Categories
Security

Daycare monitoring apps are ‘dangerously insecure,’ report finds

Popular daycare and childcare communications apps are “dangerously insecure,” according to newly published research, exposing children and parents to the risk of data breaches with lax security settings and permissive or outright misleading privacy policies.

The details come from a new report from the Electronic Frontier Foundation (EFF), which published the results of a months-long research project on Tuesday.

The research, conducted Alexis Hancock, EFF’s director of engineering for the Certbot project, found that popular apps like Brightwheel, HiMama, and Tadpoles lacked two-factor authentication (2FA), meaning that any malicious actor who was able to obtain a user’s password could log in remotely. Further analysis of application code revealed a number of other privacy-compromising features, including data sharing with Facebook and other third parties, that were not disclosed in privacy policies.

After being contacted by the EFF, Brightwheel implemented 2FA and claims to be ”the first in the early education industry to add this extra layer of security.” HiMama reportedly said that it would pass on the feature request to its design team but has not yet implemented the additional security feature. It is not known whether Tadpoles has an intention to implement 2FA.

Network traffic analysis shows the Tadpoles app sending user event data to Facebook.
Image: EFF

Hancock started researching the privacy and security settings of various daycare apps after being asked to download Brightwheel when enrolling her two-year-old daughter in daycare for the first time. Hancock told The Verge that she initially enjoyed using the app to receive updates about her daughter but became concerned about a lack of security given the potentially sensitive nature of the information.

“At first there was a lot of comfort in seeing [my daughter] during the day, with the images they were sending me” Hancock said. “Then I was looking at the app like, huh, I don’t really see security controls I would normally see in most services like this.”

With a background in software development, Hancock was able to use a range of tools like Apktool and mitmproxy to analyze the application code and investigate network calls being made by each of the childcare apps, and she was surprised to find a number of easily fixable errors.

“I found trackers in a few apps. I found weak security policy, weak password policies,” Hancock said. “I found vulnerabilities that were very easy to fix as I went through some of the applications. Really just low hanging fruit.”

The EFF’s new report is not the first to draw attention to serious flaws in applications trusted to keep children safe. For years, researchers have raised concerns over security weaknesses in baby monitor apps and associated hardware, with some of these weaknesses exploited by hackers to send messages to children. More broadly, a survey of 1,000 apps likely to be used by children found that more than two-thirds were sending personal information to the advertising industry.

Hancock hopes that reporting on these privacy and security flaws could lead to better regulation of child-focused apps — but nonetheless, the findings have left her concerned.

“It made me feel, as a parent, even more afraid for my child,” she said. “I don’t want her to have a data breach before she’s five. I’m doing all I can to make sure that doesn’t happen.”

Repost: Original Source and Author Link

Categories
AI

Workplace monitoring platform Aware takes in $60M

Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next. 


Aware, a platform that analyzes employee behavior across messaging platforms like Slack, today announced that it raised $60 million in a series C round led by Goldman Sachs Growth Equity, with participation from Spring Mountain Capital, Blue Heron Capital, Allos Ventures, Ohio Innovation Fund, JobsOhio, and Rev1 Ventures. The company says that the capital, which brings its total raised to over $86.9 million, will be put toward product development, sales efforts, and hiring.

“This specific investment will allow us to make significant progress towards helping organizations see the human difference across all functions of the business. We expect to rapidly expand our current integrations into new platforms, as well as to ingest and analyze digital signals from all areas of the organization,” cofounder and CEO Jeff Schumann told VentureBeat via email. “We started in text conversations, files, and images, and we’re already working towards voice and video signals.”

The trend toward remote and hybrid work has prompted some companies to increase their use of monitoring technologies to ensure that employees remain on task. Whether real or imagined, some managers believe that productivity has decreased at their company since staffers started working from home during the pandemic. But these monitoring technologies threaten to infringe on workers’ privacy, creating a chilling effect on speech that challenges the company line.

Columbus, Ohio-based Aware, which was founded in 2017 by Schumann, James Tsai, Matt Huber, and Shawn Domer, leverages APIs and webhooks to collect and process communications from platforms including Slack, Microsoft Teams, Zoom, Yammer, and Workplace from Facebook. The company applies natural language processing and computer vision technologies to predict message sentiment and detect screenshots, among other tasks, identifying relationships between messages to provide context beyond replies.

