than forthcoming about what specific risks the video sharing app poses, only alleging that the app could be compelled to spy for China. Beijing has long been accused of cyberattacks against the U.S., including the massive breach of classified government employee files from the Office of Personnel Management in 2014.
Neuberger said that the “scope and scale” of TikTok’s app’s data collection makes it easier for Chinese spies to answer “all kinds of different intelligence questions” on U.S. nationals. Neuberger conceded that U.S. tech companies like Facebook and Google also collect large amounts of user data. But that there are “greater concerns on how [China] in particular could use all that information collected against populations other than its own,” she said.
The NSA is trying to be more open about the vulnerabilities it finds and discloses, Neuberger said. She told TechCrunch that the agency has shared a “number” of vulnerabilities with private companies this year, but “those companies did not want to give attribution.”
One exception was earlier this year when Microsoft confirmed NSA had found and privately reported a major cryptographic flaw in Windows 10, which could have allowed hackers to run malware masquerading as a legitimate file. The bug was so dangerous that NSA reported the vulnerability to Microsoft, which patched the bug.
Only two years earlier, the spy agency was criticized for finding and using a Windows vulnerability to conduct surveillance instead of alerting Microsoft to the flaw. The exploit was later leaked and was used to infect thousands of computers with the WannaCry ransomware, causing millions of dollars’ worth of damage.
As a spy agency, NSA exploits flaws and vulnerabilities in software to gather intelligence on the enemy. It has to run through a process called the Vulnerabilities Equities Process, which allows the government to retain bugs that it can use for spying.
Unity Software, which sells a game development toolkit primarily for mobile phone app developers, raised $1.3 billion in its initial public offering.
The company, which will begin trading today with the ticker symbol “U,” priced its shares at the top end of its expected range, selling 25 million shares at $52 per share.
The company’s final IPO price came in far ahead of what Unity initially anticipated. The company initially expected to price its public offering between $34 and $42 per share, later raising its offering to $44 and $48 per share.
The public offering values the company at around $13.7 billion, a good step up from its final private valuation of around $6 billion.
For Unity, the journey to the public markets has been long. The company was founded as a business that creates software for developers to make and manage their games. In that sense, the company is more like an Adobe or an Autodesk than a game studio like Activision Blizzard or King.com.
Users import digital assets (often from Autodesk’s Maya) and add logic to guide each asset’s behavior, character interactions, physics, lighting and countless other factors that create fully interactive games. Creators then export the final product to one or more of the 20 platforms Unity supports, such as Apple iOS and Google Android, Xbox and PlayStation, Oculus Quest and Microsoft HoloLens, etc.
The company organizes its business into two areas: tools for content creation and tools for managing and monetizing content. In actuality, the revenue from the managing and monetizing content actually outstrips the revenue the company makes from content creation.
The Unity public offering will be the first big test of investor appetite for this new approach to game development and the business-to-business tools that enable the new wave of gaming.
And it’s important to note (as we do here) that Unity doesn’t generate a lot of revenue off of its position as arguably the most popular game development platform. In fact, Unity has been pretty bad at monetizing the game development engine. It’s the ancillary services for in-game advertising, player matchmaking and other features that have made Unity the bulk of its money.
And there’s still the company’s biggest competitor, Epic Games, waiting in the wings. Here again, the analysis from TechCrunch’s previous reporting is helpful:
[Unity] also will want to benefit from comparisons to Epic Games, given [Epic] was just valued at $17 billion and has much greater public name recognition and hype.
To accomplish this, Unity seems to be underplaying the significance of its advertising business (adtech companies trade at much lower revenue multiples). In the past, Unity referred to its operations in three divisions: Create, Operate and Monetize. At the start of August, the SVP and VP leading the Monetize business switched titles to SVP and VP of Operate Solutions, respectively, and then Unity reported the monetization business as a subset of its Operate division in the S-1.
Consolidating Operate and Monetize into one reporting segment obscures specifics about how much revenue the ads business and the live services portfolio each contribute. As noted above, this segment appears to be dominated by ad revenue which means anywhere from 30% to 50% of Unity’s overall revenue is from ads. That should reduce the revenue multiple public investors are willing to value Unity at relative to recent and upcoming SaaS IPOs.
There isn’t a publicly-traded game engine company to directly benchmark Unity against, nor a roster of equity research analysts at big banks who have expertise in gaming infrastructure. Adobe and Autodesk appear to be relevant businesses to benchmark Unity against with regard to the nature of the non-advertising components of the business and Unity’s stated vision. Compared to Unity, those companies have lower growth rates and generate operating profits though; more recent public listings of SaaS companies like Zscaler and Cloudflare are likely to be valuation comps by investors to the extent they focus on its subscription and usage-based revenue streams since their revenue growth and margins are closer to Unity’s.
Both Epic and Unity are moving to meet each other, Epic by moving downstream, and Unity by moving to higher-end applications. And both companies are looking beyond core gaming at other applications as well.
As companies like Facebook, Microsoft, Niantic and others evolve their augmented and virtual reality ecosystems, Epic and Unity may find new worlds to conquer. If public markets can find the cash.
In the early days, Microsoft had misgivings about calling the Surface Duo a phone. Asked to define it as such, the company has had the tendency to deflect with comments like, “Surface Duo does much more than make phone calls.” Which, to be fair, it does. And to also be fair, so do most phones. Heck, maybe the company is worried that the idea of a Microsoft Phone still leaves a bitter taste in some mouths.
The Duo is an ambitious device that is very much about Microsoft’s own ambitions with the Surface line. The company doesn’t simply want to be a hardware manufacturer — there are plenty of those in the world. It wants to be at the vanguard of how we use our devices, going forward. It’s a worthy pursuit in some respects.
After all, for all of the innovations we’ve seen in mobile in the past decade, the category feels static. Sure there’s 5G. Next-gen wireless was supposed to give the industry a temporary kick in the pants. That it hasn’t yet has more to do with external forces (the pandemic caught practically everyone off guard), but even so, it hardly represents some radical departure for mobile hardware.
