Every angle of Volvo’s first electric vehicle, the XC40 Recharge

Volvo Cars introduced Wednesday the XC40 Recharge, an all-electric vehicle that CTO Henrik Green described as “a car of firsts and a car of the future.”

The XC40 Recharge is hardly the first electric vehicle on the market. But for Volvo the XC40 is a “car of firsts.” This is the company’s first all-electric vehicle. It’s also the first Volvo to have an infotainment system powered by Google’s Android operating system as well as have the ability to make over-the-air software updates.

Before we move on to the photos, here are some of the specs.

The XC40 Recharge is equipped with an all-wheel drive powertrain and a 78 kilowatt-hour battery that can travel more than 400 kilometers (248 miles) on a single charge, in accordance with WLTP. The WLTP, or Worldwide Harmonised Light Vehicle Test Procedure, is the European standard to measure energy consumption and emissions, and tends to be more generous than the U.S. EPA estimates. The EPA estimates are not yet available, but it’s likely the XC40 Recharge will hit around the 200-mile range.

That would put the range of the Volvo XC40 Recharge below the Tesla Model 3, Chevy Bolt EV, Kia Niro and Hyundai Kona.

The vehicle’s electric motor produces the equivalent of 408 horsepower and 442 pound-feet of torque that allows the vehicle to go from zero to 60 mph in 4.8 seconds. The battery charges to 80% of its capacity in 40 minutes on a fast-charger system.

The XC40 Recharge is expected to go on sale in the U.S. late 2020.

Here’s what this car of “many firsts” looks like.

[gallery ids="1898424,1898427,1898434,1898428,1898429,1898431,1898432,1898435,1898436,1898426,1898437"]

Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password.

The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by sending malicious commands across the internet. The attack takes advantage of the web-based operating system that sits on top of the Cyberoam firewall.

Once a vulnerable device is accessed, an attacker can jump onto a company’s network, according to the researcher who shared their findings exclusively with TechCrunch.

Cyberoam devices are typically used in large enterprises, sitting on the edge of a network and acting as a gateway to allow employees in while keeping hackers out. These devices filter out bad traffic, and prevent denial-of-service attacks and other network-based attacks. They also include virtual private networking (VPN), allowing remote employees to log on to their company’s network when they are not in the office.

It’s a similar vulnerability to recently disclosed flaws in corporate VPN providers, notably Palo Alto Networks, Pulse Secure and Fortinet, which allowed attackers to gain access to a corporate network without needing a user’s password. Many large tech companies, including Twitter and Uber, were affected by the vulnerable technology, prompting Homeland Security to issue an advisory to warn of the risks.

Sophos, which bought Cyberoam in 2014, issued a short advisory this week, noting that the company rolled out fixes on September 30.

The researcher, who asked to remain anonymous, said an attacker would only need an IP address of a vulnerable device. Getting vulnerable devices was easy, they said, by using search engines like Shodan, which lists around 96,000 devices accessible to the internet. Other search engines put the figure far higher.

A Sophos spokesperson disputed the number of devices affected, but would not provide a clearer figure.

“Sophos issued an automatic hotfix to all supported versions in September, and we know that 99% of devices have already been automatically patched,” said the spokesperson. “There are a small amount of devices that have not as of yet been patched because the customer has turned off auto-update and/or are not internet-facing devices.”

Customers still affected can update their devices manually, the spokesperson said. Sophos said the fix will be included in the next update of its CyberoamOS operating system, but the spokesperson did not say when that software would be released.

The researcher said they expect to release the proof-of-concept code in the coming months.

Windows 10 now runs on over 900M devices

So you thought there were 800 million Windows 10 Devices that will get Microsoft’s most recent out-of-band emergency patch? Think again. As the company announced on Twitter today, Windows 10 now runs on over 900M devices.

That’s a bit of bad timing, but current security issues aside, the momentum for Windows 10 clearly remains steady. Last September, Microsoft said Windows 10 was running on 700 million devices and by March of this year, that number had gone up to 800 million. That number includes standard Windows 10 desktops and laptops, as well as the Xbox and niche devices like the Surface Hub and Microsoft’s HoloLens.

As Yusuf Mehdi, Microsoft’s Corporate Vice President of its ‘Modern Life, Search and Devices’ group, also noted, the company added more Windows 10 devices in the last twelve months than ever before.