Aware

“Aware continues to be the leading force for digital collaboration insights, giving companies a better understanding of their workforce and the ability to manage the risks associated with digital conversations and remote collaboration,” Schumann said in a statement. “Aware’s continued adoption as essential tech further shows how AI [is] key to building more transformational businesses.”

But some of Aware’s capabilities might give employees pause, like the platform’s ability to preserve files, edits, and deletions as well as metadata like message locations. While Aware claims its ability to collect and normalize conversations from multiple sources might be useful to employers in search of governance and search solutions, employees might perceive it as a way for companies to tamp down on protests or put workers’ activities under a microscope.

Employee monitoring

Employee monitoring software is a broad category, but generally speaking, it encompasses programs that can measure an employee’s idle time, access webcams, track keystrokes and web history, take screenshots, and record emails, chats, and phone calls. In a survey of employers, ExpressVPN found that 78% were using monitoring software like TimeDoctor, Teramind, Wiretap, Interguard, Hubstaff, and ActivTrak to track their employees’ performance or online activity. Perhaps unsurprisingly, Reports and Data predicts that by 2027, the global market for employee remote monitoring software will hit $1.3 billion.

Pitching itself as an HR solution, Aware claims it can store all public and private messages, attachments, and images sent by employees, recreating conversations in an “easy-to-understand” format. Aware purports to detect inappropriate, offensive, and hateful speech, employing AI to extract top-level message information.

In this way, Aware’s platform is akin to Awareness’ Interguard, which can scan emails and messages for particular keywords. Wiretap and Qumram similarly monitor chat forums like Slack, Yammer, and WhatsApp, using AI to identify “harassment, threats, and intimidation.”

“[With Aware, companies can] automate community management processes, identify incidents of insider threats, [and] identify toxic employees in the workplace,” the company’s website reads. “[Customers can] enable rules that automatically prevent against unsafe sharing and safeguard against HIPAA, FINRA, or PCI violations. [They can also] scan workplace communication content and file shares to identify instances of inappropriate sharing and breaches of confidentiality. [And they can protect their] employees from sexual harassment, discrimination, and bullying by monitoring public and private communications.”

Aware

But biases in the algorithms could color the results of Aware’s assessments. Studies have shown that text-based sentiment analysis systems can exhibit prejudices along race, ethnic, and gender lines — for example, associating Black people with more negative emotions like anger, fear, and sadness. AI models also tend to inconsistently analyze hate speech, with research showing that automated moderation platforms struggle with “Black-aligned English,” quotations of hate speech, slurs, and spelling variations of hateful words.

Schumann claims that Aware is one of the only companies that trains models on the interactions “within enterprise collaboration.” The net result is AI that’s “two to three times as accurate as competitor AI and machine learning services” in the market, he says.

“Aware is the future of human-centered business. We understand and make sense of all the human interactions happening in the organization,” Schumann continued. “We are training on a data lake consisting of billions of normalized, anonymized interactions that is growing daily. This gives us a unique advantage. Aware is positioned to know the customer and their own DNA quite well.”

Beyond the potential bias issues, research shows employees are disinclined to support the deployment of software like Aware’s because they feel like they’re constantly being watched. A recent Gartner survey found that knowledge workers were nearly two times more likely to pretend to be working after their companies invested in tracking systems.

Workers have reason to be concerned. According to a recent complaint filed by the National Labor Relations Board, Google spied on its staffers — two of which were in the process of organizing protests against the company — before terminating several. Call center workers face pressure to sign a contract that lets their employers install in-home cameras to monitor their work. And Amazon delivery drivers say surveillance cameras installed in their vans have made them lose income for reasons beyond their control, like when cars cut them off.

Of the remote or hybrid workers surveyed in the ExpressVPN paper, 59% said that they felt stress or anxiety as a result of their employer monitoring them. Another 43% said that the surveillance felt like a violation of trust, and more than half said they’d quit their job if their manager implemented surveillance measures.