What many manufacturers do seem to agree on is that the next breakthrough in mobile devices will be the ability to fit more screen real estate into one’s pocket. Mobile devices are currently brushing up against the upper threshold of hardware footprint, in terms of what we’re capable of holding in our hands and willing to carrying around in our pockets. Breakthroughs in recent years also appear to have gotten us close to a saturation point in terms of screen-to-body ratio.
Foldable screens are a compelling way forward. After years of promise, the technology finally arrived as screens appeared to be hitting an upper limit. Of course, Samsung’s Galaxy Fold stumbled out of the gate, leaving other devices like the Huawei Mate X scrambling. That product finally launched in China, but seemed to disappear from the conversation in the process. Motorola’s first foldable, meanwhile, was a flat-out dud.
Announced at a Surface event last year, the Duo takes an entirely different approach to the screen problem — one that has strengths and weaknesses when pitted against the current crop of foldables. The solution is a more robust one. The true pain point of foldables has always been the screen itself. Microsoft sidesteps this by simply connecting two screens. That introduces other problems, however, including a sizable gap and bezel combination that puts a decided damper on watching full-screen video.
Microsoft is far from the first company to take a dual-screen approach, of course. ZTE’s Axon M springs to mind. In that case — as with others — the device very much felt like two smartphones stuck together. Launched at the height of ZTE’s experimental phase, it felt like, at best, a shot in the dark. Microsoft, on the other hand, immediately sets its efforts apart with some really solid design. It’s clear that, unlike the ZTE product, the Duo was created from the ground up.
Image Credits: Brian Heater
The last time I wrote about the Duo, it was a “hands-on” that only focused on the device’s hardware. That was due, in part, to the fact that the software wasn’t quite ready at the time of writing. Microsoft was, however, excited to show off the hardware — and for good reason. This really looks and feels nice. Aesthetically, at least, this thing is terrific. It’s no wonder that this is the first device I’ve seen in a while that legitimately had the TechCrunch staff excited.
While the Surface Duo is, indeed, a phone, it’s one that represents exciting potential for the category. And equally importantly, it demonstrates that there is a way to do so without backing into the trappings of the first generation of foldables. In early briefings with the device, Surface lead Panos Panay devoted a LOT of time to breaking down the intricacies of the design decisions made here. To be fair, that’s partially because that’s pretty much his main deal, but I do honestly believe that the company had to engineer some breakthroughs here in order to get hardware that works exactly right, down to a fluid and solid hinge that maintains wired connections between the two displays.
There are, of course, trade-offs. The aforementioned gap between screens is probably the largest. This is primarily a problem when opening a single app across displays (a trick accomplished by dragging and dropping a window onto both screens in a single, fluid movement). This is likely part of the reason the company is positioning this is as far more of a productivity app than an entertainment one — in addition to all of the obvious trappings of a piece of Microsoft hardware.
Image Credits: Brian Heater
The company took great pains to ensure that two separate apps can open on each of the screens. And honestly, the gap is actually kind of a plus when multitasking with two apps open, creating a clear delineation between the two sides. And certain productivity apps make good use of the dual screens when spanning both. Take Gmail, which offers a full inbox on one side and the open selected message on the other. Ditto for using the Amazon app to read a book. Like the abandoned Courier project before it, this is really the perfect form factor for e-book reading — albeit still a bit small for more weary eyes.
There are other pragmatic considerations with the design choices here. The book design means there’s no screen on the exterior. The glass and mirror Windows logo looks lovely, but there’s no easy way to preview notifications. Keep in mind the new Galaxy Fold and Motorola Razr invested a fair amount in the front screen experience on their second-generation devices. Some will no doubt prefer to have a device that’s offline while closed, and I suppose you could always just keep the screens facing outward, if you so chose.
You’ll probably also want to keep the screens facing out if you’re someone who needs your device at the ready to snap a quick photo. Picture taking is really one of the biggest pain points here. There’s no rear camera. Instead, I’m convinced that the company sees most picture taking on the device as secondary to webcam functionality for things like teleconferencing. I do like that experience of having the device standing up and being able to speak into it handsfree (assuming your able to get it to appropriate eye level).
But when it came to walking around, snapping shots to test the camera, I really found myself fumbling around a lot here. You always feels like you’re between three and five steps away from taking a quick shot. And the fact of the matter is the shots aren’t great. The on-board camera also isn’t really up to the standards of a $1,400 device. Honestly, the whole thing feels like an afterthought. Perhaps I’ve been spoiled after using the Note 20’s camera for the last several weeks, but hopefully Microsoft will prioritize the camera a bit more the next go-round.
Another hardware disappointment for me is the size of the bezels. Microsoft says they’re essentially the minimal viable size so as to not make people accidentally trigger the touchscreen. Which, fair enough. But while it’s not a huge deal aesthetically, it makes the promise of two-hand typing when the device is in laptop mode close to impossible.
That was honestly one of the things I was excited for here. Instead, you’re stuck thumb-typing as you would on any standard smartphone. I have to admit, the Duo was significantly smaller in person than I imagined it would be, for better and worse. Those seeking a fuller typing experience will have to wait for the Neo.
The decision not to include 5G is a curious one. This seems to have been made, in part, over concerns around thinness and form factor. And while 5G isn’t exactly mainstream at this point in 2020, it’s important to attempt to future proof a $1,400 device as much as possible. This isn’t the kind of upgrade most of us make every year or so. By the time the cycle comes back around, LTE is going to feel pretty dated.
Image Credits: Brian Heater
Battery life is pretty solid, owing to the inclusion of two separate batteries, each located beneath a screen. I was able to get about a day and a half of life — that’s also one of the advantages of not having 5G on board, I suppose. Performance also seemed solid for the most part, while working with multiple apps front and center. For whatever reason, however, the Bluetooth connection was lacking. I had all sorts of issues keeping both the Surface Buds and Pixel Buds connected, which can get extremely annoying when attempting to listen to a podcast.
