Twitter Spaces now let you invite co-hosts

Fleets weren’t long for this world, but Twitter’s product teams aren’t slowing down on bringing new stuff to Spaces, the company’s own take on audio rooms. Twitter introduced Spaces in a limited test last year, expanding the Clubhouse copycat feature more broadly to anyone with at least 600 followers in May.

Now, Twitter is giving Space hosts the ability to add two co-hosts, who they can rope in through an invite system. Spaces will allow one main host, two additional co-hosts and up to 10 speakers. Additional co-hosts will make the task of moderation much more manageable, as they’ll be able to vet speaker requests, tap speakers and give anyone in the Space the boot.

With Fleets out of the picture, Twitter’s Spaces are the only feature for now that lives above the main feed in the Twitter app. That virtual real estate, which has echoes of Instagram’s Stories, draws the eye to anything that a social network wants its users to check out first. Twitter also began rolling out a dedicated tab to make it easier to discover Spaces, surfacing live audio rooms in real time in a central location.

A number of major apps spliced live audio chat rooms into their platforms in light of Clubhouse’s breakout run. In June, Spotify launched Greenroom, a standalone app that allows people to create 1,000-person voice events. Naturally, Facebook also launched its own spin on live audio rooms (called Live Audio Rooms) in June. Discord, already a leader in voice-based chat, added its own Clubhouse-like event channels in March. Twitter followed the same trend with Spaces, but unlike with Fleets, it looks like the company plans to continue supporting the relatively new feature.


Source: Tech Crunch

A blueprint for building a great startup founding team

In a company’s early days, the difference between C-level executives and the rest of the organization is simple — employees can walk away from a failure, but the leaders cannot. Under these conditions, certain kinds of people thrive in leadership roles and can take a company from ideation to production.

While there’s no magic formula for what works and what doesn’t, successful startups share common traits in terms of the way their foundational leadership teams are built.

We’ve all experienced what it looks like on the negative end of the spectrum — people making points simply to hear their own voice, leaders competing for credit and clashing agendas. When people would rather be heard than contribute, the output suffers. Members of a healthy leadership team are unafraid to let others have the limelight, because they trust the mission and the culture they’ve built together.

An honest self-assessment is necessary and this is something that only exceptional and selfless founders are capable of.

We are all imperfect human beings, founders included. There are always going to be moments that leaders can’t predict, and mistakes come with the territory. The right leadership team should be able to mitigate the unexpected, and sometimes make the future easier to predict. Putting the right people in the right roles early on can be the difference between success and failure — and that starts at the top.

Start by determining who will lead as CEO

Investors love founder-CEOs, and founders are often fantastic candidates for this role. But not everyone can do it well, and more importantly, not everyone wants to.

Startup founders should ask themselves a few questions before they lose sleep over the prospect of handing over the reigns:

  • Do I even want to be CEO? If yes, for how long?
  • Can I maximize the potential of the company if I’m not the CEO?
  • Am I really the best person for this job at this stage?

An honest self-assessment is necessary and this is something that only exceptional and selfless founders are capable of. In many cases, founders decide they need outside help to fill the role. While a CEO may not be your first hire — or even one of the first five — the person you choose will ultimately occupy your organization’s most critical leadership role, so choose wisely.

What to look for: Ambitious vision grounded in execution reality. Your CEO should have hands-on experience that allows them to see around corners, predict pitfalls and identify opportunities.

What to watch out for: Leaders who lack respect for the founding vision or the ability to hire and balance an executive team quickly. A good CEO should be able to manage short-term cash flow and go-to-market needs without compromising the true north, while building a foundation and culture for the long term.

Then, hire a leader for your engineering team


Source: Tech Crunch

Japanese startup ispace raises $46M to support planned moon missions

Japanese startup ispace has raised $46 million in a fresh round of Series C funding as it looks to complete three lunar lander missions in three years.

The funding will go toward the second and third of the planned missions, scheduled for 2023 and 2024. The first mission, which ispace aims to conduct in the latter half of 2022, is being furnished by earlier financing.

The Series C was led by Japanese VC firm Incubate Fund, with additional investment from partnerships managed by Innovation Engine, funds managed by SBI Investment Co., Katsunori Sago, Aizawa Investments and funds managed by HiJoJo Partners and Aizawa Asset Management. Incubate Fund’s investments in ispace stretch back to the company’s seed round in 2014.

