All posts in “Security”

Data is the name of the game, as Intel Capital puts $60M in 15 startups, $566M in 2017 overall


Intel Capital, the investment arm of the processor giant, is today announcing its latest tranche of investments, a total of nearly $60 million going in to 15 startups that are working on solving different problems in the bigger area of big data (with a full rundown below). The investments come on the back of a big year for the group: In 2017 so far, Intel says that it’s invested $566 million in startups in its portfolio.

The focus on big data in this latest group of startups comes out of a new turn for Intel and how it’s been making strategic investments in recent times.

Intel Capital is one of the bigger names when it comes corporate tech investing. In total, it has invested $12.2 billion in 1,500 companies since 1991. But the operation went through a rocky patch in 2016 — where its parent considered selling its portfolio for $1 billion in 2016, yet instead opted instead to restructure.

Part of the outcome of that has been a lot more strategic focus for Intel Capital, where the investments are made to fit more closely with how Intel would like to position its wider business. And as Intel looks for new areas of business like connected cars and healthcare where it can carve out a position for its chipmaking operations, data is one of the pervasive themes.

“The world is undergoing a data explosion,” said Wendell Brooks, Intel SVP and president of Intel Capital, in a statement. “By 2020, every autonomous vehicle on the road will create 4 TB of data per day. A million self-driving cars will create the same amount of data every day as 3 billion people. As Intel transitions to a data company, Intel Capital is actively investing in startups across the technology spectrum that can help expand the data ecosystem and pathfind important new technologies,” Brooks said. (If you’re wondering about “pathfind” — this might help).

Another outcome has been a push for more diversity: Intel says that now 10 percent of its portfolio is led by women and other underrepresented groups in the tech industry. The cohort today meanwhile hails from the United States, Canada, China, Israel and Japan.

There have been other recent announcements that point to Intel’s more focused investing approach. For example, in September the company announced that it had invested over $1 billion in AI companies.

Intel’s making a bigger presentation about the investments in its CEO Showcase today. You can watch that event here. Here’s a rundown of the companies, and we have reached out to Intel to get an idea of the full size of the round for each, although generally Intel doesn’t break out its own individual investments. We’ll update as and when we learn more:

Amenity Analytics (New York, U.S.): text analytics platform to identify actionable signals from unstructured data using machine learning, sentiment analysis and predictive analytics.

Bigstream (Mountain View, California, U.S.): “hyper-acceleration technology” for performance gains on Apache Spark using hardware and software accelerators. Uses advanced compiler technology and transparent support for FPGAs. “Unlike other approaches, Bigstream requires no application code changes or special APIs.”

LeapMind (Tokyo, Japan): focused on improving the accuracy of neural network models and is researching and developing innovative algorithms to reduce the computational complexity of deep learning and original chip architectures for use in small computing environments.

Synthego (Redwood City, California, U.S.): genome engineering solutions. Products include software and synthetic RNA kits designed for CRISPR genome editing and research.  

AdHawk Microsystems (Kitchener, Ontario, Canada): focuses on human-computer interaction using a camera-free eye tracking system, aimed to be used in AR/VR experiences.

Trace (Los Angeles, U.S.): sports AI startup currently focused on soccer, mountain sports and water sports using sensors, video and AI to make performance insights and video highlights.

Bossa Nova Robotics (San Francisco, U.S.): autonomous service robots for the global retail industry.

EchoPixel (Mountain View, California, U.S.): 3D medical visualization software that allows medical professionals to interact with organs and tissues in a 3D space. Its product True 3D is in use at UC San Francisco, Stanford, Cleveland Clinic, Lahey Clinic and Hershey Medical Center.

Horizon Robotics (Beijing, China): integrated and open embedded AI solutions, designing “robot brains” for 1,000 categories of devices.

Reniac (Mountain View, California, U.S.): IO bottleneck solutions. Its Distributed Data Engine “is architected to benefit databases, file systems, networking and storage solutions while freeing more CPU resources to creating business value.”

TileDB Inc. (Cambridge, Massachusetts, U.S.): manages the TileDB project created at the Intel Science and Technology Center for Big Data, a collaboration between Intel Labs and MIT, focused on “managing massive, multidimensional array data that frequently arise from scientific applications.”

Alcide (Tel Aviv, Israel): network security platform for any combination of container, VM and bare metal data centers operated by multiple orchestration systems, aimed at cyberattacks. Startup is in stealth mode.