These are the sorts of questions a second-generation device will seek to answer. Ditto for some of the experiential software stuff. There was some bugginess with some of the apps early on. A software update has gone a ways toward addressing much of that, but work needs to be done to offer a seamless dual-screen experience. Some apps like Spotify don’t do a great job spanning screens. Spacing gets weird, things require a bit of finessing on the part of the user. If the Duo proves a more popular form factor, third party developers will hopefully be more eager to fine tune things.
There were other issues, including the occasional blacked out screen on opening, though generally be resolved by closing and reopening the device. Also, Microsoft has opted to only allow one screen to be active at a time when they’re both positioned outward so as to avoid accidentally triggering the back of the touch screen. Switching between displays requires doubling tapping the inactive one.
But Microsoft has added a number of neat tricks like App Groups, which are a quick shortcut to fire up two apps at once. As for why Microsoft went with Android, rather than their own Windows 10, which is designed to be adaptable to a number of different form factors, the answer is refreshingly pragmatic and straightforward. Windows 10 just doesn’t have enough mobile apps. Microsoft clearly wants the Duo to serve as a proof of concept for this new form factor, though one questions whether the company will be able to sufficiently monetize the copycats.
For now, however, that means a lot more selection for the end user, including a ton of Google productivity apps. That’s an important plus given how few of us are tied exclusively to Microsoft productivity apps these days.
As with other experimental form factors, the first generation involves a fair bit of trial and error. Sure, Microsoft no doubt dogfooded the product in-house for a while, but you won’t get a really good idea of how most consumers interact with this manner of device — or precisely what they’re looking for. Six months from now, Microsoft will have a much better picture, and all of those ideas will go into refining the next generation product.
That said, the hardware does feels quite good for a first generation device — even if certain key sacrifices were made in the process. The software will almost certainly continue to be refined over the course of the next year as well. I’d wait a bit on picking it up for that reason alone. The question, ultimately becomes what the cost of early adoption is.
In the grand scheme of foldable devices, maybe $1,400 isn’t that much, perhaps. But compared to the vast majority of smartphone and tablet flagships out there, it’s a lot. Especially for something that still feels like a first generation work in progress. For now, it feels like a significant chunk of the price is invested in novelty and being an early adopter for a promising device.
Monthly financing isn’t an entirely new concept in the world of Xbox. Microsoft offered a similar plan for the Xbox One S a few years ago. The idea is pretty simple: pay a monthly fee for hardware and software for two years until you outright own the device. What’s new here, however, is that the company is introducing the plan for its brand new consoles due out later this year.
Along with its Series S announcement, Microsoft detailed two new plans designed to get the consoles in the hands of those unwilling or unable to shell out $299 or $499 for a new system up front. It’s a move that greatly expands the accessibility of the system, even beyond the recent announcement of the low-cost model.
The move is in line with a recent rekindled interest in a hardware as a service model. We’ve seen a number of companies like Zoom embrace this to varying degrees. Though really, the rent to own model shares a lot with smartphone contracts — even as those have begun to fall out of favor in the U.S. to some degree in recent years.
Here, $25 a month will get a Series S console, bundled with Game Pass Ultimate. For $35 a month, meanwhile, you get Game Pass Ultimate plus the Series X. There’s nothing to pay up front. Given how central the Game Pass streaming service is to the next-gen console, it’s a pretty solid deal. After all, Game Pass Ultimate will run you $15 a month without hardware access thrown in.
With estimates around PlayStation 5 pricing ranging from around $450-$550, Sony’s got a tough act to follow in terms of aggressive pricing. Even though the PS5 has arguably drummed up considerably more excitement thus far than the next generation Xbox, a $25/month entry point is tough to compete with.
The flagship Xbox Series X is arriving on November 10, and will carry a retail price tag of $499, Microsoft confirmed on Wednesday. The console will also be available for pre-orders beginning on September 22. Alongside the Xbox Series X console, Microsoft is also going to be selling a less powerful, but still next-gen, Xbox Series S console, which will have a $299 price tag, and also release on November 10 with pre-orders on September 22.
The other day I took a moment to count the number of stories we’ve done on TechCrunch on the DoD’s $10 billion, decade-long, winner-take-all, JEDI cloud contract. This marks the 30th time we’ve written about this deal over the last two years, and it comes after a busy week last week in JEDI cloud contract news.
That we’re still writing about this is fairly odd if you consider the winner was announced last October when the DoD chose Microsoft, but there is no end in sight to the on-going drama that is this procurement process.
Government contracts don’t typically catch our attention at TechCrunch, but this one felt different early on. There was the size and scope of the deal of course. There was the cute play on the “Star Wars” theme. There was Oracle acting like a batter complaining to the umpire before the first pitch was thrown. There was the fact that everyone thought Amazon would win until it didn’t.
There was a lot going on. In fact, there’s still a lot going on with this story.
Let’s start with Oracle, which dispatched CEO Safra Catz to the White House in April 2018 even before the RFP had been written. She was setting the stage to complain that the deal was going to be set up to favor Amazon, something that Oracle alleged until the day Microsoft was picked the winner.
Catz had been on the Trump transition team and so had the ear of the president. While the president certainly interjected himself in this process, it’s not known how much influence that particular meeting might have had. Suffice to say that it was only the first volley in Oracle’s long war against the JEDI contract procurement process.
It would include official complaints with the Government Accountability Office and a federal lawsuit worth not coincidentally $10 billion. It would claim the contract favored Amazon. It would argue that the one-vendor approach wasn’t proper. It would suggest that because the DoD had some former Amazon employees helping write the RFP, that it somehow favored Amazon. The GAO and two court cases found otherwise, ruling against Oracle every single time.
It’s worth noting that the Court of Appeals ruling last week indicated that Oracle didn’t even meet some of the basic contractual requirements, all the while complaining about the process itself from the start.