Little recourse

In the U.S., employees have little in the way of legal recourse when it comes to monitoring software. The 1986 Electronic Communications Privacy Act (ECPA) allows companies to surveil communications for “legitimate business-related purposes.” Only two states, Connecticut and Delaware, require notification if employees’ email or internet activities are being monitored, while Colorado and Tennessee require businesses to set written email monitoring policies.

However, the ECPA does prevent employers from monitoring private messages and email accounts that are password-protected and sent from a personal device — unless an employee gives consent. Last October, retailer H&M was fined $40 million for storing sensitive employee information on topics like family issues and religious beliefs. Aware, like other companies providing workplace monitoring software, is bound by this constraint.

Not all employees oppose monitoring software — so long as they’re made aware of the surveillance, how and where the data is maintained, and whether it’s shared with other parties or companies. Over half of office workers surveyed by Robert Half were open to digital surveillance if it led to perks, like the ability to work preferred hours or remotely. Microsoft touts its Viva platform as one such pro-worker solution, with privacy controls including an anonymized, general productivity score for teams and recommendations for employees’ mental health.

Aware

Aware, like its rivals, is growing at a fast clip during the pandemic. Revenue has “consistently” climbed 170% to 200% year-over-year for the last several years, and the company, which employs a workforce of around 60 employees, has over 1 million licensed users across more than 17 countries.

“Our growth was accelerated in part due to [the pandemic] and the emergency shift to remote work. It made the adoption of technologies, such as Teams, Slack, and Zoom, happen virtually overnight,” Schumann said. “This is the dataset we tap into, and now these companies need controls in place for the tech. It also means the focus on employee engagement is incredibly top-of-mind, as organizations struggle to understand their largely remote — or hybrid — workforce. [We] saw an immediate transformation in growth from our existing customer base to the tune of an over 300% increase in data created after the start of mandated lockdowns. We also saw a rapidly increasing demand for the Aware platform, for both our risk mitigation capabilities and our organizational insights.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Sosivio nabs $4M for container monitoring and observability

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Container observability startup Sosivio today announced that it closed a $4 million seed round led by Seamans Holdings, with participation from Superposition Venture Partners and Side Door Ventures. Cofounder and CEO Nuri Golan says that the proceeds will be used to support product launches and allow the company to scale over the next few years.

Containers and Kubernetes technology are entering the mainstream, with more than 35% of IT teams reporting having adopted them in 2019, according to a study from Kubernetes management firm Diamanti. Containers have the advantage of allowing developers to package apps and their dependencies together. But containers also present a monitoring and telemetry challenge. In environments with a large number of containers and microservices, over 50% of IT managers say that a single app request touches more than 25 different technologies, according to a VMWare Tanzu report.

Sosivio’s platform provides visibility into cloud-native environments as well as proactive failure prediction, automated resolution, and contextual analysis of signals. It observes data across layers of a cloud environment, facilitating process monitoring on every server. Sosivio can perform app profiling and observability without the need for agents or data-offloading. And the company’s AI engine correlates data, detecting malfunction sequences as they evolve.

“Liran Cohen, Sosivio’s cofounder and CTO, was the lead Kubernetes architect for Redhat Europe, working with some of the largest cloud environments for very sensitive and regulated companies, organizations, and governments,” Golan told VentureBeat via email. “During his time working with these customers and fixing critical failures after the fact — with hours and hours of human intervention from several teams in the org — he started to conceptualize a way to do this proactively with the help of AI. Adam Weiner, Avi Stokholm-Cohen, and I joined forces to help take this brilliant technology out of the ‘garage.’”

Container competition

Twenty-one-employee Sosivio competes with a number of container monitoring and observability startups, including Sysdig, which last year raised $70 million in a series E funding round. But Sosivio’s solution runs as a set of microservices without permanent installation, allowing even organizations in regulated sectors such as financial services to benefit, Golan claims.

“It only takes a few minutes of research to realize what a big opportunity the observability world offers and how big of a disconnect there is between the tools that are out there and what the customers really want,” Golan said. “When customers see our AI engines in action, predicting their crashes or even minor problems ahead of time, they are shocked. We’re pushing the bounds of what you can do with AI. This is not just tracing or anomaly detection, we built a platform that can actually predict and diagnose your issues before they ever materialize. Sosivio’s platform makes DevOps teams infinitely more effective.”