Eclypsium (Portland, Oregon, U.S.): technology for organizations to defend their systems against firmware, hardware and supply chain attacks, offering visibility for monitoring systems in their infrastructure for firmware threats and supply chain compromise.

Intezer (Tel Aviv, Israel): cybersecurity solutions for biological immune system concepts, applying a “DNA approach to code.” The world’s first “Code Genome Database” that maps “billions of small fragments of malicious and trusted software.”

Synack (Redwood City, California, U.S.): scalable, continuous, “hacker-powered” testing platform for uncovering security vulnerabilities. It’s hitting a lot of other buzzwords…. Its “on-demand crowdsourced” security platform offers practical insights, analytics and actionable data.

Swedish lock giant Assa Abloy acquires smart lock maker August Home


The smart home market continues to heat up, and the legacy giants do not want to get locked out: quite literally. This morning, Assa Abloy, the $23 billion Swedish lock giant that owns Yale and many other brands — announced that it is buying US-based smart lock maker August Home to double down on new technology. 

Terms of the deal are not being disclosed but we have asked both August and Assa Abloy and will update this post as we learn more. Pending regulatory approvals, Assa Abloy says the acquisition will close in the fourth quarter of 2017.

August has confirmed to us that co-founder Jason Johnson will remain CEO of August Home, and Yves Behar will continue in his co-founder role as well. The company will keep its branding and operate under the  Americas division of ASSA ABLOY.

“I am very pleased to welcome August into the ASSA ABLOY Group. August constitutes a strategic addition to the Group and reinforces our position in the residential smart door market,” Johan Molin, President and CEO of Assa Abloy, said in a statement.

“August Home strengthens our residential smart door strategy with complementary smart locks, expansion into video doorbells and comprehensive solutions for home delivery,” Thanasis Molokotos, its EVP and head of Americas added.

The news comes at a tumultuous time for Assa Abloy — it announced earlier this month that CEO Johan Molin is considering exiting the company next year, although he is still making prominent statements in support of the company’s acquisition strategy and future plans, as you can see here. 

Assa Abloy is the very definition of an old-guard giant that is now figuring out its steps in a new world very much being shaped by technology. The company has been in business in some form since 1881 (although the currently publicly traded company has been around since 1994). The company employs 47,000 people and has annual sales of about $8 billion.

August, in contrast, has been around since 2013 and has 90 employees. But it has become a market leader in the emerging connected security space, courtesy of its smart home locks and door bells.

The smart lock market is still a relatively nascent area. To put this deal into some context, August Home’s revenues for 2018 are expected to be $60 million, Assa Abloy noted today, or 0.75% of Assa Abloy’s entire current business. Future projections of the value of this market vary widely: one estimate puts it at $1.17 billion by 2023; another has boldly predicted it will be worth $24 billion by 2024.

August had raised around $75 million in venture funding, with the most recent round closing only in July of this year. Investors were a long list that included strategics like Japan’s KDDI and Qualcomm, as well as Maveron, Bessemer, Rho, Cowboy Ventures and a number of individual investors.

August has been growing fairly quickly on its own in recent years, courtesy of distribution deals with mega-retailers in the U.S. like Best Buy. Back in July, the hardware startup raised a $25 million series C, with plans to beef of August Access, the company’s partner platform. Late last month, it also found a partner in mega-retailer Wal-mart, which announced its intentions to use the company’s connected locks as part of its delivery services. Among other things, this deal should increase August’s international presence.

Updated with more detail on August under its new owner. We will update this post as we learn more.

GCHQ Cyber Accelerator doubles down for second intake


A cyber security accelerator with links to the UK’s GCHQ intelligence agency is doubling down for a second program that’s larger and longer than the inaugural bootcamp which kicked off in January.

The second cohort, announced today, will go through a nine month program vs three. There’s also more of them: Nine startups vs seven. And more cash on the table for selected teams, with £25,000 apiece vs the original £5k grant.

Startups in the first cohort were not required to give up any equity to participate, with neither GCHQ nor Wayra investing at that point. We’ve asked whether that situation has changed for the second batch of teams now that the program has been expanded and will update this story with any response. Update: No change, but see below for a quick Q&A with a spokesman for the accelerator.

