Connect with us

Biz & IT

Fleksy’s keyboard grabs $800k+ via equity crowdfunding

Published

on

The dev team that’s now engineering the Fleksy keyboard app has raised more than $800,000 via an equity crowdfunding route.

As we reported a year ago, the development of Fleksy’s keyboard has been taken over by the Barcelona-based startup behind an earlier keyboard app called ThingThing.

The team says their new funding raise — described as a pre-Series A round — will be put towards continued product development of the Fleksy keyboard, including the core AI engine used for next word and content prediction, plus additional features being requested by users — such as swipe to type. 

Support for more languages is also planned. (Fleksy’s Android and iOS apps are currently available in 45+ languages.)

Their other big push will be for growth: Scaling the user-base via a licensing route to market in which the team pitches Android OEMs on the benefits of baking Fleksy in as the default keyboard — offering a high degree of customization, alongside a feature-set that boasts not just speedy typing but apps within apps and extensions. 

The Fleksy keyboard can offer direct access to web search within the keyboard, for example, as well as access to third party apps (in an apps within apps play) — to reduce the need for full app switching.

This was the original concept behind ThingThing’s eponymous keyboard app, though the team has refocused efforts on Fleksy. And bagged their first OEMs as licensing partners.

They’ve just revealed Palm as an early partner. The veteran brand unveiled a dinky palm-sized ‘ultra-mobile’ last week. The tiny extra detail is that the device runs a custom version of the Fleksy keyboard out of the box.

With just 3.3 inches of screen to play with, the keyboard on the Palm risks being a source of stressful friction. Ergo enter Fleksy, with gesture based tricks to speed up cramped typing, plus tried and tested next-word prediction.

ThingThing CEO Olivier Plante says Palm was looking for an “out of the box optimized input method” — and more than that “high customization”.

“We’re excited to team up with ThingThing to design a custom keyboard that delivers a full keyboard typing experience for Palm’s ultra mobile form factor,” adds Dennis Miloseski, co-founder of Palm, in a statement. “Fleksy enables gestures and voice-to-text which makes typing simple and convenient for our users on the go.”

Plante says Fleksy has more OEM partnerships up its sleeve too. “We’re pending to announce new partnerships very soon and grow our user base to more than 25 million users while bringing more revenue to the medium and small OEMs desperately looking to increase their profit margins — software is the cure,” he tells TechCrunch.

ThingThing is pitching itself as a neutral player in the keyboard space, offering OEMs a highly tweakable layer where the Qwerty sits as its strategy to compete with Android’s keyboard giants: Google’s Gboard and Microsoft-owned SwiftKey. 

“We changed a lot of things in Fleksy so it feels native,” says Plante, discussing the Palm integration. “We love when the keyboard feels like the brand and with Palm it’s completely a Palm keyboard to the end-user — and with stellar performance on a small screen.”

“We’ve beaten our competitor to the punch,” he adds. 

That said, the tiny Palm (pictured in the feature image at the top of this post) is unlikely to pack much of a punch in marketshare terms. While Palm is a veteran — and, to nerds, almost cult — brand it’s not even a mobile tiddler in smartphone marketshare terms.

Palm’s cute micro phone is also an experimental attempt to create a new mobile device category — a sort of netbook-esque concept of an extra mobile that’s extra portable — which looks unlikely to be anything other than extremely niche. (Added to its petite size, the Palm is a Verizon exclusive.)

Even so ThingThing is talking bullishly of targeting 550M devices using its keyboard by 2020.

At this stage its user-base from pure downloads is also niche: Just over 1M active users. But Plante says it has already closed “several phone brands partnerships” — saying three are signed, with three more in the works — claiming this will make Fleksy the default input method in more than 20-30 million active users in the coming months. 

He doesn’t name any names but describes these other partners as “other major phone brands”.

The plan to grow Fleksy’s user-base via licensing has attracted wider investor backing now, via the equity crowdfunding route. The team had initially been targeting ($300k). In all they’ve secured $815,119 from 446 investors.