Nobody was more surprised that Amazon lost the deal than Amazon itself. It still believes to this day that it is technically superior to Microsoft and that it can offer the DoD the best approach. The DoD doesn’t agree. On Friday, it reaffirmed its choice of Microsoft. But that is not the end of this, not by a long shot.
Amazon has maintained since the decision was made last October that the decision-making process had been tainted by presidential interference in the process. They believe that because of the president’s personal dislike of Amazon CEO Jeff Bezos, who also owns the Washington Post, he inserted himself in the process to prevent Bezos’ company from winning that deal.
In January, Amazon filed a motion to stop work on the project until this could all be sorted out. In February, a judge halted work on the project until Amazon’s complaints could be heard by the court. It is September and that order is still in place.
In a blog post on Friday, Amazon reiterated its case, which is based on presidential interference and what it believes is technical superiority. “In February, the Court of Federal Claims stopped performance on JEDI. The Court determined AWS’s protest had merit, and that Microsoft’s proposal likely failed to meet a key solicitation requirement and was likely deficient and ineligible for award. Our protest detailed how pervasive these errors were (impacting all six technical evaluation factors), and the Judge stopped the DoD from moving forward because the very first issue she reviewed demonstrated serious flaws,” Amazon wrote in the post.
Microsoft on the other hand went quietly about its business throughout this process. It announced Azure Stack, a kind of portable cloud that would work well as a field operations computer system. It beefed up its government security credentials.
Even though Microsoft didn’t agree with the one-vendor approach, indicating that the government would benefit more from the multivendor approach many of its customers were taking, it made clear if those were the rules, it was in it to win it — and win it did, much to the surprise of everyone, especially Amazon.
Yet here we are, almost a year later and in spite of the fact that the DoD found once again, after further review, that Microsoft is still the winner, the contract remains in limbo. Until that pending court case is resolved, we will continue to watch and wait and wonder if this will ever be truly over, and the JEDI cloud contract will actually be implemented.
Microsoft has confirmed via its official Xbox Twitter account that a discless, tiny Xbox called the Series S will be released alongside its forthcoming Xbox Series X. The Series S was initially leaked late Monday, first by Brad Sams on Twitter, and also by Walking Cat. The Xbox account tweeted an image fo the same small design dominated by a large, round vent grill, and said that the estimated retail price at launch for the new version of the console will be $299.
The original leak from Sams also includes the $299 price, and Walking Cat’s leaked trailer video inlaid more details – including noting that the console is 60% smaller than the forthcoming Series X, but that it includes a high-speed 512GB NVMe SSD, with performance offering up to 1440p resolution at 120FPS, along with 4K upscaling. It’ll also support DirectX ray tracing.
no point holding this back now I guess pic.twitter.com/SgOAjm3BuP
— WalkingCat (@_h0x0d_) September 8, 2020
There have been rumors about the Series S landing along with the Series X, which Microsoft made official first all the way back in December 2019 (what even was 2019, was it real?). While Microsoft didn’t confirm any of the leaked specs or performance from the trailer, that definitely looks like an official Xbox teaser Walking Cat came across, so I wouldn’t anticipate any surprises there.
Microsoft also didn’t share anything about Series S availability or pre-orders. The launches of both the next-gen Xbox and the PS5 from Sony have been extremely drawn out across massive drip campaigns, and pre-order and availability specifics are still being held close to the chest, much to the frustration of gaming fans. Hopefully this leak and subsequent confirmation means we’re getting close.
Yesterday the four employees (pictured) of US-headquartered enterprise startup PandaDoc were arrested in Minsk by the Belarus police, in what appears to be an act of state-led retaliation, after the company’s founders joined protests against the 26 year-long regime of President Alexander Lukashenko. Lukashenko is widely believed by international observers to have rigged the country’s recent elections in his favor, preventing the election of opposition leader Sviatlana Tsikhanouskaya.
PandaDoc — which has raised $51.1M and is now headquartered in San Francisco after debuting at a TechCrunch Meetup in Berlin in 2013 — issued a statement saying their Minsk development office was raided by police and the ‘Financial Investigation Department’ yesterday morning.
PandaDoc has released a statement on a new web site, SavePandaDoc, outlining the incident, saying employees had been prevented from leaving the office, refused access to lawyers, and a director was taken away by Police.
Four of the arrested PandaDoc employees have been charged with embezzling 107,000 BYR ($41,000) from company and therefore avoiding tax. The employees have been detained for two months.
However, PandaDoc released a statement saying: “We declare that this accusation is completely untrue and has no basis whatsoever. All activities of the company were carried out in full compliance with the legislation, which is confirmed by repeated international audits and inspections.”
Now held in custody are (also pictured):
Yulia Shardiko, Chief Accountant
Dmitry Rabtsevich, Director
Victor Kuvshinov, Product Director
Vladislav Mikholap, HR
Although the company HQ is in San Francisco, it has a large office on the Belarusian High Technologies Park, which was set up by the government supposedly to support the tech industry.
PandaDoc said the police raid was likely linked to the fact that the founders of PandaDoc, in particular Mikado, have protested publicly against the brutal crackdown on pro-democracy protesters by Lukashenko, but have done so strictly in a personal capacity.
Mikado recently became a leading voice in the protest movement. He set up an initiative, ProtectBelarus.org, offering Belarusian police officers who had decided to disobey orders to beat and torture protesters financial aid and re-training in the tech industry.
Belarussian police officers are effectively ‘indentured employees’ because they are paid in large sums at the beginning of their contract, but this immediately becomes a debt to the state the moment they decide to break leave their contract.
In a statement, Mikado said that as of August 29th, the platform had received more than 6,000 messages and almost 600 requests for help. The platform is run by volunteers and has no relation to PandaDoc, the company.
Mikado said in a statement: “We are asking international tech community to support PandaDoc by sharing this message and reaction to it with a #SavePandaDoc tag.”
