BlackBerry is buying Cylance for $1.4 billion to continue its push into cybersecurity

BlackBerry was best known for keyboard-totting smartphones, but their demise in recent years has seen the Canadia firm pivot towards enterprise services and in particular cybersecurity. That strategy takes a big step further forward today after BlackBerry announced the acquisition of AI-based cybersecurity company Cylance for a cool $1.4 billion.

Business Insider reported that a deal was close last week, and that has proven true with BlackBerry paying the full amount in cash up front. The acquisition is BlackBerry’s largest ever and it is set to close before February 2019 — the end of BlackBerry’s current financial year — and it will see Cylance operate as a separate business unit within BlackBerry’s business. The company plans to integrate Cylance technology with its Spark platform in the future.

Business Insider’s report suggested Cylance was preparing to go public until BlackBerry swooped in. That suggests BlackBerry wanted Cylance pretty badly, badly enough to part with a large chunk of the $2.4 billion cash pile that it was sitting on prior to today.

Cylance was founded in 2015 by former McAfee/Intel duo Stuart McClure (CEO) and Ryan Permeh (chief scientist) and it differentiates itself by using artificial intelligence, machine learning and more to proactively analyze and detect threats for its customers, which it said include Fortune 100 organizations and governments.

The company has raised nearly $300 million to date from investors that include Blackstone, DFJ, Khosla Ventures, Dell Technologies and KKR. Cylance is headquartered in Irvine, California, with global offices in Ireland, the Netherlands and Japan.

“Cylance’s leadership in artificial intelligence and cybersecurity will immediately complement our entire portfolio, UEM and QNX in particular. We are very excited to onboard their team and leverage our newly combined expertise. We believe adding Cylance’s capabilities to our trusted advantages in privacy, secure mobility, and embedded systems will make BlackBerry Spark indispensable to realizing the Enterprise of Things,” said BlackBerry CEO John Chen in a statement.

Chen has overseen BlackBerry’s move into enterprise services since his arrival in 2013 as part of a takeover by financial holdings firm Fairfax. Initially, things got off to a rocky start but the strategy has borne fruit. The stock price was $6.51 when Chen joined, it closed Thursday at $8.86 down from a peak of $12.66 in January. While some of the progress has been erased this year, Chen has signed on to retain the top role at BlackBerry until at least 2023, giving him a potential 10-year tenure with the company that was once the world’s number one mobile brand.

Musca is the winner of TechCrunch Battlefield Tokyo 2018

TechCrunch is in the heart of Japan and we’ve been hearing from some of Tokyo’s brightest entrepreneurs competing to win the Battlefield startup competition here. We’ve whittled down the group of 20 startups that have presented onstage for our judges, and we’re proud to announce the winner of TechCrunch Tokyo 2018.

The winner is Musca!

The startup is looking to leverage the simple housefly as a solution to the global food crisis, helping curve starvation by creating high-quality organic fertilizer and animal feed in a manner that’s much quicker than existing methods. The company’s secret weapon is a breed of flies that the company claims is more resilient and more effective. The larva help break down and dry out animal excrement which is used as high-grade fertilizer while the larva are used as feed for birds and fish. This process takes just a week, compared to the 2-3 months other solutions take.

Musca was selected after impressing our expert judges in their first round of presentation before being selected for a second round alongside the teams from Job Rainbow, Kuraseru, Aeronext, Pol and Eco-Pork.

Musca will take a home a check for 1 million yen and bragging rights as one of the top young startups in Japan.

Musca is the winner of TechCrunch Battlefield Tokyo 2018

TechCrunch is in the heart of Japan and we’ve been hearing from some of Tokyo’s brightest entrepreneurs competing to win the Battlefield startup competition here. We’ve whittled down the group of 20 startups that have presented onstage for our judges, and we’re proud to announce the winner of TechCrunch Tokyo 2018.

The winner is Musca!

The startup is looking to leverage the simple housefly as a solution to the global food crisis, helping curve starvation by creating high-quality organic fertilizer and animal feed in a manner that’s much quicker than existing methods. The company’s secret weapon is a breed of flies that the company claims is more resilient and more effective. The larva help break down and dry out animal excrement which is used as high-grade fertilizer while the larva are used as feed for birds and fish. This process takes just a week, compared to the 2-3 months other solutions take.