Come January 2020, Windows 7 is hitting the end of its (supported) life, which is likely pushing at least some users to move over to a more modern (and supported) operating system.

While those numbers for Windows 10 are clearly ticking up, Microsoft itself famously thought that Windows 10 would get to 1 billion devices by the middle of 2018. At this rate, Windows 10 will likely hit 1 billion sometime in 2020.

Google releases Android 10

Android 10 is now available, assuming you have a phone that already supports Google’s latest version of its mobile operating system. For now, that’s mostly Google’s own Pixel phones, though chances are that most of the phones that were supported during the beta phase will get updated to the release version pretty soon, too.

Since the development of Android pretty much happens in the open these days, the release itself doesn’t feature any surprises. Just like with the last few releases, chances are you’ll have to look twice after the update to see whether your phone actually runs the latest version. There are plenty of tweaks in Android 10, but some of the most interesting new features are a bit hidden and (at least in the betas) off by default.

The one feature everybody has been waiting for is a dark mode and here, Android 10 doesn’t disappoint. The new dark theme is now ready for your night-time viewing, with the promise of improved battery life for your OLED phone and support from a number of apps like Photos and Calendar. Over time, more apps will automatically switch to a dark theme as well, but right now, the number seems rather limited and a bit random, with Fit offering a dark mode while Gmail doesn’t.

The other major tweak is the updated gesture navigation. This remains optional — you can still use the same old three-button navigation Android has long offered. It’s essentially a tweak of the navigation system that launched with Android Pie. For the most part, the new navigation gestures work just fine and feel more efficient than those in Pie, especially when you try to switch between apps. Swiping left and right from the screen replaces the back button, which isn’t immediately obvious, and a slightly longer press on the side of the screen occasionally opens a navigation drawer. I say “occasionally,” because I think this is the most frustrating part of the experience. Sometimes it works, sometimes it doesn’t. The trick to opening the drawer, it seems, is to swipe at an angle that’s well above 45 degrees.

Also new is an updated Smart Reply feature that now suggests actions from your notifications. If a notification includes a link, for example, Smart Reply will suggest opening it in Chrome. Same for addresses, where the notification can take you right to Google Maps, or YouTube videos that you can play in — you guessed it — YouTube. This should work across all popular messaging apps.

There are also a couple of privacy and security features here, including the ability to only share location data with apps while you use them and a new Privacy section in Settings that gives you access to controls for managing your web and app history, as well as your ad settings in a slightly more prominent place.

With the new Google Play system updates, the company can now also push important security and privacy fixes right to the phone from the Google Play store, which allows it to patch issues without having to go through the system update process. Given the slow Android OS upgrade cycles, that’s an important new feature, though it, too, is an evolution of Google’s overall strategy to decouple these updates and core features from the OS updates.

Two other interesting new features are still in beta or won’t be available until later this year, but Google prominently highlights Focus Mode, which allows you to silence specific apps for a while and which is now in beta, and Live Caption, which will launch in the fall on Pixel phones and which can automatically caption videos and audio across all apps. I’ve been beta testing Focus Mode for a bit and I’m not sure it has really made a difference in my digital well-being, but the ability to mute notifications from YouTube during the workday, for example, has probably made me a tiny bit more productive.

Oh, and there’s also native support for foldable phones, but for the time being, there are no foldable phones on the market.

Like with most recent releases, those are just some of the highlights. There are plenty of small tweaks, too, and chances are you’ll notice a few new fonts and visual tweaks here and there. For the most part, though, you can continue to use Android like you always have. Even major changes like the updated gesture controls are optional. It’s very much an evolutionary update, but that’s pretty much the case for any mobile OS these days.

Y Combinator graduate PredictLeads helps VCs hunt for unicorns

The Slovenian founders behind PredictLeads, another recent Y Combinator graduate, applied to the prestigious accelerator five times before they were admitted.

Their business, which helps venture capital firms and sales teams identify high growth companies, i.e. potential investments and potential customers, had come a long way since it was founded in 2016. And earlier this year — finally — YC gave them the green light to complete its three-month accelerator program.

“We almost ran out of money in 2017 and then I took a loan from my mother because that bank wouldn’t give me the loan at that point,” PredictLeads chief executive officer Roq Xever tells TechCrunch. “But by then, the data was getting much better and we were able to make higher-value sells and that got us to profitability.”

You read that right. Unlike most of today’s tech startups, PredictLeads is profitable, though, only out of pure necessity: “We didn’t know we would ever get into YC to raise the money we needed, so we structured the company to make more money than we spent.”