“There is no more law. The authorities do not even try to act according to the law, they simply fabricate cases for political orders that come from above. And if you thought that this would not affect you, then we can safely assure you of the opposite – it has already affected everyone,” the statement reads.
“We will not be silent anymore! The country is full of legal chaos. The actions of the authorities cannot be called anything except genocide and repression. The further it goes, the longer the road back. And soon there will be a cliff. We demand to immediately release our colleagues, close the criminal case, let the company work normally and bring benefits and income, including to the state.”
The company now says it will be forced to close the company in Belarus and “will begin to establish an alternative to the Park of High Technologies outside the Republic of Belarus.”
PandaDoc only recently raised $30 million in a Series B extension from One Peak, Microsoft Venture Fund M12 and EBRD Venture Fund.
After the Belarusian presidential election on August 9th (which was not recognized as free and fair by the EU, the UK and the US due to widely reported and documented vote-rigging in favor of Lukashenko) the police violently cracked down on peaceful protests, leading to six reported deaths and 450 UN-documented cases of police torture.
We have seen a lot of action this week as the DoD tries to finally determine the final winner of the $10 billion, decade long DoD JEDI cloud contract. Today, the DoD released a statement that after reviewing the proposals from finalists Microsoft and Amazon again, it reiterated that Microsoft was the winner of the contract.
“The Department has completed its comprehensive re-evaluation of the JEDI Cloud proposals and determined that Microsoft’s proposal continues to represent the best value to the Government. The JEDI Cloud contract is a firm-fixed-price, indefinite-delivery/indefinite-quantity contract that will make a full range of cloud computing services available to the DoD,” The DoD said in a statement.
This comes on the heels of yesterday’s Court of Appeals decision denying Oracle’s argument that the procurement process was flawed and that there was a conflict of interest because a former Amazon employee helped write the requirements for the RFP.
While the DoD has determined that it believes that Microsoft should still get the contract, after selecting them last October, that doesn’t mean that this is the end of the line for this long-running saga. In fact, a federal judge halted work on the project in February pending a hearing on an on-going protest from Amazon, which believes it should have won based on merit, and the fact it believes the president interfered with the procurement process to prevent Jeff Bezos, who owns the Washington Post from getting the lucrative contract.
The DoD confirmed that the project could not begin until the legal wrangling was settled. “While contract performance will not begin immediately due to the Preliminary Injunction Order issued by the Court of Federal Claims on February 13, 2020, DoD is eager to begin delivering this capability to our men and women in uniform,” the DoD reported in a statement.
While it takes us one step closer to the end of the road for this long-running drama, it won’t be over until the court rules on Amazon’s arguments.
Oracle was never fond of the JEDI cloud contract process, that massive $10 billion, decade-long Department of Defense cloud contract that went to a single vendor. It was forever arguing to anyone who would listen that that process was faulty and favored Amazon.
Yesterday it lost another round in court when the U.S. Court of Appeals rejected the database giant’s argument that the procurement process was flawed because it went to a single vendor. It also didn’t buy that there was a conflict of interest because a former Amazon employee was involved in writing the DoD’s request for proposal criteria.
On the latter point, the court wrote, “The court addressed the question whether the contracting officer had properly assessed the impact of the conflicts on the procurement and found that she had.”
Further, the court found that Oracle’s case didn’t have merit in some cases because it failed to meet certain basic contractual criteria. In other cases, it didn’t find that the DoD violated any specific procurement rules with this bidding process.
This represents the third time the company has tried to appeal the process in some way, four if you include direct executive intervention with the president. In fact, even before the RFP had been released in April 2018, CEO Safra Catz brought complaints to the president that the bid favored Amazon.
In November 2018, the Government Accountability Office (GAO) denied Oracle’s protest that it favored Amazon or any of the other points in their complaint. The following month, the company filed a $10 billion lawsuit in federal court, which was denied last August. Yesterday’s ruling is on the appeal of that decision.
It’s worth noting that for all its complaints that the deal favored Amazon, Microsoft actually won the bid. Even with that determination, the deal remains tied up in litigation as Amazon has filed multiple complaints, alleging that the president interfered with the deal and that they should have won on merit.
As with all things related to this contract, the drama has never stopped.
Facebook’s photo and video portability tool has added support for two more third party services for users to send data via encrypted transfer — namely: cloud storage providers Dropbox and (EU-based) Koofr.
The tech giant debuted the photo porting tool in December last year, initially offering users in its EU HQ location of Ireland the ability to port their media direct to Google Photos, before going on to open up access in more markets. It completed a global rollout of that first offering in June.
Facebook users in all its markets now have three options to choose from if they want to transfer Facebook photos and videos elsewhere. A company spokesman confirmed support for other (unnamed) services is also in the works, telling us: “There will be more partnership announcements in the coming months.”
The transfer tool is based on code developed via Facebook’s participation in the Data Transfer Project — a collaborative effort started last year, with backing from other tech giants including Apple, Google, Microsoft and Twitter.
To access the tool, Facebook users need to navigate to the ‘Your Facebook Information’ menu and select ‘Transfer a copy of your photos and videos’. Facebook will then prompt you to re-enter your password prior to initiating the transfer. You will then be asked to select a destination service from the three on offer (Google Photos, Dropbox or Koofr) and asked to enter your password for that third party service — kicking off the transfer.
Users will receive a notification on Facebook and via email when the transfer has been completed.
The encrypted transfers work from both the desktop version of Facebook or its mobile app.
Last month, the tech giant signalled in comments to the FTC ahead of a hearing on portability scheduled for later this month that it would be expanding the scope of its data portability offerings — including hinting it might offer direct transfers for more types of content in future, such as events or even users’ “most meaningful” posts.
For now, though, Facebook only supports direct, encrypted transfers for photos and videos uploaded to Facebook.