Musca was selected after impressing our expert judges in their first round of presentation before being selected for a second round alongside the teams from Job Rainbow, Kuraseru, Aeronext, Pol and Eco-Pork.

Musca will take a home a check for 1 million yen and bragging rights as one of the top young startups in Japan.

Court filings accidentally reveal charges against Julian Assange

In a turn of events that reads like a plot point from an unreleased Coen Brothers script, information has surfaced revealing that prosecutors have charged embattled Wikileaks founder, Julian Assange.

The information came to light as part of the recently unsealed filing of a seemingly unrelated sex crimes case. How Assange’s name and fate appeared in those court documents is apparently anyone’s guess. Wikileaks, for one, is chalking the whole kerfuffle up to a “cut-and-paste error.”

The three-page filing itself dates back to August, originating from the court of the Eastern District of Virginia. It was unsealed the following month, but hadn’t received much attention until now, when George Washington University faculty member Seamus Hughes stumbled upon an odd passage in the filing.

“[D]ue to the sophistication of the defendant and the publicity surrounding the case,” the filing reads, “no other procedure is likely to keep confidential the fact that Assange has been charged.”

Hughes suggested that the mention was a Freudian slip from someone who, “just appears to have Assange on the mind when filing motions to seal and used his name.” Ultimately, the truth of the matter seems much more unfortunate for Assange, who has been holed up in London’s Ecuadoran embassy.

“The news that criminal charges have apparently been filed against Mr. Assange is even more troubling than the haphazard manner in which that information has been revealed,” Assange lawyer Barry Pollack told The New York Times. “The government bringing criminal charges against someone for publishing truthful information is a dangerous path for a democracy to take.”

The charges could ultimately have additional cascading effects, impacting other major cases including Robert Mueller’s on-going investigation into the 2016 election.

Africa’s agtech wave gets $10 million richer as Twiga Foods raises more capital

Kenya’s Twiga Foods has raised $10 million from investors led by the International Finance Corporation to add processed food and fast moving consumer goods to its product line-up.

The startup has built a B2B platform to improve the supply chain from farmers to markets. Twiga Foods now aims to scale additional merchandise on its digital network that coordinates pricing, payment, quality control, and logistics across sellers and vendors.

CEO and co-founder Grant Brooke sees “a growth horizon…to build a B2B Amazon,” with produce as the base.

“If we can build a business around fresh fruit and vegetables, everything else after that is much simpler to add on,” he told TechCrunch.

“Fresh food and vegetables gives you clients that are ordering every two days, and now that’s paying for access to vendors and a proper way to be on every street,” said Brooke.

“It’s now much easier to lay things over that that would have been very expensive to get to end retailers.” In addition to the processed food FMCG it will add now, CEO Grant Brooke named household goods, such as light-bulbs that stock and sell in lower volumes than produce, as something the startup could include in the future.     

The $10 million IFC led investment—co-led by TLcom Capital—comes in the form of convertible notes, available later as equity, according to Wale Ayeni, regional head of IFC’s Africa VC practice. As part of the deal, Ayeni will join Twiga Foods’ board.

Of the decision to fund the startup, Ayeni indicated IFC likes what the company’s already done in “figuring out a way to service a mass market with a digital platform focused on food in a sector that’s not really been touched,” he said. Another factor was Twiga’s prospects to create additional revenue by improving B2B supply chain for FMCG and other consumer products.

Co-founded in Nairobi in 2014 by Brooke and Kenyan Peter Njonjo, Twiga Foods serves around 2000 outlets a day with produce through a network of 13,000 farmers and 6000 vendors. Parties can coordinate goods exchanges via mobile app using M-Pesa mobile money for payment.

The company has reduced typical post-harvest losses in Kenya from 30 percent to 4 percent for produce brought to market on the Twiga network, according to Brooke.

“That’s savings we can offer the outlets and better pricing we can offer the farmers,” he said.

