Posted on

Bridgefy launches end-to-end encrypted messaging for the app used during protests and disasters

Offline-messaging app Bridgefy — which innovatively uses Bluetooth and Wi-fi — became known as the go-to app by thousands of protesters around the world to keep communications going even when oppressive regimes blocked or shut down the Internet. Recently, activists in Nigeria and Thailand have urged supporters to download the app, as last year, when protesters in Hong Kong downloaded Bridgefy to face the government’s censorship of phone services or data connections. In the last 12 months, the startup says it’s reached 2 million downloads. And since the events of the weekend, when Turkey and Greece were hit by an earthquake, the app is now trending on app stores for those regions.

Bridgefy is now publishing a major new update, with a new, crucial feature for activists: end-to-end encrypted messages. This will allow people to securely send and receive messages when they don’t have access to data and will use the same encryption protocol used by Signal, Whatsapp and Facebook Messenger .

Bridgefy launched in 2014 (and appeared on the TechCrunch Disrupt stage in 2017) when the founders identified the problem of not being able to communicate during the earthquakes in Mexico City. It started as a mobile app, and an SDK was added a few years later so other apps could also work without the Internet. The Bridgefy SDK is now licensed to companies on an annual subscription model, based on user volume and is integrated by more than 40 companies across payments, messaging, gaming, social media, dating, and natural disaster apps. Technically-speaking, its competitors include GoTenna and the moth-ball gathering Firechat, although Bridgefy has become better known in the activist space.

The startup is now raising a Seed round and has already raised $800,000 USD, with investors including Twitter cofounder Biz Stone, Alchemist Accelerator and GAN Ventures.

Read More

Posted on

WeWork employees used an alarmingly insecure printer password

A shared user account used by WeWork employees to access printer settings and print jobs had an incredibly simple password — so simple that a customer guessed it.

Jake Elsley, who works at a WeWork in London, said he found the user account after a WeWork employee at his location mistakenly left the account logged in.

WeWork customers like Elsley normally have an assigned seven-digit username and a four-digit passcode used for printing documents at WeWork locations. But the username for the account used by WeWork employees was just four-digits: “9999”. Elsley told TechCrunch that he guessed the password because it was the same as the username. (“9999” is ranked as one of the most common passwords in use today, making it highly insecure.)

Read more on Extra Crunch

The “9999” account is used by and shared among WeWork community managers, who oversee day-to-day operations at each location, to print documents for visitors who don’t have accounts to print on their own. The account cannot be used to access print jobs sent to other customer accounts.

Elsley said that the “9999” account could not see the contents of documents beyond file names, but that logging in to the WeWork printing web portal could allow him to release other people’s pending print jobs sent to the “9999” account to any other WeWork printer on the network.

The printing web portal can only be accessed on WeWork’s Wi-Fi networks, said Elsley, but that includes the free guest Wi-Fi network which doesn’t have a password, and WeWork’s main Wi-Fi network, which still uses a password that has been widely circulated on the internet.

Elsley reached out to TechCrunch to ask us to alert the company to the insecure password.

“WeWork is committed to protecting the privacy and security of our members and employees,” said WeWork spokesperson Colin Hart. “We immediately initiated an investigation into this potential issue and took steps to address any concerns. We are also nearing the end of a multi-month process of upgrading all of our printing capabilities to a best in class security and experience solution. We expect this process to be completed in the coming weeks.”

WeWork confirmed that it had since changed the password on the “9999” user account.

Read More

Posted on

New Project Brings Industry Leaders Together to Simplify Smart Home

A lot of news hit the industry last month at CES 2020. Amid new product and service announcements were some partnership announcements too. One that’s worth picking back up and discussing is the new working group formed by Amazon, Apple, Google, and the Zigbee Alliance called Project Connected Home over IP, which aims to develop a new, open standard for smart-home device connectivity.

According to MarketsandMarkets, the smart-home sector will be worth 151.4 billion by 2024. Growth will be driven in part by factors like increased awareness and adoption of smart devices, a growing desire for saving energy and reducing carbon footprints, the ubiquitous adoption of smartphones, and increasingly accessible solutions in terms of pricepoint and ease of use. Research from McKinsey delves into exactly which devices have penetrated the market farthest. For instance, in security and safety, the top smart home device is a connected smoke or CO detector. Connected thermostats top the utilities management category, and a connected washer, dryer, or dishwasher tops the smart appliance list. Multi-room music solutions, like smart speakers, are the most common types of devices in the smart entertainment category.

However, the smart home market still faces hurdles such as interoperability, and it must also continually work to overcome consumers’ concerns about privacy and security. Regarding interoperability, consumers just want their devices to work. They want to be able to buy a smart device off the shelf and have it work with the existing devices in their homes. Regarding privacy and security, consumers want to know that the devices they’re bringing into their homes are safe and secure.

Members of the new working group say the goal of Project Connected Home over IP is to “simplify development for manufacturers and increase compatibility for consumers.” In fact, the Zigbee Alliance says at the core of the project is the members’ shared belief that smart home devices should be secure, reliable, and seamless to use. By developing a royalty-free connectivity standard, the project could address both of the top smart-home market hurdles in one broad sweep—increasing compatibility among smart home products and focusing on security in the design stages.

The project will define a specific set of IP-based networking technologies for device certification. The first specification release, according to Connected Home over IP, will be Wi-Fi, up to and including Wi-Fi 6; Thread over 802.15.4-2006 at 2.4 GHz; and IP implementations for Bluetooth Low Energy, versions 4.1, 4.2, and 5.0 for the network and physical wireless protocols. More information is available at www.connectedhomeip.com.

For manufacturers, the contributions made by the new working group could help direct them in ways that will promote adoption of their products—e.g., by making it simpler to create devices that work well with popular voice assistants like Amazon Alexa, Apple Siri, and Google’s Assistant. For consumers, the fruits of the project will likely be an improved user experience while using smart home products, which can encourage additional device purchases in the future.

Source: Connected World