While Google and Dropbox are familiar names, the addition of a smaller, EU-based cloud storage provider in the list of supported services does stand out a bit. On that, Facebook’s spokesperson told us it reached out to discuss adding Koofr to the transfer tool after a staffer came across an article on Mashable discussing it as an EU cloud storage solution.
A bigger question is when — or whether — Facebook will offer direct photo portability to users of its photo sharing service, Instagram . It has not mentioned anything specific on that front when discussing its plans to expand portability.
When we asked Facebook about bringing the photo porting tool to Instagram, a spokesman told us: “Facebook have prioritised portability tools on Facebook at the moment but look forward to exploring expansion to the other apps in the future.”
In a blog post announcing the new destinations for users of the Facebook photo & video porting tool, the tech giant repeats its call for lawmakers to come up with “clearer rules” to govern portability, writing that: “We want to continue to build data portability features people can trust. To do that, the Internet needs clearer rules about what kinds of data should be portable and who is responsible for protecting that data as it moves to different services. Policymakers have a vital role to play in this.”
It also writes that it’s keen for other companies to join the Data Transfer Project — “to expand options for people and push data portability innovation forward”.
In recent years Facebook has been lobbying for what it calls ‘the right regulation’ to wrap around portability — releasing a white paper on the topic last year which plays up what it couches as privacy and security trade-offs in a bid to influence regulatory thinking around requirements on direct data transfers.
Portability is in the frame as a possible tool for helping rebalance markets in favor of new entrants or smaller players as lawmakers dig into concerns around data-fuelled barriers to competition in an era of platform giants.
India continues to crack down on Chinese apps, Microsoft launches a deepfake detector and Google offers a personalized news podcast. This is your Daily Crunch for September 2, 2020.
The big story: India bans PUBG and other Chinese apps
The Indian government continues its purge of apps created by or linked to Chinese companies. It already banned 59 Chinese apps back in June, including TikTok.
India’s IT Ministry justified the decision as “a targeted move to ensure safety, security, and sovereignty of Indian cyberspace.” The apps banned today include search engine Baidu, business collaboration suite WeChat Work, cloud storage service Tencent Weiyun and the game Rise of Kingdoms. But PUBG is the most popular, with more than 40 million monthly active users.
The tech giants
Microsoft launches a deepfake detector tool ahead of US election — The Video Authenticator tool will provide a confidence score that a given piece of media has been artificially manipulated.
Google’s personalized audio news feature, Your News Update, comes to Google Podcasts — That means you’ll be able to get a personalized podcast of the latest headlines.
Twitch launches Watch Parties to all creators worldwide — Twitch is doubling down on becoming more than just a place for live-streamed gaming videos.
Startups, funding and venture capital
Indonesian insurtech startup PasarPolis gets $54 million Series B from investors including LeapFrog and SBI — The startup’s goal is to reach people who have never purchased insurance before with products like inexpensive “micro-policies” that cover broken device screens.
XRobotics is keeping the dream of pizza robots alive — XRobotics’ offering resembles an industrial 3D printer, in terms of size and form factor.
India’s online learning platform Unacademy raises $150 million at $1.45 billion valuation — India has a new startup unicorn.
Advice and analysis from Extra Crunch
The IPO parade continues as Wish files, Bumble targets an eventual debut — Alex Wilhelm looks at the latest IPO news, including Bumble planning to go public at a $6 to $8 billion valuation.
3 ways COVID-19 has affected the property investment market — COVID-19 has stirred up the long-settled dust on real estate investing.
Deep Science: Dog detectors, Mars mappers and AI-scrambling sweaters — Devin Coldewey kicks off a new feature in which he gets you all caught up on the most recent research papers and scientific discoveries.
(Reminder: Extra Crunch is our subscription membership program, which aims to democratize information about startups. You can sign up here.)
‘The Mandalorian’ launches its second season on Oct. 30 — The show finished shooting its second season right before the pandemic shut down production everywhere.
GM, Ford wrap up ventilator production and shift back to auto business — Both automakers said they’d completed their contracts with the Department of Health and Human Services.
The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.
Microsoft has added to the slowly growing pile of technologies aimed at spotting synthetic media (aka deepfakes) with the launch of a tool for analyzing videos and still photos to generate a manipulation score.
The tool, called Video Authenticator, provides what Microsoft calls “a percentage chance, or confidence score” that the media has been artificially manipulated.
“In the case of a video, it can provide this percentage in real-time on each frame as the video plays,” it writes in a blog post announcing the tech. “It works by detecting the blending boundary of the deepfake and subtle fading or greyscale elements that might not be detectable by the human eye.”
If a piece of online content looks real but ‘smells’ wrong chances are it’s a high tech manipulation trying to pass as real — perhaps with a malicious intent to misinform people.
And while plenty of deepfakes are created with a very different intent — to be funny or entertaining — taken out of context such synthetic media can still take on a life of its own as it spreads, meaning it can also end up tricking unsuspecting viewers.
While AI tech is used to generate realistic deepfakes, identifying visual disinformation using technology is still a hard problem — and a critically thinking mind remains the best tool for spotting high tech BS.
Nonetheless, technologists continue to work on deepfake spotters — including this latest offering from Microsoft.
Although its blog post warns the tech may offer only passing utility in the AI-fuelled disinformation arms race: “The fact that [deepfakes are] generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology. However, in the short run, such as the upcoming U.S. election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes.”
This summer a competition kicked off by Facebook to develop a deepfake detector served up results that were better than guessing — but only just in the case of a data-set the researchers hadn’t had prior access to.
Microsoft, meanwhile, says its Video Authenticator tool was created using a public dataset from Face Forensic++ and tested on the DeepFake Detection Challenge Dataset, which it notes are “both leading models for training and testing deepfake detection technologies”.
It’s partnering with the San Francisco-based AI Foundation to make the tool available to organizations involved in the democratic process this year — including news outlets and political campaigns.
“Video Authenticator will initially be available only through RD2020 [Reality Defender 2020], which will guide organizations through the limitations and ethical considerations inherent in any deepfake detection technology. Campaigns and journalists interested in learning more can contact RD2020 here,” Microsoft adds.