Prior to its formal launch in a couple of weeks, Golan says that Sosivio has been working with 10 customers including a software and IT company, a military unit, an online gambling and gaming company, a startup in the music industry, and an AI company. “Our design partners are using our platform in production environments which run digital applications and services we use every day,” Golan continued. “Imagine you run a large online sports betting company and your users experience delays when placing bets. Or even worse, imagine you are trying to transfer funds from your bank account and the app crashes mid transaction. Did it go through? Did it not? Both are real stories which we helped identify and solve in real time, prior to the predictive capability of our product being live.”

Sosivio’s latest financing brings its total raised to over $5 million.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

MLOps startup Comet raises $13M to launch model monitoring products

Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.


MLOps startup Comet today announced that it raised $13 million in a series A funding round led by Scale Venture Partners. The capital, which Comet plans to put toward product, sales, marketing, and engineering growth, comes as the company acquires U.K.-based Stakion to bolster the launch of Comet Model Production Monitoring (MPM), a product that enables organizations to track and monitor AI model quality.

MLOps, or machine learning operations, encompasses the ways organizations build and deploy models. In the wake of the COVID-19 pandemic, enterprises have accelerated their investments in AI as part of an effort to drive digital business transformations. MLOps platforms could generate annual revenues in excess of $4 billion by 2025, according to Deloitte. That’s not surprising in light of a McKinsey report suggesting that AI, if successfully implemented, could drive about 20% of a company’s earnings.

Comet provides self-hosted and cloud-based MLOps solution that allows data scientists and engineers to track, compare, and optimize experiments and models. The ostensible aim is to deliver insights and data to build better, more accurate AI models while improving productivity, collaboration, and explainability across teams.

MLOps

Comet supports code panels, an ecosystem of plugins, extensions, and visualizations built by the community and industry teams. It also offers tools like the aforementioned MPM, which is designed to provide visibility into model performance throughout a model’s lifecycle, from creation to production.

Comet has a rival in Weights and Biases, a provider of a platform for enabling collaboration and governance across teams building machine learning models. Among others, Domino Data Lab, a startup developing a platform focused on enterprises with large data science teams, is vying for a slice of the growing MLOps segment.

But Comet appears to have carved out a chunk of the expanding market. It claims to serve “thousands” of users and “multiple” Fortune 100 companies, with 500% revenue growth over the past year. And this latest funding round, which saw the participation of  Trilogy Equity Partners and Two Sigma Ventures, brings the New York-based company’s total raised to over $19 million.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
AI

Device monitoring and management startup Memfault nabs $8.5M

Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.


Memfault, a startup developing software for consumer device firmware delivery, monitoring, and diagnostics, today closed an $8.5 million series A funding round. CEO François Baldassari says the capital will enable Memfault to scale its engineering team and make investments across product development and marketing.

Slow, inefficient, costly, and reactive processes continue to plague firmware engineering teams. Often, companies recruit customers as product testers — the first indication of a device issue comes through users contacting customer service or voicing dissatisfaction on social media. With 30 billion internet of things (IoT) devices predicted to be in use by 2025, hardware monitoring and debugging methods could struggle to keep pace. As a case in point, Palo Alto Networks’ Unit 42 estimates that 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.

Memfault, which was founded in 2019 by veterans of Oculus, Fitbit, and Pebble, offers a solution in a cloud-based firmware observability platform. Using the platform, customers can capture and remotely debug issues as well as continuously monitor fleets of connected devices. Memfault’s software development kit is designed to be deployed on devices to capture data and send it to the cloud for analysis. The backend identifies, classifies, and deduplicates error reports, spotlighting the issues likely to be most prevalent.

Baldassari says that he, Tyler Hoffman, and Christopher Coleman first conceived of Memfault while working on the embedded software team at smartwatch startup Pebble. Every week, thousands of customers reached out to complain about Bluetooth connectivity issues, battery life regressions, and unexpected resets. Investigating these bugs was time-consuming — teams had to either reproduce issues on their own units or ask customers to mail their watches back so that they could crack them open and wire in debug probes. To improve the process, Baldassari and his cofounders drew inspiration from web development and infrastructure to build a framework that supported the management of fleets of millions of devices, which became Memfault.

