Connect with us

Biz & IT

Fleksy’s keyboard grabs $800k+ via equity crowdfunding

Published

on

The dev team that’s now engineering the Fleksy keyboard app has raised more than $800,000 via an equity crowdfunding route.

As we reported a year ago, the development of Fleksy’s keyboard has been taken over by the Barcelona-based startup behind an earlier keyboard app called ThingThing.

The team says their new funding raise — described as a pre-Series A round — will be put towards continued product development of the Fleksy keyboard, including the core AI engine used for next word and content prediction, plus additional features being requested by users — such as swipe to type. 

Support for more languages is also planned. (Fleksy’s Android and iOS apps are currently available in 45+ languages.)

Their other big push will be for growth: Scaling the user-base via a licensing route to market in which the team pitches Android OEMs on the benefits of baking Fleksy in as the default keyboard — offering a high degree of customization, alongside a feature-set that boasts not just speedy typing but apps within apps and extensions. 

The Fleksy keyboard can offer direct access to web search within the keyboard, for example, as well as access to third party apps (in an apps within apps play) — to reduce the need for full app switching.

This was the original concept behind ThingThing’s eponymous keyboard app, though the team has refocused efforts on Fleksy. And bagged their first OEMs as licensing partners.

They’ve just revealed Palm as an early partner. The veteran brand unveiled a dinky palm-sized ‘ultra-mobile’ last week. The tiny extra detail is that the device runs a custom version of the Fleksy keyboard out of the box.

With just 3.3 inches of screen to play with, the keyboard on the Palm risks being a source of stressful friction. Ergo enter Fleksy, with gesture based tricks to speed up cramped typing, plus tried and tested next-word prediction.

ThingThing CEO Olivier Plante says Palm was looking for an “out of the box optimized input method” — and more than that “high customization”.

“We’re excited to team up with ThingThing to design a custom keyboard that delivers a full keyboard typing experience for Palm’s ultra mobile form factor,” adds Dennis Miloseski, co-founder of Palm, in a statement. “Fleksy enables gestures and voice-to-text which makes typing simple and convenient for our users on the go.”

Plante says Fleksy has more OEM partnerships up its sleeve too. “We’re pending to announce new partnerships very soon and grow our user base to more than 25 million users while bringing more revenue to the medium and small OEMs desperately looking to increase their profit margins — software is the cure,” he tells TechCrunch.

ThingThing is pitching itself as a neutral player in the keyboard space, offering OEMs a highly tweakable layer where the Qwerty sits as its strategy to compete with Android’s keyboard giants: Google’s Gboard and Microsoft-owned SwiftKey. 

“We changed a lot of things in Fleksy so it feels native,” says Plante, discussing the Palm integration. “We love when the keyboard feels like the brand and with Palm it’s completely a Palm keyboard to the end-user — and with stellar performance on a small screen.”

“We’ve beaten our competitor to the punch,” he adds. 

That said, the tiny Palm (pictured in the feature image at the top of this post) is unlikely to pack much of a punch in marketshare terms. While Palm is a veteran — and, to nerds, almost cult — brand it’s not even a mobile tiddler in smartphone marketshare terms.

Palm’s cute micro phone is also an experimental attempt to create a new mobile device category — a sort of netbook-esque concept of an extra mobile that’s extra portable — which looks unlikely to be anything other than extremely niche. (Added to its petite size, the Palm is a Verizon exclusive.)

Even so ThingThing is talking bullishly of targeting 550M devices using its keyboard by 2020.

At this stage its user-base from pure downloads is also niche: Just over 1M active users. But Plante says it has already closed “several phone brands partnerships” — saying three are signed, with three more in the works — claiming this will make Fleksy the default input method in more than 20-30 million active users in the coming months. 

He doesn’t name any names but describes these other partners as “other major phone brands”.

The plan to grow Fleksy’s user-base via licensing has attracted wider investor backing now, via the equity crowdfunding route. The team had initially been targeting ($300k). In all they’ve secured $815,119 from 446 investors.

Plante says they went down the equity crowdfunding route to spread their pitch more widely, and get more ambassadors on board — as well as to demonstrate “that we’re a user-centric/people/independent company aiming big”.

“We are keen to work and fully customize the keyboard to the OEM tastes. We know this is key for them so they can better compete against the others on more than simply the hardware,” he says, making the ‘Fleksy for OEMs’ pitch. “Today, the market is saturated with yet another box, better camera and better screen…. the missing piece in Android ecosystem is software differences.”

Given how tight margins remain for Android makers it remains to be seen how many will bite. Though there’s a revenue share arrangement that sweetens the deal.