The tool has been developed by its R&D division, Microsoft Research, in coordination with its Responsible AI team and an internal advisory body on AI, Ethics and Effects in Engineering and Research Committee — as part of a wider program Microsoft is running aimed at defending democracy from threats posed by disinformation.
“We expect that methods for generating synthetic media will continue to grow in sophistication,” it continues. “As all AI detection methods have rates of failure, we have to understand and be ready to respond to deepfakes that slip through detection methods. Thus, in the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media. There are few tools today to help assure readers that the media they’re seeing online came from a trusted source and that it wasn’t altered.”
On the latter front, Microsoft has also announced a system that will enable content producers to add digital hashes and certificates to media that remain in their metadata as the content travels online — providing a reference point for authenticity.
The second component of the system is a reader tool, which can be deployed as a browser extension, for checking certificates and matching the hashes to offer the viewer what Microsoft calls “a high degree of accuracy” that a particular piece of content is authentic/hasn’t been changed.
The certification will also provide the viewer with details about who produced the media.
Microsoft is hoping this digital watermarking authenticity system will end up underpinning a Trusted News Initiative announced last year by UK publicly funded broadcaster, the BBC — specifically for a verification component, called Project Origin, which is led by a coalition of the BBC, CBC/Radio-Canada, Microsoft and The New York Times.
It says the digital watermarking tech will be tested by Project Origin with the aim of developing it into a standard that can be adopted broadly.
“The Trusted News Initiative, which includes a range of publishers and social media companies, has also agreed to engage with this technology. In the months ahead, we hope to broaden work in this area to even more technology companies, news publishers and social media companies,” Microsoft adds.
While work on technologies to identify deepfakes continues, its blog post also emphasizes the importance of media literacy — flagging a partnership with the University of Washington, Sensity and USA Today aimed at boosting critical thinking ahead of the US election.
This partnership has launched a Spot the Deepfake Quiz for voters in the US to “learn about synthetic media, develop critical media literacy skills and gain awareness of the impact of synthetic media on democracy”, as it puts it.
The interactive quiz will be distributed across web and social media properties owned by USA Today, Microsoft and the University of Washington and through social media advertising, per the blog post.
The tech giant also notes that it’s supporting a public service announcement (PSA) campaign in the US encouraging people to take a “reflective pause” and check to make sure information comes from a reputable news organization before they share or promote it on social media ahead of the upcoming election.
“The PSA campaign will help people better understand the harm misinformation and disinformation have on our democracy and the importance of taking the time to identify, share and consume reliable information. The ads will run across radio stations in the United States in September and October,” it adds.
If you can’t keep up with the latest rumor mill on TikTok’s
impending doom acquisition, my suggestion is simple: don’t. Or instead, enjoy it for what it is: one of the most absurd bakeoff deals in investment banking history.
Walmart and its always low prices are in the fray. Oracle is looking to find synergies to make enterprise resource planning software more enticing to Gen Z workers. Triller — who the hell are they again? — is supposedly teaming up with an asset management firm (and a planet near the Hoth system) called Centricus according to Bloomberg (to which TikTok responded nah). Twitter is in — maybe? — with key corporate strategic advice from Beyoncé on the social network’s debt underwriting strategy.
SoftBank is apparently looking, and also just happened to announce yesterday its intention to sell off $14 billion of its core Japanese mobile services business to net cash quickly. (The upshot is that at least TikTok lost most of its value before SoftBank’s investment!)
Everything here is absurd. TikTok is absurd. The videos of people doing what they are doing on TikTok are absurd. TikTok’s growth is absurd. A president setting a deadline on the sale of a company is absurd. This process is absurd. Selling a company as large as TikTok in 45 days is absurd. Walmart is absurd (and also a mirage, since they are still banned from New York City lest someone gets discounted soap in a pandemic).
I warned a few weeks ago to “beware bankers” peddling TikTok rumors. And that’s still the right answer, in the sense that of course we are going to get to the furthest reaches of the M&A universe as bankers try to salvage TikTok’s final sale price (“We’re approaching the Centricus system, sir!”). But that approach is so much more boring than just assuming that every rumor is true and trying to imagine Wall Street advisors trundling through this morass of bids.
My advice here is simple: let’s all take our analyst hats off for a week and put on our clown costumes, since — and it’s key you don’t work at TikTok for this or have money at stake in the company — this story is actually enjoyable.
COVID-19 is serious, the U.S. presidential election is weeks away, social justice in our cities is critically important. Just in the past few hours, T’Challa passed away, Hurricane Laura ripped up the Gulf Coast, and the longest continuously-serving Japanese prime minister of the post-war era (yes, I know, that’s a lot of qualifiers) just resigned due to health issues. It can get weighty on the front pages of the newspapers these days.
So it’s just nice to know that you can flip to the business pages and get some farce.
Maybe this whole story will eventually turn into the next great business book à la Barbarians at the Gate. But at least the barbarians then knew how to destroy a company with the proper levels of debt leverage. Here, you’ve got the pre-smoldered detritus of a business being bid on by the company that brought us The Greeter.
Whatever this saga brings next (hint: Microsoft buying the company), I’ll just say this: the warmth and cheeriness that TikTok provided millions of teenagers though short videos of awakward dance routines is the same mirth that it provides acerbic financial analysts with a caustic eye on the markets. In what has been a miserable year for all of us, for that small twinkle of amusement, I’m thankful.
In 2010, the late Barnaby Jack, a world-renowned security researcher, hacked an ATM live on stage at the Black Hat conference by tricking the cash dispenser into spitting out a stream of dollar bills. The technique was appropriately named “jackpotting.”
A decade on from Jack’s blockbuster demo, security researchers are presenting two new vulnerabilities in Nautilus ATMs, albeit virtually, thanks to the coronavirus pandemic.