Xever leads the small PredictLeads team alongside marketing chief Miha Stanovnik and chief technology officer Matic Perovsek. Xever tells TechCrunch it wasn’t until they realized the opportunity to sell their product to VCs that YC became interested. Today, PredictLeads has eight venture firms as customers, the names of which they were not able to disclose.

The tool helps investors track companies they’ve considered in the past. PredictLeads notifies users if certain companies start getting traction so they can reevaluate the deal and helps investors become aware of startups they may not have otherwise heard of.

More and more venture capital firms are turning to third-party tools to help them make sense of and leverage data in the investment and company-tracking process, leading to the birth of new data-focused companies. Social Capital co-founder Chamath Palihapitiya is spinning out a company from his venture capital fund-turned-family-office, TechCrunch learned earlier this year. The new entity, temporarily dubbed CaaS (short for capital-as-a-service) Technologies, will focus on providing data-driven insights to VC firms, for example.

Startups have also realized the importance of data. Narrator, another recent YC graduate, is betting big on this trend. The startup wants to become the operating system for data science by providing companies software that claims to fulfill the same service as a data team for the price of an analyst.

PredictLeads, for its part, collects data from websites, press releases, news articles, blogs and career sites, then uses supervised machine learning to extract and structure the data. The startup tracks 20 million public and private companies.

Now that it’s a graduate of YC, the team is in the process of moving its headquarters to the U.S. Either New York or San Francisco, says Xever, who’s currently navigating the difficult visa application process.

The startup is today raising a $1.5 million seed financing at a $10 million valuation. They plan to use the capital to expand their service to cater to quant funds, build a Salesforce app to better support sales teams, and, of course, expand their small team.

Week in Review: Google rips out its sweet tooth

Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on TechCrunch this week to surface my favorites for your reading pleasure.

Last week, I talked about Snap’s bizarre decision to keep pursuing hardware without really changing their overarching strategy.


The big story

Google isn’t so sweet these days.

The company’s beloved naming scheme of alphabetizing sugary things dies with Android Pie. The company announced this week that they’re dumping the dessert scheme for a much more boring option. The new Android will be Android 10.

Google has been one of those companies that has always liked to keep its quirkiness at the forefront of its brand. Multi-colored logos and bikes and hats with spinners and Nooglers and nap pods might have been the fringe elements of a Google employee’s first week on the job, but that’s what the company’s branding still evoked for a lot of people. The company’s more whimsical elements have realistically always been removed from the real world of its business interests, but at this point, the company may only be able to take away from the quirkiness of its brand, Google is just something different now.

Rebrands always grab attention, and the companies always make broad, sweeping statements about the deep meaning about what the new logo or font or name mean to the mission of the product at hand. With Android 10, Google says that their chief concern was promoting the universality of the operating system’s branding.

[W]e’ve heard feedback over the years that the names weren’t always understood by everyone in the global community. For example, L and R are not distinguishable when spoken in some languages.

So when some people heard us say Android Lollipop out loud, it wasn’t intuitively clear that it referred to the version after KitKat. It’s even harder for new Android users, who are unfamiliar with the naming convention, to understand if their phone is running the latest version. We also know that pies are not a dessert in some places, and that marshmallows, while delicious, are not a popular treat in many parts of the world.

There’s certainly room to question whether this decision has more to do with the fact that there aren’t too many desserts starting with the letter Q that immediately come to mind, or that Google marketing has decided to sanitize the Android brand with a corporate wash.

Send me feedback
on Twitter @lucasmtny or email
[email protected]

On to the rest of the week’s news.

Apple Card available today card on iPhoneXs screen 082019

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple’s credit card goes wide
    The Apple Card might be the prettiest credit card in the wild, but as the iPhone-aligned credit card starts shipping to customers, we’ll find out soon whether its extra features are enough to take down more popular millennial cards. Read more about it here.
  • Overstock’s CEO resigns amid bizarre “deep state” revelations 
    Libertarian tech CEOs are often a special kind of eccentric, but Overstock’s Patrick Byrne set a new bar for strange with his revelation that he had gotten sucked into a Trump-Russia scandal under the guise of helping unearth Hillary Clinton’s secrets. I don’t really understand it, and it seems he understood even less, but it cost him his job. Read more here.
  • Now, even the scooters are autonomous
    Segway seems to believe that it’s revolutionized the world of transportation a few times now, but its latest product is just a bit over-teched. The Segway Kickscooter T60 adds autonomous driving capabilities to the city electric scooter, but it doesn’t use them quite the way you might think. Read more here.