Ispace’s total funding now stands at $195.5 million.

The company said last month it had started building the lunar landing flight module for the 2022 mission at a facility owned by space launch company ArianeGroup, in Lampoldshausen, Germany. The lander for that first mission, the Hakuto-R, will take three months to reach the moon, largely to save costs and additional weight from propellant. It will deliver a 22-pound rover for Saudi Arabia’s Mohammed bin Rashid Space Center, a lunar robot for the Japan Aerospace Exploration Agency and payload from three Canadian companies. The lander will reach the moon aboard a SpaceX Falcon 9 rocket.

The 7.5 foot-tall Hakuto-R will also be used in the second mission in 2023, to deposit a small ispace rover that will collect data to support the company’s subsequent missions to the moon. For the final mission, the Toyko-based startup is developing a larger lander in the United States.

Ispace describes its long-term goal as being a “gateway for private sector companies to bring their business to the Moon.” The company has particular interest in helping spur a space-based economy, noting on its website that the moon’s water resources represent “untapped potential.”


Source: Tech Crunch

Enterprise AI 2.0: The acceleration of B2B AI innovation has begun

Two decades after businesses first started deploying AI solutions, one can argue that they’ve made little progress in achieving significant gains in efficiency and profitability relative to the hype that drove initial expectations.

On the surface, recent data supports AI skeptics. Almost 90% of data science projects never make it to production; only 20% of analytics insights through 2022 will achieve business outcomes; and even companies that have developed an enterprisewide AI strategy are seeing failure rates of up to 50%.

But the past 25 years have only been the first phase in the evolution of enterprise AI — or what we might call Enterprise AI 1.0. That’s where many businesses remain today. However, companies on the leading edge of AI innovation have advanced to the next generation, which will define the coming decade of big data, analytics and automation — Enterprise AI 2.0.

The difference between these two generations of enterprise AI is not academic. For executives across the business spectrum — from healthcare and retail to media and finance — the evolution from 1.0 to 2.0 is a chance to learn and adapt from past failures, create concrete expectations for future uses and justify the rising investment in AI that we see across industries.

Two decades from now, when business leaders look back to the 2020s, the companies who achieved Enterprise AI 2.0 first will have come to be big winners in the economy, having differentiated their services, scooped up market share and positioned themselves for ongoing innovation.

Framing the digital transformations of the future as an evolution from Enterprise AI 1.0 to 2.0 provides a conceptual model for business leaders developing strategies to compete in the age of automation and advanced analytics.

Enterprise AI 1.0 (the status quo)

Starting in the mid-1990s, AI was a sector marked by speculative testing, experimental interest and exploration. These activities occurred almost exclusively in the domain of data scientists. As Gartner wrote in a recent report, these efforts were “alchemy … run by wizards whose talents will not scale in the organization.”


Source: Tech Crunch

Facebook cuts off NYU researcher access, prompting rebuke from lawmakers

Facebook shut down accounts belonging to two academic researchers late Tuesday, cutting off their ability to study political ads and misinformation on the world’s biggest social network.

The company accused the academics of engaging in “unauthorized scraping” and compromising user privacy on the platform, claims that Facebook’s many critics are slamming as a thin pretense for killing the transparency work.

The company took action against Laura Edelson and Damon McCoy, two well-known researchers affiliated with NYU’s Cybersecurity for Democracy project who have long sparred with the company. The move cuts off their access to Facebook’s Ad Library — one of the company’s only meaningful transparency efforts to date — and data on popular posts from the social media monitoring service CrowdTangle.

Facebook has a history with Edelson and McCoy. The company served the pair cease and desist letters just weeks before the 2020 election, calling on the team to disable an opt-in browser tool called Ad Observer and unpublish their findings. Ad Observer is a browser tool anyone can install that’s designed to give researchers a rare glimpse into how Facebook targets the ads that have transformed it into a trillion-dollar company.

“Over the last several years, we’ve used this access to uncover systemic flaws in the Facebook Ad Library, identify misinformation in political ads including many sowing distrust in our election system, and to study Facebook’s apparent amplification of partisan misinformation,” Edelson said on Twitter.