Twiga Foods generates revenues from margins on the products it buys and sells. As an example, the company could buy bananas at around 19 Schillings ($.19) a kilo and sell at 34 ($.34) Schillings a kilo.

“Our margin is how efficient we are at moving products between those two elements” and the company purchases from farmers at roughly 10 percent higher than Kenya’s traditional produce middle-men, according to Brooke.

Agtech has become a prominent startup sector in Africa. A number of companies, such as Ghana’s Agrocenta and Nigeria’s Farmcrowdy, have raised VC for apps that coordinate payments, logistics, and working capital across the continent’s farmers and food markets.

In 2017 Twiga Foods raised a $10.3 million Series A round lead by Wamda Capital. Earlier this year the startup partnered with IBM Africa to introduce a blockchain enabled finance working capital platform to its network of vendors.

With the new investment and product expansion, Twiga Foods will explore offering additional financial services to its client network. The startup doesn’t divulge revenue information but “profitability is on the horizon for us,” said Brooke.

Twiga Foods will maintain its focus primarily on Kenya, but “we’re starting to research and dabble in Tanzania,” according to Brooke.

The startup doesn’t plan to move beyond B2B to direct online retail. “I don’t think B2C e-commerce is viable on the continent once you factor in job size and cost of acquisition versus lifetime value,” said Brooke. He also named the high cost of marketing: “In B2C e-commerce space you really have to be in the advertising space. Our clients are ordering every two days with no marketing budget,” said Brooke.

So for the time being, Twiga Foods aims to stick with improving the supply chain for products between Kenya’s buyers and sellers.

Hong Kong is adding QR code payments to its subway stations

A new dispatch from our ‘QR Codes Are Very Much Alive In Asia’ reporting program: Hong Kong’s subway system will soon allow its commuters to pay by scanning QR codes thanks to a deal with Alibaba that was announced this week.

The partnership — which is with Alibaba’s Ant Financial affiliate — will see scan-to-pay enabled at 91 MTR metro stations starting in mid-2020. Commuters will simply use Ant’s Alipay app to scan a code at the turnstile and then go on with their trip as usual. They’ll be able to top up their balance inside the app, as well as through traditional methods.

MTR also covers rail, buses and more but it isn’t clear if and when this payment option will be extended beyond subways.

Hong Kong already offers convenient cash-free payments using its Octopus card system, which has branched out from covering rides and can be used for purchases offline among many things. Octopus says that there are some 35 million active cards in circulation today — covering 99 percent of the seven million population — and the program is widely admired by other countries in Asia which are trying to replicate it.

There are said to be around 35 million Octopus cards in circulation in Hong Kong

The Alipay solution does also have its own merits, though. For one, QR code scans will work in places where internet connections are slow or inconsistent, plus the system could (should?) mean that visitors from Mainland China and other countries who already use Alipay can tap right into it.

For now, Alipay is best known in China — where it claims over 500 million users — but Ant Financial is aggressively building out its presence across Southeast Asia, Korea and other markets. It seems likely it’ll be keen to link those systems with this Hong Kong program.

There’s also likely to be a lot more beyond subway rides.

Ant Financial operates a joint venture — APSHK — in Hong Kong with telecom giant Hutchison which is aimed at bringing its tech and services to the city. It already covers offline payments and has support for taxis, but you can bet that, like Octopus, this MTR rollout will be a base to expand its services in Hong Kong to much broader areas, perhaps mirroring China where Alipay is a ‘swiss army knife’ app that goes well beyond payments.

“Not only is this a recognition in AlipayHK’s technological stability, we feel confident QR Code transit technology will be successfully expanded into more aspects. Aside from gradually merging with Hong Kong’s public transports, we will also be exploring smart mobility in outbound travels by entering the most popular travel destinations of Hong Kong people, driving smart mobility across Hong Kong,” said Jennifer Tan, CEO of APSHK.

So while there are sophisticated solutions for cash-less transportation like Apple Pay, which works on Tokyo’s public transport system, don’t discount more basic-looking options like QR codes.