The expanded program will offer selected teams access to technological and security expertise from GCHQ, the National Cyber Security Centre and Telefónica, which is the partner organization running the accelerator program (under its Wayra UK bootcamp banner), as well as the usual mix of mentoring, business services and office space.

The nine startups selected for the program play in a wide range of areas, from age verification online, to security skills, to blockchain cybercrime to IoT (in)security.

They are:

  • Cybershield detects phishing and spear phishing, and alerts employees before they mistakenly act on deceptive emails 
  • Elliptic detects and investigates cybercrime involving crypto-currencies, enabling the company to identify illicit blockchain activity and provide intelligence to financial institutions and law enforcement agencies
  • ExactTrak supplies embedded technology that protects data and devices, giving the user visibility and control even when the devices are turned off
  • Intruder provides a proactive security monitoring platform for Internet-facing systems and businesses, detecting system weaknesses before hackers do
  • Ioetec provides a plug-and-play cloud service solution to connect Internet of Things devices with end-to-end authenticated, encrypted security
  • RazorSecure provides advanced intrusion and anomaly detection for aviation, rail and automotive sectors
  • Secure Code Warrior has built a hands-on, gamified Software-as-a-Service learning platform to help developers write secure code
  • Trust Elevate solves the problem of age verification and parental consent for young adults and children in online transactions
  • Warden helps businesses protect their users from hacks in real time by monitoring for suspicious activity 

For cyber security startups joining the program it’s proximity to the UK’s domestic spy agency and the chance to impress spooks — and potentially tap into a chunk of the £165 million ($250M) Defence and Cyber Innovation Fund announced by the government two years ago — that is surely the biggest draw here.

The government said the aim of the fund was to widen procurement for security technologies via investing in cyber security and defense startups. It has been said to be “loosely inspired” by In-Q-Tel — aka the CIA’s VC arm.

parliamentary question to the UK secretary of state for defense last month, asking how much of the money had been allocated so far and for what purposes, suggests around £10M per year apiece is being made available for defense and cyber security related support — including investing in startups.

“£10 million out of the £155 million is available in this financial year to the Defence Innovation Fund, to support innovative procurement across Defence. The Fund is harnessing the best ideas from inside and outside of Defence through activities such as themed competitions and the Open Call for Innovation, delivered using the Defence and Security Accelerator,” said Harriett Baldwin, responding to the parliamentary question.

“The government also allocated £10 million to establish a Cyber Innovation Fund. This supports the UK’s national security requirements by providing innovative start-ups with financial and procurement support,” she added.

The GCHQ Cyber Accelerator is part of a wider £1.9 billion investment aimed at significantly transforming the UK’s cyber security capabilities via a national strategy.

Q&A

TC: It’s a big jump from three months to a nine month program. Was three months judged to be just too short?
Spokesman: After the successful first phase of the program, we believe we can develop the start-ups even further via a longer program, ensuring the companies gain maximum advantage of this opportunity.

TC: Where is the funding coming from? Is this all UK government money?
Spokesman: The Accelerator is funded through the National Cyber Security Program, delivered through the Department of Digital, Culture, Media and Sport and the NCSC. Wayra UK and Telefónica provide additional funding support and activities to further increase the benefit for the cohort.

TC: Where are the teams from? Presumably not all from the UK?
Spokesman: All of the companies are UK-registered companies. The founders include British, Spanish, Venezuelan and Irish nationals, and we received applications from all around the world.

One of the requirements is that they be UK-registered in order to grow the UK cyber ecosystem and support the NCSC’s mission to make the UK the safest place to live and work online.

TC: Can you also confirm whether Wayra (or GCHQ) is taking any equity in the teams this time around?
Spokesman: Neither GCHQ, the NCSC or DCMS will be taking equity in any of the companies. However, our accelerator partner (Wayra) and other companies supporting the start-ups are welcome to invest if they wish and the companies agree to this, but this is not a requirement for entry to the program.

Featured Image: GCHQ/Crown Copyright

Apple responds to Senator Franken’s Face ID privacy concerns


Apple has now responded to a letter from Senator Franken last month in which he asked the company to provide more information about the incoming Face ID authentication technology which is baked into its top-of-the-range iPhone X, due to go on sale early next month.

As we’ve previously reported, Face ID raises a range of security and privacy concerns because it encourages smartphone consumers to use a facial biometric for authenticating their identity — and specifically a sophisticated full three dimensional model of their face.