“By suspending our accounts, Facebook has effectively ended all this work. Facebook has also effectively cut off access to more than two dozen other researchers and journalists who get access to Facebook data through our project, including our work measuring vaccine misinformation with the Virality Project and many other partners who rely on our data.”

The incident set off a fresh round of criticism about the company’s preference for opacity over transparency when it comes to some of the more dangerous behavior that the platform incubates.

By Wednesday, Facebook’s actions had attracted the attention of some members of Congress. Sen. Ron Wyden (D-OR) criticized Facebook’s decision to punish the researchers under the pretense of protecting users in light of the company’s long history of invasive privacy practices. Wyden also called Facebook’s bluff over its claim that revoking researcher access is an effort to comply with a privacy order from the FTC that the company was issued for its previous user privacy violations.

Sen. Mark Warner (D-VA) also weighed in on Facebook’s latest controversy, calling the decision “deeply concerning.” Warner praised independent researchers for “consistently [improving] the integrity and safety of social media platforms by exposing harmful and exploitative activity.”

“It’s past time for Congress to act to bring greater transparency to the shadowy world of online advertising, which continues to be a major vector for fraud and misconduct,” Warner said.

Firefox developer Mozilla came to the defense of Ad Observer on Wednesday, noting that the company “reviewed it twice, conducting both a code review and examining the consent flow” before recommending the browser extension through its storefront. In a blog post, Mozilla’s head of trust stated that Facebook’s claims “simply do not hold water.”

A number of free press organizations, researchers and misinformation experts also condemned Facebook’s decision Wednesday. “Facebook’s cavalier approach to privacy enabled it to become so dominant,” The Markup’s Julia Angwin and Nabiha Syed wrote in a joint statement.

“But now, when independent researchers want to interrogate that platform and the influence it commands, Facebook is propping up user privacy as a shield to hide behind.”


Source: Tech Crunch

Dear Sophie: Which immigration options allow me to launch my own startup?

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

I’ve been working on an H-1B in the U.S. for nearly two years.

While I’m immensely appreciative of my company’s sponsorship and that I made it through the H-1B lottery and am working, I’m stuck in a rut. I really want to start something of my own and work on my own terms in the United States.

Are there any immigration options that would allow me to do that?

— Seeking Satisfaction near Stanford

Dear Seeking,

A couple of exciting immigration news updates to get us started today! In breaking startup founder news, U.S. Rep. Zoe Lofgren (D-CA) introduced the LIKE Act for startup founders in the House of Representatives last week. Below, we’ll share what this could mean for your startup aspirations. Also, U.S. Citizenship and Immigration Services (USCIS) conducted a second H-1B lottery because it didn’t receive enough H-1B petitions to meet the annual cap. So, if you or your employer were selected, be sure to file an H-1B petition by November 3.

Although job dissatisfaction and frustration on an H-1B can be normal, according to Edward Gorbis, there’s a lot you can do to take control of your U.S. immigration situation and go out on your own. I interviewed Gorbis for my podcast; he’s the founder of Career Meets World and a performance coach who works with immigrants and first-generation professionals to help them find fulfillment and thrive in their careers and life. Gorbis said that “once immigrants reach stability, they start to think, ‘Who am I, what do I value, what’s my core identity?’” It’s possible for any of us to retrain our brain for success.

Gorbis said that imagining overcoming the hurdles that stand in the way of doing the work that will fulfill you is the first step. So, here are some options that can help you imagine how to build the life of your dreams.

Become a founding CEO and raise $250,000

A great new option for aspiring entrepreneurs is International Entrepreneur Parole (IEP), a new immigration program in the United States that allows CEOs, CTOs and others to live in the U.S. and run their company for 2.5 years with an option for a 2.5-year extension. Your spouse can obtain a work permit.

How to qualify? You need to own at least 10% of a U.S. company, such as a Delaware C corporation registered in California. Ideally, you’ll want to show that your company bank account has at least $250,000 raised from qualified U.S. investors, but you can use other evidence to demonstrate that your company has the potential to grow rapidly and create jobs in the U.S.

A startup visa and path to a green card may be soon on the way for entrepreneurs and their crucial employees: Last week, Lofgren introduced the Let Immigrants Kickstart Employment (LIKE) Act. The requirements for the proposed startup visa are the same as for IEP but would allow a longer stay — up to eight years total if the startup creates jobs and generates substantial revenue.