Sheryl Sandberg claims she didn’t know Facebook hired agency behind ‘abhorrent’ anti-Soros campaign

Sheryl Sandberg has denied that she obstructed early investigations into election meddling and claimed that she was unaware Facebook was involved with an agency that ran “abhorrent” anti-Semitic campaigns that targeted George Soros among others.

Facebook, the world’s largest social network with over 2.2 billion users, spent Thursday doing its best to fight a media relations forest fire that followed an explosive New York Times article revealing a campaign to smear George Soros and other revelations.

The company fired PR and research firm Definers, the center of some of the story, it disputed allegations that it tried to hide details around Russian hacking and it held an hour-long call with journalists and CEO Mark Zuckerberg.

Now Sandberg has joined Zuckerberg and Facebook itself in distancing herself from some of the core claims of the Times report, which paints her in a particularly poor light.

“On a number of issues – including spotting and understanding the Russian interference we saw in the 2016 election – Mark and I have said many times we were too slow,” she wrote in a rebuttal posted to Facebook. “But to suggest that we weren’t interested in knowing the truth, or we wanted to hide what we knew, or that we tried to prevent investigations, is simply untrue.”

Sandberg repeated a common refrain at Facebook: the company wasn’t aware of the scale of the attacks it received until it was too late and it is now committed to “investing heavily” to prevent recurrences.

“While we will always have more work to do, I believe we’ve started to see some of that work pay off, as we saw in the recent US midterms and elections around the world where we have found and taken down further attempts at interference,” she wrote.

But perhaps the most striking part of Sandberg’s is a brief passage in which she claims that she — Facebook’s chief operating officer — was unaware of the exact scope of Definers’ work for the company, which included disinformation campaigns against Apple, Google and the George Soros-backed Open Society Foundations.

From her post:

I also want to address the issue that has been raised about a PR firm, Definers. We’re no longer working with them but at the time, they were trying to show that some of the activity against us that appeared to be grassroots also had major organizations behind them. I did not know we hired them or about the work they were doing, but I should have. I have great respect for George Soros – and the anti-Semitic conspiracy theories against him are abhorrent.

Indeed, the claim that Sandberg didn’t even know the agency worked for Facebook flies in the face of the company’s original response, in which it wrote that its “relationship with Definers was well known by the media.”

According to those statements, the relationship was well known by the media but unknown to the company COO? Ok then.

The New York Times’ allegations are hugely serious, enough to get solicit fast and concerned responses from a multitude of politicians and prompt Facebook’s campaign PR machine to spluttered into frenzied activity – don’t expect this issue to disappear soon.

Here’s a quick recap of what you need to know so far.

If you didn’t yet do so, go read the New York Times report.

And here’s the response from Sandberg in full:

I want to address some of the claims that have been made in the last 24 hours.

On a number of issues – including spotting and understanding the Russian interference we saw in the 2016 election – Mark and I have said many times we were too slow. But to suggest that we weren’t interested in knowing the truth, or we wanted to hide what we knew, or that we tried to prevent investigations, is simply untrue. The allegations saying I personally stood in the way are also just plain wrong. This was an investigation of a foreign actor trying to interfere in our election. Nothing could be more important to me or to Facebook.

As Mark and I both told Congress, leading up to Election Day in November 2016, we detected and dealt with several threats with ties to Russia and reported what we found to law enforcement. These were known traditional cyberattacks like hacking and malware. It was not until after the election that we became aware of the widespread misinformation campaigns run by the IRA. Once we were, we began investing heavily in more people and better technology to protect our platform. While we will always have more work to do, I believe we’ve started to see some of that work pay off, as we saw in the recent US midterms and elections around the world where we have found and taken down further attempts at interference.

I also want to address the issue that has been raised about a PR firm, Definers. We’re no longer working with them but at the time, they were trying to show that some of the activity against us that appeared to be grassroots also had major organizations behind them. I did not know we hired them or about the work they were doing, but I should have. I have great respect for George Soros – and the anti-Semitic conspiracy theories against him are abhorrent.

At Facebook, we are making the investments that we need to stamp out abuse in our system and ensure the good things people love about Facebook can keep happening. It won’t be easy. It will take time and will never be complete. This mission is critical and I am committed to seeing it through.