Facebook Currency Hearing

Photo By Bill Clark/CQ Roll Call

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. States looking to take on tech giants themselves:
    [States to launch antitrust investigation into big tech companies, reports say]
  2. Facebook keeps learning more about how much it knew about CA:
    [Facebook really doesn’t want you to read these emails]
  3. Not really a gaffe, but just embarrassing for Apple Card:
    [Apple warns against storing Apple Card near leather or denim]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleagues and I made our way to Y Combinator Demo Days this week where we screened the 160+ startups pitching and picked some favorites from both days..

The best 11 startups from YC Demo Days (Day 1)

“Eighty-four startups presented (read the full run-through of every company plus some early analysis here) and after chatting with investors, batch founders and of course, debating amongst ourselves, we’ve nailed down the 11 most promising startups to present during Day 1…”

The top 12 startups from YC Demo Days (Day 2)

“After two days of founders tirelessly pitching, we’ve reached the end of YC’s Summer 2019 Demo Days. TechCrunch witnessed more than 160 on-the-record startup pitches coming out of Y Combinator, spanning healthcare, B2B services, augmented reality and life-extending. Here are our favorites from Day 2…”

Here are some of our other top reads this week for premium subscribers. This week, we published a some analysis on the latest YC class and also dug deep into the perks new employees get at some top companies.

Sign up for more newsletters in your inbox (including this one) here.

Disney+ comes to Canada and the Netherlands on Nov. 12, will support nearly all major platforms at launch

Disney+ will have an international launch that begins at the same time as its rollout in the U.S., Disney revealed. The company will be launching its digital streaming service on November 12 in Canada and The Netherlands on November 12, and will be coming to Australia and New Zealand the following week. The streaming service will also support virtually every device and operating system from day one.

Disney+ will be available on iOS, Apple TV, Google Chromecast, Android, Android TV, PlayStation 4, Roku, and Xbox One at launch, which is pretty much an exhaustive list of everywhere someone might want to watch it, leaving aside some smaller proprietary smart TV systems. That, combined with the day-and-date global markets, should be a clear indicator that Disney wants its service to be available to as many customers as possible, as quickly as possible.

Through Apple’s iPhone, iPad and Apple TV devices, customers will be able to subscribe via in-app purchase. Disney+ will also be fully integrated with Apple’s TV app, which is getting an update in iOS 13 in hopes of becoming even more useful as a central hub for all a user’s video content. The one notable exception on the list of supported devices and platforms is Amazon’s Fire TV, which could change closer to launch depending on negotiations.

In terms of pricing, the service will run $8.99 per month or $89.99 per year in Canada, and €6.99 per month (or €69.99 per year) in the Netherlands. In Australia, it’ll be $8.99 per month or $89.99 per year, and in New Zealand, it’ll be $9.99 and $99.99 per year. All prices are in local currency.

That compares pretty well with the $6.99 per month (or $69.99 yearly) asking price in the U.S., and undercuts the Netflix pricing in those markets, too. This is just the Disney+ service on its own, however, not the combined bundle that includes ESPN Plus and Hulu for $12.99 per month, which is probably more comparable to Netflix in terms of breadth of content offering.

 

Huawei’s new OS isn’t an Android replacement… yet

If making an Android alternative was easy, we’d have a lot more of them. Huawei’s HarmonyOS won’t be replacing the mobile operating system for the company any time soon, and Huawei has made it pretty clear that it would much rather go back to working with Google than go at it alone.

Of course, that might not be an option.

The truth is that Huawei and Google were actually getting pretty chummy. They’d worked together plenty, and according to recent rumors, were getting ready to release a smart speaker in a partnership akin to what Google’s been doing with Lenovo in recent years. That was, of course, before Huawei was added to a U.S. “entity list” that ground those plans to a halt.

Apple expands its bug bounty, increases maximum payout to $1M

Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.

The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.

The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout. These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.

But Apple had dragged its feet on rolling out a bug bounty to its range of computers. Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.

At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.

Patrick Wardle, a security expert and principle security researcher at Jamf, said the move was a “no brainer.”