Security researchers Brenda So and Trey Keown at New York-based security firm Red Balloon say their pair of vulnerabilities allowed them to trick a popular standalone retail ATM, commonly found in stores rather than at banks, into dispensing cash at their command.
A hacker would need to be on the same network as the ATM, making it more difficult to launch a successful jackpotting attack. But their findings highlight that ATMs often have vulnerabilities that lie dormant for years — in some cases since they were first built.
Barnaby Jack, the late security researcher credited with the first ATM “jackpotting” attacks. Now, 10 years later, two security researchers have found two new ATM cash-spitting attacks. Credit: YouTube
So and Keown said their new vulnerabilities target the Nautilus ATM’s underlying software, a decade-old version of Windows that is no longer supported by Microsoft. To begin with, the pair bought an ATM to examine. But with little documentation, the duo had to reverse-engineer the software inside to understand how it worked.
The first vulnerability was found in a software layer known as XFS — or Extensions for Financial Services — which the ATM uses to talk to its various hardware components, such as the card reader and the cash dispensing unit. The bug wasn’t in XFS itself, rather in how the ATM manufacturer implemented the software layer into its ATMs. The researchers found that sending a specially crafted malicious request over the network could effectively trigger the ATM’s cash dispenser and dump the cash inside, Keown told TechCrunch.
The second vulnerability was found in the ATM’s remote management software, an in-built tool that lets owners manage their fleet of ATMs by updating the software and checking how much cash is left. Triggering the bug would grant a hacker access to a vulnerable ATM’s settings.
So told TechCrunch it was possible to switch the ATM’s payment processor with a malicious, hacker-controlled server to siphon off banking data. “By pointing an ATM to a malicious server, we can extract credit card numbers,” she said.
Bloomberg first reported the vulnerabilities last year when the researchers privately reported their findings to Nautilus. About 80,000 Nautilus ATMs in the U.S. were vulnerable prior to the fix, Bloomberg reported. We contacted Nautilus with questions but did not hear back.
Successful jackpotting attacks are rare but not unheard of. In recent years, hackers have used a number of techniques. In 2017, an active jackpotting group was discovered operating across Europe, netting millions of euros in cash.
More recently, hackers have stolen proprietary software from ATM manufacturers to build their own jackpotting tools.
Send tips securely over Signal and WhatsApp to +1 646-755-8849 or send an encrypted email to: firstname.lastname@example.org
Microsoft today announced the launch of a new open-source service mesh based on the Envoy proxy. The Open Service Mesh is meant to be a reference implementation of the Service Mesh Interface (SMI) spec, a standard interface for service meshes on Kubernetes that has the backing of most of the players in this ecosystem.
“SMI is really resonating with folks and so we really thought that there was room in the ecosystem for a reference implementation of SMI where the mesh technology was first and foremost implementing those SMI APIs and making it the best possible SMI experience for customers,” Microsoft partner program manager (and CNCF board member) Gabe Monroy told me.
He also added that, because SMI provides the lowest common denominator API design, Open Service Mesh gives users the ability to “bail out” to raw Envoy if they need some more advanced features. This “no cliffs” design, Monroy noted, is core to the philosophy behind Open Service Mesh.
As for its feature set, SMI handles all of the standard service mesh features you’d expect, including securing communications between services using mTLS, managing access control policies, service monitoring and more.
There are plenty of other service mesh technologies in the market today, though. So why would Microsoft launch this?
“What our customers have been telling us is that solutions that are out there today, Istio being a good example, are extremely complex,” he said. “It’s not just me saying this. We see the data in the AKS support queue of customers who are trying to use this stuff — and they’re struggling right here. This is just hard technology to use, hard technology to build at scale. And so the solutions that were out there all had something that wasn’t quite right and we really felt like something lighter weight and something with more of an SMI focus was what was going to hit the sweet spot for the customers that are dabbling in this technology today.”
Monroy also noted that Open Service Mesh can sit alongside other solutions like Linkerd, for example.
A lot of pundits expected Google to also donate its Istio service mesh to the CNCF. That move didn’t materialize. “It’s funny. A lot of people are very focused on the governance aspect of this,” he said. “I think when people over-focus on that, you lose sight of how are customers doing with this technology. And the truth is that customers are not having a great time with Istio in the wild today. I think even folks who are deep in that community will acknowledge that and that’s really the reason why we’re not interested in contributing to that ecosystem at the moment.”
On Wednesday, the e-commerce giant announced it has partnered with Bharti Airtel, the third-largest telecom operator in India with more than 300 million subscribers, to sell a wide-range of AWS offerings under Airtel Cloud brand to small, medium, and large-sized businesses in the country.
The deal could help AWS, which leads the cloud market in India, further expand its dominance in the country. The move follows a similar deal Reliance Jio, India’s largest telecom operator, struck with Microsoft last year to sell cloud services to small businesses. The two announced a 10-year partnership to “serve millions of customers.”
Airtel, which serves over 2,500 large enterprises and more than a million emerging businesses, itself signed a similar cloud deal with Google in January this year. That partnership is still in place.
“AWS brings over 175 services. We pretty much support any workload on the cloud. We have the largest and the most vibrant community of customers,” said Puneet Chandok, President of AWS in India and South Asia, said on a call with reporters.
The two companies will also collaborate on building new services and help existing customers migrate to Airtel Cloud, they said.
Today’s deal illustrates Airtel’s push to build businesses beyond its telecom venture, said Harmeen Mehta, Global CIO and Head of Cloud and Security Business at Airtel, said on the call.
Deals with carriers, which were very common a decade ago as tech giants looked to acquire new users in India, illustrates the phase of the cloud adoption in the nation.
Nearly half a billion people in India came online last decade. And slowly, small businesses and merchants are also beginning to use digital tools, storage services, and accept online payments.
India has emerged as one of the emerging leading grounds for cloud services. The public cloud services market of the country is estimated to reach $7.1 billion by 2024, according to research firm IDC.
This is a developing story. More to follow…