Amazon launches ‘Alexa-hosted skills’ for voice app developers

Amazon on Thursday launched a new service aimed at Alexa developers that automatically provisions and helps them to manage a set of AWS cloud resources for their Alexa skill’s backend service. The service is intended to help developers speed the time it takes to launch their skills, by allowing them to focus on their skills’ design and unique features, and not the cloud services they need.

“Previously you had to provision and manage this back-end on your own with a cloud endpoint, resources for media storage, and a code repository,” explained Amazon on its company blog post, announcing the new service. “Alexa-hosted skills offer an easier option. It automatically provisions and hosts an AWS Lambda endpoint, Amazon S3 media storage, and a table for session persistence so that you can get started quickly with your latest project.”

Developers will also be able to use a new code editor in the ASK Developer Console to edit their code, while AWS Lamdba will handle routing the skill request, executing the skill’s code, and managing the skill’s compute resources.

Amazon S3, meanwhile, can be used for things the skill needs to store – like media files, such as the images being used for the skill’s Echo Show, Echo Spot and Fire TV versions.

The service comes at a time when Amazon Alexa and Google Home are in a race to grab market share – and mind share – in the smart speaker industry. A lot of this will come down to how useful these devices are for customers – and well-designed skills are a part of that.

Smart speaker adoption is growing fast in the U.S., having recently reaching 57.8 million adults, according to a report from Voicebot. But in terms of third-party development of voice apps, Amazon leads Google Home, having passed 40,000 U.S. skills in September.

Amazon says Alexa-hosted skills are available to developers in all Alexa locales. Developers can apply to join the preview here.

A leaky database of SMS text messages exposed password resets and two-factor codes

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif.-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages.

For Sébastien Kaul, a Berlin-based security researcher, it didn’t take long to find.

Although Kaul found the exposed server on Shodan, a search engine for publicly available devices and databases, it was also attached to to one of Voxox’s own subdomains. Worse, the database — running on Amazon’s Elasticsearch — was configured with a Kibana front-end, making the data within easily readable, browsable and searchable for names, cell numbers and the contents of the text messages themselves.

An example of one text message containing a user’s phone number and their Microsoft account reset code. (Image: TechCrunch)

Most don’t think about what happens behind the scenes when you get a text message from a company, whether it’s an Amazon shipping notification or a two-factor code for your login. Often, app developers — like HQ Trivia and Viber — will employ technologies provided by firms like Telesign and Nexmo, either to verify a user’s phone number or to send a two-factor authentication code, for example. But it’s firms like Voxox that act as a gateway and converting those codes into text messages, to be passed on to the cell networks for delivery to the user’s phone.

After an inquiry by TechCrunch, Voxox pulled the database offline. At the time of its closure, the database appeared to have a little over 26 million text messages year-to-date. But the sheer volume of messages processed through the platform per minute — as seen through the database’s visual front-end — suggests that this figure may be higher.

Each record was meticulously tagged and detailed, including the recipient’s cell phone number, the message, the Voxox customer who sent the message and the shortcode they used.

Among our findings from a cursory review of the data:

  • We found a password sent in plaintext to a Los Angeles phone number by dating app Badoo;
  • Several Booking.com partners were sent their six-digit two-factor codes to log in to the company’s extranet corporate network;
  • Fidelity Investments also sent six-digit security codes to one Chicago Loop area code;
  • Many messages included two-factor verification codes for Google accounts in Latin America;
  • A Mountain View, Calif.-based credit union, the First Tech Federal Credit Union, also sent a temporary banking password in plaintext to a Nebraska number;
  • We found a shipping notification text sent by Amazon with a link, which opened up Amazon’s delivery tracking page, including the UPS tracking number, en route to its destination in Florida;
  • Messenger apps KakaoTalk and Viber, and quiz app HQ Trivia use the service to verify user phone numbers;
  • We also found messages that contained Microsoft’s account password reset codes and Huawei ID verification codes;
  • Yahoo also used the service to send some account keys by text message;
  • And, several small to mid-size hospitals and medical facilities sent reminders to patients about their upcoming appointments, and in some cases, billing inquiries.