Wardle has found several major security vulnerabilities and dropped zero-days — details of flaws published without allowing the companies a chance to fix — citing the lack of a macOS bug bounty. He has long criticized Apple for not having a bug bounty, accusing the company of leaving a void open for security researchers to sell their flaws to exploit brokers who often use the vulnerabilities for nefarious reasons.

“Granted, they hired many incredible talented researchers and security professionals — but still never really had a transparent mutually beneficial relationship with external independent researchers,” said Wardle.

“Sure this is a win for Apple, but ultimately this a huge win for Apple’s end users,” he added.

Apple said it will open its bug bounty program to all researchers and increase the size of the bounty from the current maximum of $200,000 per exploit to $1 million for a zero-click, full chain kernel code execution attack with persistence — in other words, if an attacker can gain complete control of a phone without any user interaction and simply by knowing a target’s phone number.

Apple also said that any researcher who finds a vulnerability in pre-release builds that’s reported before general release will qualify for up to 50% bonus on top of the category of vulnerability they discover.

The bug bounty programs will be available to all security researchers beginning later this year.

The company also confirmed a Forbes report, published earlier this week, saying it will give a number of “dev” iPhones to vetted and trusted security researchers and hackers under the new iOS Security Research Device Program. These devices are special devices that give the hackers greater access to the underlying software and operating system to help them find vulnerabilities typically locked away from other security researchers — such as secure shell.

Apple said that it hopes expanding its bug bounty program will encourage more researchers to privately disclose security flaws, which will help to increase the protection of its customers.

Read more:
Apple restricts ads and third-party trackers in iPhone apps for kids
New book looks inside Apple’s legal fight with the FBI
Apple has pushed a silent Mac update to remove hidden Zoom web server
Many popular iPhone apps secretly record your screen without asking
Apple rebukes Australia’s ‘dangerously ambiguous’ anti-encryption bill
Apple Card will make credit card fraud a lot more difficult

Google’s new version of Android Auto focuses on Assistant

Google is starting to roll out an updated version of its in-car platform Android Auto that aims to make it easier and safer for drivers to use.

The version, which was first revealed during Google I/O 2019, has a dark theme, new fonts and color accents, more opportunities to communicate with Google’s virtual assistant and the ability to fit wider display screens that are becoming more common in vehicles.

Android Auto, which launched in 2015, is not an operating system. It’s a secondary interface — or HMI layer — that sits on top of an operating system and brings the look and feel of a smartphone to the vehicle’s central screen. Rival Apple introduced its own in-car platform, Apple CarPlay, that same year.

Automakers, once hesitant to integrate Android Auto or Apple CarPlay into vehicles have come around. Today, Android Auto is available in more than 500 car models from 50 different brands, according to Android Auto product manager Rod Lopez.

Car owners with Android Auto support will start to see the new design over the next few weeks. However, updates will not be made to the standalone version of Android Auto, a smartphone app that gave users access to the platform even if their car wasn’t compatible to Android Auto. Google says it plans to “evolve” the standalone phone app from Android Auto to the Assistant’s new driving mode in the future.

Meanwhile, the in-car version features some important changes, notably more opportunities for drivers to use their voice — and not their hands — to interact with Android Auto. Users will notice the Google Assistant badge on Android Auto, that when tapped will provide information about their calendar, read the weather report or news.

3Android Auto Google Assistant Badge

Other new features include a new app launcher designed to let users access their favorite apps with fewer taps. A button on the bottom left of the screen launches this feature. Once deployed, users will see app icons with the most commonly used ones featured in the top row.

Android Auto has also improved its navigation, which is perhaps the most commonly used feature within the platform. Now, the navigation bar sits at the bottom of the display and allows users to manage multiple apps. This improvement means users won’t miss an exit or street while they’re listening to Spotify .

4Android Auto Media

The navigation feature also pops up as soon as the driver connects with Android Auto. If a route is already queued up on a phone, Android Auto will automatically populate the directions.

This latest version also has a new notification button — located on the bottom right corner — houses recent calls, messages and alerts. Drivers can tap the mic button or say ” “Hey Google” to have the Google Assistant help make calls, send messages and read notifications.

Google has also developed an operating system called Android Automotive OS that’s modeled after its open-source mobile operating system that runs on Linux. Instead of running smartphones and tablets, Google modified it so it could be used in cars. Polestar, Volvo’s standalone performance electric car brand, is going to produce a new vehicle, the Polestar  2, that has an infotainment system powered by Android Automotive OS.