By aggregating bugs across software releases and hardware revisions, Memfault says its platform can determine which devices are impacted and what stack they’re running. Developers can inspect backtraces, variables, and registers when encountering an error, and for updates, they can split devices into cohorts to limit fleet-wide issues. Memfault also delivers real-time reports on device check-ins and notifications of unexpected connectivity inactivity. Teams can view device and fleet health data like battery life, connectivity state, and memory usage or track how many devices have installed a release — and how many have encountered problems.

“We’re building feedback mechanisms into our software which allows our users to label an error we have not caught, to merge duplicate errors together, and to split up distinct errors which have been merged by mistake,” Baldassari told VentureBeat via email. “This data is a shoo-in for machine learning, and will allow us to automatically detect errors which cannot be identified with simple heuristics.”

Memfault

IDC forecasts that global IoT revenue will reach $742 billion in 2020. But despite the industry’s long and continued growth, not all organizations think they’re ready for it — in a recent Kaspersky Lab survey, 54% said the risks associated with connectivity and integration of IoT ecosystems remained a major challenge.

That’s perhaps why Memfault has competition in Amazon’s AWS IoT Device Management and Microsoft’s Azure IoT Edge, which support a full range of containerization and isolation features. Another heavyweight rival is Google’s Cloud IoT, a set of tools that connect, process, store, and analyze edge device data. Not to be outdone, startups like Balena, Zededa, Particle, and Axonius offer full-stack IoT device management and development tools.

But Baldassari believes that Memfault’s automation features in particular give the platform a leg up from the rest of the pack. “Despite the ubiquity of connected devices, hardware teams are too often bound by a lack of visibility into device health and a reactive cycle of waiting to be notified of potential issues,” he said in a press release. “Memfault has reimagined hardware diagnostics to instead operate with the similar flexibility, speed, and innovation that has proven so successful with software development. Memfault has saved our customers millions of dollars and engineering hours, and empowered teams to approach product development with the confidence that they can ship better products, faster, with the knowledge they can fix bugs, patch, and update without ever disrupting the user experience.”

Partech led Memfault’s series A raise with participation from Uncork Capital, bringing the San Francisco, California-based company’s total raised to $11 million. In addition to bolstering its existing initiatives, Memfault says it’ll use the funding to launch a self-service of its product for “bottom-up” adoption rather than the sales-driven, top-down approach it has today.

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Repost: Original Source and Author Link

Categories
Tech News

Amazfit smartwatches to get ECG, blood pressure monitoring features

Initially thought of as mini smartphones for wrists, smartwatches have become truly independent, transforming into health-centric accessories that happen to connect with smartphones. That’s partly thanks to Apple’s push for certain features that other smartwatch makers have unsurprisingly imitated. At the top of that list comes ECG monitoring, just one of the things that smartwatch maker Amazfit is planning to introduce into its own wearables, provided it get US FDA approval, of course.

Although it sounds too close to Amazon, Amazfit has actually been associated more with famed Chinese smartphone maker Xiaomi than the e-commerce giant. More formally, however, the company behind it just renamed itself from Huami to Zepp Health and it is hoping its rebranding could help get the US FDA’s approval for at least two of the major health tracking features it is planning to include in future smartwatches.

ECG or Electrocardiography is quickly becoming a standard for high-end smartwatches like those from Apple and Samsung. It is, however, also a feature that requires special regulatory approval in each market as it is considered to be a medical technology. Amazfit is optimistic it will have a smoother ride compared to others because it is partnering with Alivcor, the first to get its ECG accessory for the Apple Watch approved by the US FDA.

Zepp Health isn’t stopping at ECG, however, and is already setting its sights on one of the trickier monitoring features, blood pressure. While some of Samsung’s Galaxy Watches already boast of such a feature, those require taking a measurement using a traditional blood pressure monitor first. Amazfit’s version will be completely independent and won’t require such a calibration process, presuming all goes well.

The company’s biggest and perhaps wildest ambition, however, is COVID-19 detection, something it claims to have already been working on in private since the pandemic broke out in China. It claims that its data and analysis correctly predicted that Spain would experience a huge explosion of cases last year and that study has now attracted the interest of Chinese authorities to work on larger-scale trials.

Repost: Original Source and Author Link