“Yeah, this is very bad,” said Dylan Katz, a security researcher, who reviewed some of the findings.

The exposure to personal information and phone numbers notwithstanding, the ability to access two-factor codes in near-real-time could have put countless number of accounts at risk of hijack. In some cases, websites will only require a phone number to reset an account. With access to the text message through the exposed database, hijacking an account could take seconds.

“My real concern here is the potential that this has already been abused,” said Katz. “This is different from most breaches, due to the fact the data is temporary, so once it’s offline any data stolen isn’t very useful.”

Kevin Hertz, Voxox’s co-founder and chief technology officer, said in an email that the company is “looking into the issue and following standard data breach policy at the moment,” and that the company is “evaluating impact.”

Many companies, including Facebook, Twitter and Instagram, have rolled out app-based two-factor authentication to thwart SMS-based verification, which has long been seen as vulnerable to interception.

If ever there was an example, this latest exposure would serve well.

E3 slouches towards irrelevance again as Sony announces it’s skipping the show

I like E3 . I really do. But it’s also monumentally dumb: game companies spending millions to show off essentially faked content to an increasingly jaded audience. And it’s increasingly out of step with how the gaming industry works. So it should come as no surprise that Sony will be skipping the show more or less altogether this year, joining Nintendo in taking a step back from spectacle.

Sony has been a part of CES for 20 years and this will be the first one it’s ever missed. I’ve gone to their events every time I’ve attended; I was there for their historic putdown of Microsoft after the latter announced some hugely unpopular restrictions on used games. I think you can actually see me near the front in the broadcast of that one. (You can! I’m at 1:29.)

And E3 has been a part of Sony’s yearly cadence as well. Like other companies, for years Sony hoarded information to debut at E3, TGS and Gamescom, but E3 was generally where you saw new consoles and flagship titles debut. But as even E3’s organizers have admitted over and over again, that’s not necessarily a good thing.

Too often we have seen half-finished games onstage at E3 that end up cancelled before the year is out, or commitments made to dates the companies can’t possibly keep. Assigning a complex, creative industry to a yearly schedule of major announcements is a great way to burn them out, and that’s exactly what’s happening.

Variety first noticed Sony’s absence from ESA communications. In a statement issued to multiple outlets, Sony said:

As the industry evolves, Sony Interactive Entertainment continues to look for inventive opportunities to engage the community. PlayStation fans mean the world to us and we always want to innovate, think differently and experiment with new ways to delight gamers. As a result, we have decided not to participate in E3 in 2019. We are exploring new and familiar ways to engage our community in 2019 and can’t wait to share our plans with you.

They won’t be alone. Nintendo hasn’t had a real proper E3 press conference in years. Instead, they host a live stream around the event and have a big booth where people mainly just play games. Their Nintendo Direct videos come out throughout the year, when the titles and developers are good and ready.

Microsoft is still there, and still puts on quite a show. I remember the original announcement of the Kinect, probably one of the weirdest and dumbest things I’ve ever taken part in. It was memorable, at least.

But Microsoft is also doing its own thing, announcing throughout the year and on its own terms. The Xbox One X was only hinted at during E3, and announced in full much later. I wouldn’t be surprised if Microsoft also announced they were taking it easy this year at E3 — though this might also be a good opportunity for them to double down. With the schedules these huge shows go on, they might already be committed to one course or another.

Sony actually has its own PlayStation Experience event where it announces things and lets gamers and press play the latest, but even that was cancelled ahead of its expected December date. Is Sony just getting shy?

More likely they are leveraging their dominance in the console market to be a market leader and “decider,” as they say. They have no shortage of amazing games coming out, including lots of hot-looking exclusives. What have they got to prove? Although Sony itself is not participating in E3, the developers it backs will almost certainly be there. What better way to school the competition than to not show up and still have everyone talking about you?

With the PS4 Pro out there and a solid line-up already confirmed, Sony is sitting pretty for 2019, and the company probably feels this is a safe time to experiment with “inventive opportunities to engage the community,” as the statement put it. E3 will still be big, and it will still be fun. But the trend is clear: it just won’t be necessary.