It is also certainly true that differentiation in the Android space is a big problem. That’s why Palm is trying its hand at a smaller form factor — in a leftfield attempt to stand out by going small.

The European Union’s recent antitrust ruling against Google’s Android OS has also opened up an opportunity for additional software customization, via unbundled Google apps. So there’s at least a chance for some new thinking and ideas to emerge in the regional Android smartphone space. And that could be good for Spain-based ThingThing.

Aside from the licensing fee, the team’s business model relies on generating revenue via affiliate links and its fleksyapps platform. ThingThing then shares revenue with OEM partners, so that’s another carrot for them — offering a services topper on their hardware margin.

Though that piece will need scale to really spin up. Hence ThingThing’s user target for Fleksy being so big and bold.

“We’re working with brands in order to bring them into any apps where you type, which unlocks brand new use cases and enables the user to share conveniently and the brand to drive mobile traffic to their service,” says Plante. “On this note, we monetize via affiliate/deep linking and operating a fleksyapps Store.”

ThingThing has also made privacy by design a major focus — which is a key way it’s hoping to make the keyboard app stand out against data-mining big tech rivals.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Biz & IT

New Bluetooth hack can unlock your Tesla—and all kinds of other devices

Published

on

Getty Images

When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other. Move close to the car with the phone in hand, and the door automatically unlocks. Move away, and it locks. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range.

Now, a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away. The hack, which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers, can be used to unlock doors, open and operate vehicles, and gain unauthorized access to a host of laptops and other security-sensitive devices.

When convenience comes back to bite us

“Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country—and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars. “This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”

This class of hack is known as a relay attack, a close cousin of the person-in-the-middle attack. In its simplest form, a relay attack requires two attackers. In the case of the locked Tesla, the first attacker, which we’ll call Attacker 1, is in close proximity to the car while it’s out of range of the authenticating phone. Attacker 2, meanwhile, is in close proximity to the legitimate phone used to unlock the vehicle. Attacker 1 and Attacker 2 have an open Internet connection that allows them to exchange data.

Attacker 1 uses her own Bluetooth-enabled device to impersonate the authenticating phone and sends the Tesla a signal, prompting the Tesla to reply with an authentication request. Attacker 1 captures the request and sends it to Attacker 2, who in turn forwards the request to the authenticating phone. The phone responds with a credential, which Attacker 2 promptly captures and relays back to Attacker 1. Attacker 1 then sends the credential to the car.

With that, Attacker 1 has now unlocked the vehicle. Here’s a simplified attack diagram, taken from the above-linked Wikipedia article, followed by a video demonstration of Khan unlocking a Tesla and driving away with it, even though the authorized phone isn’t anywhere nearby.

Wikipedia

NCC Group demo Bluetooth Low Energy link layer relay attack on Tesla Model Y.

Relay attacks in the real world need not have two actual attackers. The relaying device can be stashed in a garden, coat room, or other out-of-the-way place at a home, restaurant, or office. When the target arrives at the destination and moves into Bluetooth range of the stashed device, it retrieves the secret credential and relays it to the device stationed near the car (operated by Attacker 1).

The susceptibility of BLE, short for Bluetooth Low Energy, to relay attacks is well known, so device makers have long relied on countermeasures to prevent the above scenario from occurring. One defense is to measure the flow of the requests and responses and reject authentications when the latency reaches a certain threshold, since relayed communications generally take longer to complete than legitimate ones. Another protection is encrypting the credential sent by the phone.

Khan’s BLE relay attack defeats these mitigations, making such hacks viable against a large base of devices and products previously assumed to be hardened against such attacks.

Continue Reading

Biz & IT

Researchers devise iPhone malware that runs even when device is turned off

Published

on

Classen et al.

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video provides a high overview of some of the ways an attack can work.

[Paper Teaser] Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones

The research is the first—or at least among the first—to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.

“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in a paper published last week. “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”

They added: “Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

The findings have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.
It may also be possible to infect the chips in the event hackers discover security flaws that are susceptible to over-the-air exploits similar to this one that worked against Android devices.

Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And of course, firmware infections are already extremely difficult to detect since it requires significant expertise and expensive equipment.

The researchers said Apple engineers reviewed their paper before it was published, but company representatives never provided any feedback on its contents. Apple representatives didn’t respond to an email seeking comment for this story.

Ultimately, Find My and other features enabled by LPM help provide added security because they allow users to locate lost or stolen devices and lock or unlock car doors even when batteries are depleted. But the research exposes a double-edged sword that, until now, has gone largely unnoticed.

“Hardware and software attacks similar to the ones described, have been proven practical in a real-world setting, so the topics covered in this paper are timely and practical,” John Loucaides, senior vice president of strategy at firmware security firm Eclypsium. “This is typical for every device. Manufacturers are adding features all the time and with every new feature comes a new attack surface.”