I’m very proud to have aided in drafting the LIKE Act. It’s a thrill to see how my suggestions were included, such as making Startup Green Cards not subject to the visa bulletin, clarifying that you can seek consecutive Startup Visas from different companies, how to allocate employee visas to startups, ensuring the Startup Visa is a dual intent status, and adding premium processing. It was such a joy to be able to contribute ideas to this amazing process. I look forward to supporting this bill to become a law; please reach out to me if you want to support this worthy cause.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

See yourself at another company

There is technically no limit to how many H-1B employers you can have or how many — or few — hours you work in an H-1B position. So, think about other companies.

One option would be to have concurrent H-1Bs: Keep your current H-1B job for stability and start your own company, preferably with another individual or two, and have your startup sponsor you for an H-1B. Take a look at this Dear Sophie column for what to do before embarking on this path.

Another option would be to transfer your H-1B to another employer, or your own startup if you are going to work there. Since you already went through the H-1B lottery with your current employer, you will not have to go through the lottery process again for a second H-1B whether you choose the concurrent or transfer option.

Setting up a startup that can sponsor you for an H-1B is complicated, so I suggest you work with both a corporate attorney and an immigration attorney. Keep in mind that you will not be able to do any work for your startup until an H-1B with your startup has been approved, which is why having co-founders is helpful. Another reason is H-1Bs require an employer-employee relationship between a startup and the H-1B candidate. That means a co-founder — or the startup’s board — must supervise you and have the ability to fire you. Moreover, we often advise founders that it may be best to own less than a 50% stake in the startup when applying for an H-1B.

Consider a green card

If you end up pursuing concurrent H-1Bs, consider asking your employer whether it is willing to sponsor you for a green card. If that’s not the case, your startup can sponsor you for one, or you can self-petition for a green card:

All EB-2 green cards — except the EB-2 NIW — and the EB-3 green card require labor certification approval (PERM) from the U.S. Department of Labor. The two green cards that allow an individual to self-sponsor are the EB-1A and EB-2 NIW.

Imagine yourself doing gigs in your field

Many startup founders qualify for an O-1A extraordinary ability visa. However, you cannot have both an H-1B and an O-1A at the same time, so if your startup sponsors you for an O-1A, you will be required to leave your current H-1B job once an O-1A is approved.

An O-1A offers more flexibility than an H-1B. You can work for a single petitioning company or on multiple gigs through an agent. However, qualifying for an O-1A is more difficult than an H-1B. Resources, such as through my firm, support people with getting qualified. The one similarity with the H-1B is that you must show your startup and you have an employer-employee relationship.

Invest in your own company

The E-2 visa for treaty investors and employees is ideal for startup founders whose home country has a treaty of commerce and navigation with the U.S. Here is a list of treaty countries. For more details on E-2 visas for founders and employees, check out this previous Dear Sophie column and podcast episode.

Although there is no minimum dollar amount that a founder must invest in a startup to qualify for an E-2, we often advise founders to invest at least $100,000 to have a strong case. You cannot have both an H-1B and an E-2, so you will need to leave your current H-1B job if your E-2 is approved.

An immigration attorney can offer additional options based on your personal circumstances and legal advice tailored to you.

Enjoy the journey of building your dreams!

Sophie


Have a question for Sophie? Ask it here. We reserve the right to edit your submission for clarity and/or space.

The information provided in “Dear Sophie” is general information and not legal advice. For more information on the limitations of “Dear Sophie,” please view our full disclaimer. You can contact Sophie directly at Alcorn Immigration Law.

Sophie’s podcast, Immigration Law for Tech Startups, is available on all major platforms. If you’d like to be a guest, she’s accepting applications!


Source: Tech Crunch

Match Group to add audio and video chat, including group live video, to its dating app portfolio

Dating app maker and Tinder parent Match Group said during its Q2 earnings it will bring audio and video chat, including group live video, and other livestreaming technologies to several of the company’s brands over the next 12 to 24 months. The developments will be powered by innovations from Hyperconnect, the social networking company that this year became Match’s biggest acquisition to date when it bought the Korean app maker for a sizable $1.73 billion. 