And while the tech is limited to one flagship iPhone for now, with other new iPhones retaining the physical home button plus fingerprint Touch ID biometric combo that Apple launched in 2013, that’s likely to change in future.

After all, Touch ID arrived on a single flagship iPhone before migrating onto additional Apple hardware, including the iPad and Mac. So Face ID will surely also spread to other Apple devices in the coming years.

That means if you’re an iOS user it may be difficult to avoid the tech being baked into your devices. So the Senator is right to be asking questions on behalf of consumers. Even if most of what he’s asking has already been publicly addressed by Apple.

Last month Franken flagged what he dubbed “substantial questions” about how “Face ID will impact iPhone users’ privacy and security, and whether the technology will perform equally well on different groups of people”, asking Apple for “clarity to the millions of Americans who use your products” and how it had weighed privacy and security issues pertaining to the tech itself; and for additional steps taken to protect users.

Here’s the full list of 10 questions the Senator put to the company:

1.      Apple has stated that all faceprint data will be stored locally on an individual’s device as opposed to being sent to the cloud.

a.      Is it currently possible – either remotely or through physical access to the device – for either Apple or a third party to extract  and obtain usable faceprint data from the iPhone X?

b.      Is there any foreseeable reason why Apple would decide to begin storing such data remotely?

2.     Apple has stated that it used more than one billion images in developing the Face ID algorithm. Where did these one billion face images come from?

3.     What steps did Apple take to ensure its system was trained on a diverse set of faces, in terms of race, gender, and age? How is Apple protecting against racial, gender, or age bias in Face ID?

4.     In the unveiling of the iPhone X, Apple made numerous assurances about the accuracy and sophistication of Face ID. Please describe again all the steps that Apple has taken to ensure that Face ID can distinguish an individual’s face from a photograph or mask, for example.

5.     Apple has stated that is has no plans to allow any third party applications access to the Face ID system or its faceprint data. Can Apple assure its users that it will never share faceprint data, along with the tools or other information necessary to extract the data, with any commercial third party?

6.      Can Apple confirm that it currently has no plans to use faceprint data for any purpose other than the operation of Face ID?

7.     Should Apple eventually determine that there would be reason to either begin storing faceprint data remotely or use the data for a purpose other than the operation of Face ID, what steps will it take to ensure users are meaningfully informed and in control of their data?

8.      In order for Face ID to function and unlock the device, is the facial recognition system “always on,” meaning does Face ID perpetually search for a face to recognize? If so:

a.      Will Apple retain, even if only locally, the raw photos of faces that are used to unlock (or attempt to unlock) the device?

b.      Will Apple retain, even if only locally, the faceprints of individuals other than the owner of the device?

9.      What safeguards has Apple implemented to prevent the unlocking of the iPhone X when an individual other than the owner of the device holds it up to the owner’s face?

10.   How will Apple respond to law enforcement requests to access Apple’s faceprint data or the Face ID system itself?

In its response letter, Apple first points the Senator to existing public info — noting it has published a Face ID security white paper and a Knowledge Base article to “explain how we protect our customers’ privacy and keep their data secure”. It adds that this “detailed information” provides answers “all of the questions you raise”.

But also goes on to summarize how Face ID facial biometrics are stored, writing: “Face ID data, including mathematical representations of your face, is encrypted and only available to the Secure Enclave. This data never leaves the device. It is not sent to Apple, nor is it included in device backups. Face images captured during normal unlock operations aren’t saved, but are instead immediately discarded once the mathematical representation is calculated for comparison to the enrolled Face ID data.”

It further specifies in the letter that: “Face ID confirms attention by directing the direction of your gaze, then uses neural networks for matching and anti-spoofing so you can unlock your phone with a glance.”

And reiterates its prior claim that the chance of a random person being able to unlock your phone because their face fooled Face ID is approximately 1 in 1M (vs 1 in 50,000 for the Touch ID tech). After five unsuccessful match attempts a passcode will be required to unlock the device, it further notes.

“Third-party apps can use system provided APIs to ask the user to authenticate using Face ID or a passcode, and apps that support Touch ID automatically support Face ID without any changes. When using Face ID, the app is notified only as to whether the authentication was successful; it cannot access Face ID or the data associated with the enrolled face,” it continues.

On questions about the accessibility of Face ID technology, Apple writes: “The accessibility of the product to people of diverse races and ethnicities was very important to us. Face ID uses facial matching neural networks that we developed using over a billion images, including IR and depth images collected in studies conducted with the participants’ informed consent.”