Continue Reading

Biz & IT

The tech sector teardown is more catharsis than crisis

Published

on

Following a series of “super clarifying” meetings with shareholders, Uber’s chief executive, Dara Khosrowshahi, emailed employees on Sunday night with an arresting message: “we need to show them the money.”

Mangling his metaphors, Khosrowshahi explained that the market was experiencing a “seismic shift” and the “goalposts have changed.” The ride-hailing and food delivery company’s priority must now be to generate free cash flow. “We are serving multitrillion-dollar markets, but market size is irrelevant if it doesn’t translate into profit,” he wrote.

For the boss of Uber to be trumpeting cash flow and profit would once have seemed about as likely as Elon Musk shouting about the benefits of personal humility and petrol-fueled cars. No company has been more emblematic of the long, crazy, capital-doped bull market in technology stocks than Uber. Founded in 2009, the company floated a decade later at a valuation of $76 billion without recording a single quarter of profits. Its belated conversion to financial orthodoxy shows how much markets have been transformed since the turn in the interest rate cycle and the crash of the tech-heavy Nasdaq market, which has dropped 26 percent this year.

As ever, when bubbles burst, it is hard to distinguish between temporary adjustment and permanent change, between the cyclical downturn and the secular trend. Has the speculative froth just been blown off the top of the market? Or have the rules of the game fundamentally changed for those venture capital-backed start-ups trying to emulate Uber? My bet is on the latter, but that may be no bad thing.

There is certainly a strong argument that the extraordinary boom in tech stocks over the past decade was largely fueled by the unprecedented low-interest-rate policies in response to the global financial crisis of 2008. With capital becoming a commodity, it made sense for opportunistic companies such as Uber to grab as much cash as VC firms would give them to “blitzscale” their way to market domination.

This madcap expansion was accelerated by funding provided by a new class of non-traditional, or tourist, investors, including Masayoshi Son’s SoftBank and “crossover” hedge funds such as Tiger Global. Such funds are now seeing spectacular falls in their portfolio valuation. SoftBank has just announced a historic $27 billion investment loss over the past year at its two Vision Funds, while Tiger Global has lost $17 billion this year.

“There was a unique set of economic and financial policies enacted by the world’s central banks that we have never seen before: sustained negative interest rates over the long term,” says William Janeway, the veteran investor. As a result, he says, some companies pursued “capital as a strategy,” looking to invest their way to success and ignoring traditional metrics. “But I do not believe that is a sensible or sustainable investment strategy.”

Stock market investors have drawn the same conclusion and are now distinguishing between those tech companies that generate strong cash flow and profits, such as Apple, Microsoft, and Alphabet, and more speculative investments, such as Netflix, Peloton, and Zoom. These may have grown extraordinarily fast during the COVID-19 pandemic, but they are still flooded with red ink.

Just as public market investors have rotated out of cash-guzzling growth stocks into cash-generating value companies, so private market investors are following suit, says Albert Wenger, managing partner of Union Square Ventures, the New York-based VC firm. “I think that this is healthy. Companies have to build real products and deliver customer value that translates into earnings,” Wenger says, even if this shift will prove “very, very painful for a number of companies.”

Life is already becoming uncomfortable for late-stage startups looking to exit. The public markets are now hard to access. According to EY, the value of all global IPOs in the first quarter of 2022 dropped 51 percent year on year. The once-manic market for special purpose acquisition companies, which enabled highly speculative tech companies to list through the backdoor, has all but frozen. Trade sales have also fallen as M&A activity has contracted sharply. And valuations for late-stage funding rounds have now dropped in the US, with the rest of the world following behind.

In spite of this, the VC industry remains stuffed with cash and desperate to invest. According to KPMG, almost 1,400 VC funds around the world raised a total of $207 billion last year.

Although cash will count for far more, the ability of startups to exploit opportunities by using cheap and powerful tools such as open source software, cloud computing, and machine learning applications remains undimmed. And a slowdown in the voracious hiring plans of the big technology companies may persuade more budding entrepreneurs to give it a go. “We still need to take many more shots on goal from an investment and societal perspective,” says Wenger. There remains screaming demand for climate tech startups to invent smarter ways of reducing energy consumption, for example.

Venture-backed companies may have just ridden the most extraordinary wealth-generating bull market in history. Such supernatural conditions will never occur again. What follows will more likely prove to be catharsis than crisis, so long as they, like Uber, can show investors the money.

Financial Times: © 2022 The Financial Times Ltd. All rights reserved Not to be redistributed, copied, or modified in any way.

Continue Reading

Trending