Since then, Match Group has been relatively quiet about its specific plans for Hyperconnect’s tech or its longer-term strategy with the operation, although Tinder was briefly spotted testing a group video chat feature called Tinder Mixer earlier this summer. The move had seemed to signal some exploration of social discovery features in the wake of the Hyperconnect deal. However, Tinder told us at the time the company had no plans to bring that specific product to market in the year ahead.

On Tuesday’s earnings, Match Group offered a little more insight into the future of Hyperconnect, following the acquisition’s official close in mid-June.

According to Match Group CEO Shar Dubey, who stepped into the top job last January, the company is excited about the potential to integrate technologies Hyperconnect has developed into existing Match-owned dating apps.

This includes, she said, “AR features, self-expression tools, conversational AI and a number of what we would consider metaverse elements, which have the element to transform the online meeting and getting-to-know-each-other process,” Dubey explained, without offering further specific details about how the products would work or which apps would receive these enhancements.

Many of these technologies emerged from Hyperconnect’s lab, Hyper X — the same in-house incubator whose first product is now one of the company’s flagship apps, Azar, which joined Match Group with the acquisition.

Dubey also noted that the work to begin these tech integrations was already underway at the company.

By year-end, Match Group said it expects to have at least two of its brands integrated with technologies from Hyperconnect. A number of other brands will implement Hyperconnect capabilities by year-end 2022.

In doing so, Match aims to transform what people think of when it comes to online dating.

To date, online dating has been a fairly static experience across the industry, where apps focus largely on profiles and photos, and then offer some sort of matching technique — whether swipes or quizzes or something else. Tinder, in more recent years, began to break out of that mold as it innovated with an array of different experiences, like its choose-your-own-adventure in-app video series, “Swipe Night,” video profiles, instant chat features (via Tinder’s product, Hot Takes) and others. But it still lacked some of the real-time elements that people have when meeting one another in the real world.

This is an area where Match believes Hyperconnect can help to improve the online dating experience.

“One of the holy grails for us in online dating has always been to bridge the disconnect that happens between people chatting online and then meeting someone in person,” Dubey said. “These technologies will eventually allow us to build experiences that will help people determine if they have that much elusive chemistry or not… Our ultimate vision here is for people to never have to go on a bad first date again,” she added.

Of course, Match Group’s positioning of the Hyperconnect deal as being more interesting because the innovation it brings — and not just the standalone apps it operates — also comes at a time when those apps have not met the company’s expectations on revenue.

In the second half the of 2021, Match Group said it expects Hyperconnect to contribute to $125 to $135 million in revenue — a financial outlook that the company admits reflects some pullback. It attributed this largely to COVID impacts, particularly in the Asia-Pacific region where Hyperconnect’s apps operate. Other impacts to Hyperconnect’s growth included a more crowded marketplace and Apple’s changes to IDFA (Identifier for Advertisers), which has impacted a number of apps — including other social networking apps, like Facebook.

While Match still believes Hyperconnect will post “solid revenue growth” in 2021, it said that these new technology integrations into the Match Group portfolio are now “a higher priority” for the company.

Match Group posted mixed earnings in Q1, with revenue of $707.8 million, above analyst estimates, but earnings per share of 46 cents, below projections of 49 cents a share. Paying customers grew 15% to 15 million, up from 13 million in the year-ago quarter. Shares declined by 7% on Wednesday morning, following the earnings announcement.


Source: Tech Crunch

Embodied AI, superintelligence and the master algorithm

Superintelligence, roughly defined as an AI algorithm that can solve all problems better than people, will be a watershed for humanity and tech.

Even the best human experts have trouble making predictions about highly probabilistic, wicked problems. And yet those wicked problems surround us. We are all living through immense change in complex systems that impact the climate, public health, geopolitics and basic needs served by the supply chain.

Just determining the best way to distribute COVID-19 vaccines without the help of an algorithm is practically impossible. We need to get smarter in how we solve these problems — fast.

Superintelligence, if achieved, would help us make better predictions about challenges like natural disasters, building resilient supply chains or geopolitical conflict, and come up with better strategies to solve them. The last decade has shown how much AI can improve the accuracy of our predictions. That’s why there is an international race among corporations and governments around superintelligence.

In the next year and a half, we’re going to see increasing adoption of technologies that will trigger a broader industry shift, much as Tesla triggered the transition to EVs.