Plante says they went down the equity crowdfunding route to spread their pitch more widely, and get more ambassadors on board — as well as to demonstrate “that we’re a user-centric/people/independent company aiming big”.

“We are keen to work and fully customize the keyboard to the OEM tastes. We know this is key for them so they can better compete against the others on more than simply the hardware,” he says, making the ‘Fleksy for OEMs’ pitch. “Today, the market is saturated with yet another box, better camera and better screen…. the missing piece in Android ecosystem is software differences.”

Given how tight margins remain for Android makers it remains to be seen how many will bite. Though there’s a revenue share arrangement that sweetens the deal.

It is also certainly true that differentiation in the Android space is a big problem. That’s why Palm is trying its hand at a smaller form factor — in a leftfield attempt to stand out by going small.

The European Union’s recent antitrust ruling against Google’s Android OS has also opened up an opportunity for additional software customization, via unbundled Google apps. So there’s at least a chance for some new thinking and ideas to emerge in the regional Android smartphone space. And that could be good for Spain-based ThingThing.

Aside from the licensing fee, the team’s business model relies on generating revenue via affiliate links and its fleksyapps platform. ThingThing then shares revenue with OEM partners, so that’s another carrot for them — offering a services topper on their hardware margin.

Though that piece will need scale to really spin up. Hence ThingThing’s user target for Fleksy being so big and bold.

“We’re working with brands in order to bring them into any apps where you type, which unlocks brand new use cases and enables the user to share conveniently and the brand to drive mobile traffic to their service,” says Plante. “On this note, we monetize via affiliate/deep linking and operating a fleksyapps Store.”

ThingThing has also made privacy by design a major focus — which is a key way it’s hoping to make the keyboard app stand out against data-mining big tech rivals.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Verizon’s Visible Wireless investigating hacked customer accounts

Published

on

Numerous Visible Wireless subscribers are reporting their accounts have been “hacked” this week. Visible runs on Verizon’s 5G and 4G LTE networks. Rather than being a Mobile Virtual Network Operator (MVNO), Visible is actually owned by Verizon.

Suspicions of a data breach at Visible started Monday when some customers saw random unauthorized purchases on their Visible accounts:

On the Visible subreddit, users have reported seeing unauthorized orders placed from their accounts, with a shipping address different from theirs:

Visible customer:
Enlarge / Visible customer: “Got hacked yesterday, order still shipped!!!”

Social media was flooded with similar reports of customers not receiving a response from Visible for days:

Credential stuffing likely the cause of hacked accounts

In an email sent out to customers and a public announcement posted yesterday, Visible shared what could be the cause of these hacks:

“We have learned of an incident wherein information on some member accounts was changed without their authorization. We are taking protective steps to secure all impacted accounts and prevent any further unauthorized access,” said Visible in an announcement. “Our investigation indicates that threat actors were able to access username/passwords from outside sources, and exploit that information to login to Visible accounts. If you use your Visible username and password across multiple accounts, including your bank or other financial accounts, we recommend updating your username/password with those services.”

Rather than a data breach at Visible itself, the company’s wording makes it sound like customer credentials were obtained from a third-party leak or breached database and then used to access customer accounts—a practice known as credential stuffing. The company advises customers to reset passwords and security information and will prompt users to re-validate payment information before further purchases can be made.

But experts have cast doubts on theories that this incident stemmed from credential stuffing, considering Visible also admitted to “technical issues” on its chat platform, with the company briefly unable to make any changes to customer accounts just this week. Visible’s tweet mentioning this information was deleted by the company.

Did Visible know about the incident since last week?

Although a public statement from Visible arrived yesterday, the company had first acknowledged the issue on Twitter on October 8, if not earlier. Interestingly, a vague reason was provided at the time—order confirmation emails having been erroneously sent out by Visible. “We’re sorry for any confusion this may have caused! There was an error where this email was sent to members, please disregard it.”

Visible had initially responded vaguely to concerns on Oct 8.
Enlarge / Visible had initially responded vaguely to concerns on Oct 8.