The company had already made the “billion images” claim during its Face ID presentation last month, although it’s worth noting that it’s not saying — and has never said — it trained the neural networks on images of a billion different people.

Indeed, Apple goes on to tell the Senator that it relied on a “representative group of people” — though it does not confirm exactly how many individuals, writing only that: “We worked with participants from around the world to include a representative group of people accounting for gender, age, ethnicity and other factors. We augmented the studies as needed to provide a high degree of accuracy for a diverse range of users.”

There’s obviously an element of commercial sensitivity at this point, in terms of Apple cloaking its development methods from competitors. So you can understand why it’s not disclosing more exact figures. But of course Face ID’s robustness in the face of diversity remains to be proven (or disproven) when iPhone X devices are out in the wild.

Apple also specifies that it has trained a neural network to “spot and resist spoofing” to defend against attempts to unlock the device with photos or masks. Before concluding the letter with an offer to brief the Senator further if he has more questions.

Notably Apple hasn’t engaged with Senator Franken’s question about responding to law enforcement requests — although given enrolled Face ID data is stored locally on a user’s device in the Secure Element as a mathematical model, the technical architecture of Face ID has been structured to ensure Apple never takes possession of the data — and couldn’t therefore hand over something it does not hold.

The fact Apple’s letter does not literally spell that out is likely down to the issue of law enforcement and data access being rather politically charged.

In his response to the letter, Senator Franken appears satisfied with the initial engagement, though he also says he intends to take the company up on its offer to be briefed in more detail.

“I appreciate Apple’s willingness to engage with my office on these issues, and I’m glad to see the steps that the company has taken to address consumer privacy and security concerns. I plan to follow up with Apple to find out more about how it plans to protect the data of customers who decide to use the latest generation of iPhone’s facial recognition technology,” he writes.

“As the top Democrat on the Privacy Subcommittee, I strongly believe that all Americans have a fundamental right to privacy,” he adds. “All the time, we learn about and actually experience new technologies and innovations that, just a few years back, were difficult to even imagine. While these developments are often great for families, businesses, and our economy, they also raise important questions about how we protect what I believe are among the most pressing issues facing consumers: privacy and security.”

We Heart It says a data breach affected over 8 million accounts, included emails and passwords


We Heart It, an image-sharing site used by 40 million teens as of a couple of years ago, is informing users their personal data may have been compromised. The company was alerted to a possible security breach last week that involved over 8 million accounts, it said on Friday. The breach took place a few years ago and includes email addresses, usernames and encrypted passwords for We Heart It accounts created between 2008 and November 2013.

Although the passwords were encrypted, they are not secure, the company notes.

“…the encryption algorithms commonly used to encrypt passwords in 2013 are no longer secure due to advancements in computer hardware,” reads a We Heart It blog post detailing their findings.

The company adds that, since that time, it has made improvements to its systems, security protocols, password security and its database.

It has also taken the immediate step to encrypt all current users’ passwords with additional encryption using the secure bcrypt algorithm. This process was still underway at the time of the announcement.

Over the weekend, We Heart It sent out emails to affected users to alert them to the breach.

Users are being asked to change their password if it has not been updated since 2013, as well as change that password on any other site where it’s been re-used.

Unfortunately, the company did not proactively reset users’ passwords on their behalf, as many companies do following a security breach involving account information.

However, We Heart It says that it has not found any evidence of unauthorized logins or wrong doing at this time.

We Heart It today operates two apps in addition to the We Heart It website. Its service allows users to find and save images they love like fashion inspiration, photography, wallpapers, quotes, and more, similar to Pinterest. A couple of years ago, the company released a second app, Easel, to create images and quotes using your own photos or those a pre-set selection. These apps are primarily used by teenaged girls and young adults, ranging in age from 15 to 24, and the majority (80-90%) of whom use the service via mobile.

The We Heart It app is not quite as popular as it once was. In 2015, the app was ranked in between the 40’s through 60’s in the Top Social Networking apps list on the U.S. App Store. Today, it’s ranked #85, according to App Annie.

Though nowhere near as significant in size and scale as some of the data breaches we’ve seen in recent months, like the Equifax breach or the Yahoo one, the We Heart It breach is a reminder that even old apps you’ve since abandoned can come back to haunt to you years later.