Highly credible think tanks like Deepmind and OpenAI say that the path to superintelligence is visible. Last month, Deepmind said reinforcement learning (RL) could get us there, and RL is at the heart of embodied AI.

What is embodied AI?

Embodied AI is AI that controls a physical “thing,” like a robot arm or an autonomous vehicle. It is able to move through the world and affect a physical environment with its actions, similar to the way a person does. In contrast, most predictive models live in the cloud doing things such as classifying text or images, steering flows of bits without ever moving a body through three-dimensional space.

For those who work in software, including AI researchers, it is too easy to forget the body. But any superintelligent algorithm needs to control a body because so many of the problems we confront as humans are physical. Firestorms, coronaviruses and supply chain breakdowns need solutions that aren’t just digital.

All the crazy Boston Dynamics videos of robots jumping, dancing, balancing and running are examples of embodied AI. They show how far we’ve come from early breakthroughs in dynamic robot balancing made by Trevor Blackwell and Anybots more than a decade ago. The field is moving fast and, in this revolution, you can dance.

What’s blocked embodied AI up until now?

Challenge 1: One of the challenges when controlling machines with AI is the high dimensionality of the world — the sheer range of things that can come at you.


Source: Tech Crunch

India’s BharatPe valued at $2.85 billion in Tiger Global-led $370 million funding

Indian fintech startup BharatPe has raised $370 million in a new round of financing as it looks to aggressively scale its business in the next two years. It’s the nineteenth Indian startup to become a unicorn this year (up from 11 last year) as several high-profile global investors double down in the South Asian market.

The new round — a Series E — was led by Tiger Global and valued the New Delhi-based startup at $2.85 billion (post-money), it said in a statement Tuesday evening. Dragoneer Investor Group and Steadfast Capital also participated in the new round, which brings the startup’s to-date raise to over $580 million against equity.

Tuesday’s news confirms a TechCrunch scoop from June in which we reported that the four-year-old startup was looking to raise about $250 million at a pre-money valuation of $2.5 billion. BharatPe was valued at about $900 million in its Series D round in February this year, and $425 million last year.

BharatPe co-founder Ashneer Grover confirmed that the startup was indeed looking to raise $250 million until inbound requests from investors prompted an oversubscription. The new investment also includes some secondary transactions.

BharatPe, which counts Coatue, Ribbit Capital and Sequoia Capital India among its existing investors, operates an eponymous service to help offline merchants accept digital payments and secure working capital.

Even as India has already emerged as the second-largest internet market, with more than 650 million users, much of the country remains offline.

Among those outside of the reach of the internet are merchants running small businesses, such as roadside tea stalls and neighborhood stores. To make these merchants comfortable with accepting digital payments, BharatPe relies on QR codes and point of sale machines that support government-backed UPI payments infrastructure.

Scores of giants and startups are attempting to serve neighborhood stores in India. Image Credits: Bank of America Research

The startup, which serves more than 7 million merchants in over 130 Indian cities, said it has disbursed close to $300 million to merchant partners. It does not charge merchants for universal QR code access, but is looking to make money by lending.

The startup plans to expand its product offerings as well as work with Centrum Financial Services, with which it was recently granted the license by India’s central bank (Reserve Bank of India) to set up a small finance bank. (Centrum Financial Services has collaborated with BharatPe for the license, and the Indian startup says the two are “equal” partners.)

Tuesday’s development further illustrates the growing interest of Tiger Global in India. The New York-headquartered firm has backed dozens of Indian startups, including social commerce startup DealShare, edtech Classplus, Apna (an app that helps blue-collar workers connect with recruiters) and home services platform Urban Company in recent months.

On Tuesday, Infra.Market, an Indian startup that helps construction and real estate companies procure materials and handle logistics for their projects, said it had raised $125 million in a round led also by Tiger Global.

 


Source: Tech Crunch

Security flaws found in popular EV chargers

U.K. cybersecurity company Pen Test Partners has identified several vulnerabilities in the APIs of six home electric vehicle charging brands and a large public EV charging network. While the charger manufacturers resolved most of the issues, the findings are the latest example of the poorly regulated world of Internet of Things devices, which are poised to become all but ubiquitous in our homes and vehicles.