One Visible customer reacted angrily to the delay: “This response is completely irresponsible, given the fact that you are currently under attack and are aware of MANY users that have had their accounts compromised.”

Despite the panic generated among hacked customers, at least, one can find relief in the fact that customers won’t be held liable for any unauthorized charges. “If there is a mistaken charge on your account, you will not be held accountable, and the charges will be reversed,” states the company as the investigation continues.

In addition to monitoring for suspicious transactions, Visible customers impacted by the incident should change their credentials, both on Visible websites and any other websites where they have used the same credentials.

Continue Reading

Biz & IT

US gov’t will slap contractors with civil lawsuits for hiding breaches

Published

on

In a groundbreaking initiative announced by the Department of Justice this week, federal contractors will be sued if they fail to report a cyber attack or data breaches. The newly introduced “Civil Cyber-Fraud Initiative” will leverage the existing False Claims Act to pursue contractors and grant recipients involved in what the DoJ calls “cybersecurity fraud.” Usually, the False Claims Act is used by the government to tackle civil lawsuits over false claims made in relation to federal funds and property connected with government programs.

Cyber contractors chose silence “for too long”

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” states Deputy Attorney General Lisa O. Monaco, who is pioneering the initiative. “Well, that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards—because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

The introduction of the Civil Cyber-Fraud Initiative is the “direct result” of the department’s ongoing thorough review of the cybersecurity landscape ordered by the deputy attorney general in May. The goal behind these review activities is to develop actionable recommendations that enhance and expand the DoJ’s efforts for combating cyber threats.

The launch of the Initiative aims to curb new and emerging cybersecurity threats to sensitive and critical systems by bringing together subject-matter experts from civil fraud, government procurement, and cybersecurity agencies.

The development comes at a time when cyberattacks are rampant, and advanced ransomware gangs repeatedly target critical infrastructures, such as the Colonial Pipeline and health care facilities.

Provisions of the act would protect whistleblowers

The Civil Cyber-Fraud Initiative will utilize the False Claims Act, aka the “Lincoln Law,” which serves as a litigative tool to the government when placing liability on those who defraud government programs.

“The act includes a unique whistleblower provision, which allows private parties to assist the government in identifying and pursuing fraudulent conduct and to share in any recovery and protects whistleblowers who bring these violations and failures from retaliation,” explains the DoJ in a press release.

The initiative will hold entities, such as federal contractors or individuals, accountable when they put US cyber infrastructure at risk by knowingly “providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

In summary, the Initiative is designed with the following objectives in mind:

  • Building broad resiliency against cybersecurity intrusions across the government, the public sector and key industry partners.
  • Holding contractors and grantees to their commitments to protect government information and infrastructure.
  • Supporting government experts’ efforts to timely identify, create and publicize patches for vulnerabilities in commonly used information technology products and services.
  • Ensuring that companies that follow the rules and invest in meeting cybersecurity requirements are not at a competitive disadvantage.
  • Reimbursing the government and the taxpayers for the losses incurred when companies fail to satisfy their cybersecurity obligations.
  • Improving overall cybersecurity practices that will benefit the government, private users, and the American public.

The timing of this announcement also coincides with the deputy attorney general’s creation of a “National Cryptocurrency Enforcement Team” designed to tackle complex investigations and criminal cases of cryptocurrency misuse. In particular, the team’s activities will focus on offenses committed by cryptocurrency exchanges and money-laundering operations.

What stands out, though, is that the Civil Cyber-Fraud Initiative would pursue those who were knowingly negligent in the implementation of a robust cybersecurity posture or knowingly misrepresented their cybersecurity practices—leaving room for plausible deniability.

Equally interesting is the fact that just two days ago, Senator Elizabeth Warren and Representative Deborah Ross proposed a new bill dubbed the “Ransom Disclosure Act.” The act would require ransomware victims to disclose details of any ransom amount paid within 48 hours of payment and to divulge “any known information about the entity demanding the ransom.”