Vulnerabilities were identified in the API of six different EV charging brands — Project EV, Wallbox, EVBox, EO Charging’s EO Hub and EO mini pro 2, Rolec and Hypervolt — and public charging network Chargepoint. Security researcher Vangelis Stykas identified several security flaws among the various brands that could have allowed a malicious hacker to hijack user accounts, impede charging and even turn one of the chargers into a “backdoor” into the owner’s home network.

The consequences of a hack to a public charging station network could include theft of electricity at the expense of driver accounts and turning chargers on or off.

A Raspberry Pi in a Wallbox charger. Image Credits: Pen Test Partners (opens in a new window

Some EV chargers used a Raspberry Pi compute module, a low-cost computer that’s often used by hobbyists and programmers.

“The Pi is a great hobbyist and educational computing platform, but in our opinion it’s not suitable for commercial applications as it doesn’t have what’s known as a ‘secure bootloader,’” Pen Test Partners founder Ken Munro told TechCrunch. “This means anyone with physical access to the outside of your home (hence to your charger) could open it up and steal your Wi-Fi credentials. Yes, the risk is low, but I don’t think charger vendors should be exposing us to additional risk.”

The hacks are “really fairly simple,” Munro said. “I can teach you to do this in five minutes,” he added.

The company’s report, published this past weekend, touched on vulnerabilities associated with emerging protocols like the Open Charge Point Interface, maintained and managed by the EVRoaming Foundation. The protocol was designed to make charging seamless between different charging networks and operators.

Munro likened it to roaming on a cell phone, allowing drivers to use networks outside of their usual charging network. OCPI isn’t widely used at the moment, so these vulnerabilities could be designed out of the protocol. But if left unaddressed, it could mean “that a vulnerability in one platform potentially creates a vulnerability in another,” Stykas explained.

Hacks to charging stations have become a particularly nefarious threat as a greater share of transportation becomes electrified and more power flows through the electric grid. Electric grids are not designed for large swings in power consumption — but that’s exactly what could happen, should there be a large hack that turned on or off a sufficient number of DC fast chargers.

“It doesn’t take that much to trip the power grid to overload,” Munro said. “We’ve inadvertently made a cyberweapon that others could use against us.”

The “Wild West” of cybersecurity

While the effects on the electric grid are unique to EV chargers, cybersecurity issues aren’t. The routine hacks reveal more endemic issues in IoT devices, where being first to market often takes precedence over sound security — and where regulators are barely able to catch up to the pace of innovation.

“There’s really not a lot of enforcement,” Justin Brookman, the director of consumer privacy and technology policy for Consumer Reports, told TechCrunch in a recent interview. Data security enforcement in the United States falls within the purview of the Federal Trade Commission. But while there is a general-purpose consumer protection statute on the books, “it may well be illegal to build a system that has poor security, it’s just whether you’re going to get enforced against or not,” said Brookman.

A separate federal bill, the Internet of Things Cybersecurity Improvement Act, passed last September but only broadly applies to the federal government.

There’s only slightly more movement on the state level. In 2018, California passed a bill banning default passwords in new consumer electronics starting in 2020 — useful progress to be sure, but which largely puts the burden of data security in the hands of consumers. California, as well as states like Colorado and Virginia, also have passed laws requiring reasonable security measures for IoT devices.

Such laws are a good start. But (for better or worse) the FTC isn’t like the U.S. Food and Drug Administration, which audits consumer products before they hit the market. As of now, there’s no security check on technology devices prior to them reaching consumers. Over in the United Kingdom, “it’s the Wild West over here as well, right now,” Munro said.

Some startups have emerged that are trying to tackle this issue. One is Thistle Technologies, which is trying to help IoT device manufacturers integrate mechanisms into their software to receive security updates. But it’s unlikely this problem will be fully solved on the back of private industry alone.

Because EV chargers could pose a unique threat to the electric grid, there’s a possibility that EV chargers could fall under the scope of a critical infrastructure bill. Last week, President Joe Biden released a memorandum calling for greater cybersecurity for systems related to critical infrastructure. “The degradation, destruction or malfunction of systems that control this infrastructure could cause significant harm to the national and economic security of the United States,” Biden said. Whether this will trickle down to consumer products is another question.


Source: Tech Crunch