Continue Reading

Biz & IT

Company that routes SMS for all major US carriers was hacked for five years

Published

on

Getty Images | d3sign

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years. Syniverse and carriers have not said whether the hacker had access to customers’ text messages.

A filing with the Securities and Exchange Commission last week said that “in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals.”

Syniverse said that its “investigation revealed that the unauthorized access began in May 2016” and “that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (‘EDT’) environment was compromised for approximately 235 of its customers.”

Syniverse isn’t revealing more details

When contacted by Ars today, a Syniverse spokesperson provided a general statement that mostly repeats what’s in the SEC filing. Syniverse declined to answer our specific questions about whether text messages were exposed and about the impact on the major US carriers.

“Given the confidential nature of our relationship with our customers and a pending law enforcement investigation, we do not anticipate further public statements regarding this matter,” Syniverse said.

The SEC filing is a preliminary proxy statement related to a pending merger with a special purpose acquisition company that will make Syniverse a publicly traded firm. (The document was filed by M3-Brigade Acquisition II Corp., the blank-check company.) As is standard with SEC filings, the document discusses risk factors for investors, in this case including the security-related risk factors demonstrated by the Syniverse database hack.

Syniverse routes messages for 300 operators

Syniverse says its intercarrier messaging service processes over 740 billion messages each year for over 300 mobile operators worldwide. Though Syniverse likely isn’t a familiar name to most cell phone users, the company plays a key role in ensuring that text messages get to their destination.

We asked AT&T, Verizon, and T-Mobile today whether the hacker had access to people’s text messages, and we will update this article if we get any new information.

Syniverse’s importance in SMS was highlighted in November 2019 when a server failure caused over 168,000 messages to be delivered nearly nine months late. The messages were in a queue and left undelivered when a server failed on February 14, 2019, and finally reached their recipients in November when the server was reactivated.

Syniverse says it fixed vulnerabilities

Syniverse said in the SEC filing and its statement to Ars that it reset or deactivated the credentials of all EDT customers, “even if their credentials were not impacted by the incident.”

“Syniverse has notified all affected customers of this unauthorized access where contractually required, and Syniverse has concluded that no additional action, including any customer notification, is required at this time,” the SEC filing said. Syniverse told us that it also “implemented substantial additional measures to provide increased protection to our systems and customers” in response to the incident, but did not say what those measures are.

Syniverse is apparently confident that it has everything under control but told the SEC that it could still discover more problems resulting from the breach:

Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity… While Syniverse believes it has identified and adequately remediated the vulnerabilities that led to the incidents described above, there can be no guarantee that Syniverse will not uncover evidence of exfiltration or misuse of its data or IT systems from the May 2021 Incident, or that it will not experience a future cyber-attack leading to such consequences. Any such exfiltration could lead to the public disclosure or misappropriation of customer data, Syniverse’s trade secrets or other intellectual property, personal information of its employees, sensitive information of its customers, suppliers and vendors, or material financial and other information related to its business.

Syniverse’s SEC filing was submitted on September 27 and discussed yesterday in an article in Vice’s Motherboard section. According to Vice, a “former Syniverse employee who worked on the EDT systems” said those systems contain information on all types of call records. Vice also quoted an employee of a phone company who said that a hacker could have gained access to the contents of SMS text messages.

Vice wrote:

Syniverse repeatedly declined to answer specific questions from Motherboard about the scale of the breach and what specific data was affected, but according to a person who works at a telephone carrier, whoever hacked Syniverse could have had access to metadata such as length and cost, caller and receiver’s numbers, the location of the parties in the call, as well as the content of SMS text messages.

“Syniverse is a common exchange hub for carriers around the world passing billing info back and forth to each other,” the source, who asked to remain anonymous as they were not authorized to talk to the press, told Motherboard. “So it inevitably carries sensitive info like call records, data usage records, text messages, etc. […] The thing is—I don’t know exactly what was being exchanged in that environment. One would have to imagine though it easily could be customer records and [personal identifying information] given that Syniverse exchanges call records and other billing details between carriers.”

Continue Reading

Trending