Technology

A senator has confirmed that the use of cell site simulators for conducting real-time surveillance on cell phones may interfere with 911 calls.

In a letter to the attorney general, Sen. Ron Wyden said that devices, widely known as&stingrays,& can jam cell phones from sending or receiving phone calls and text messages, which may limit a phone from contacting the emergency services. Wyden said officials at Harris, which develops the surveillance device, told his office that a feature designed to preventinterference with 911 calls was neither tested nor confirmed to work.

Wyden said that not only do stingrays disrupt the communications of a targeted cell phone, other peopledevices nearby might also &experience a temporary disruption of service.&

Stingrays are controversial bits of tech — largely in part because almost nobody outside law enforcement has seen one or knows exactly how they work. These devices are held as a closely guarded secret by police and federal agencies who are bound by non-disclosure agreements — so much so that prosecutors have dropped court cases that might reveal confidential information about the devices.

What we do know is that policeacross the US use these suitcase-sized devicesto mimic cell towers, which trick nearby cell phones into connecting to the device. Police can then identify someonereal-time location and log all the phones within its range.

Some advanced devices are believed to be able to intercept calls and text messages.

Busting through the secrecy has become a challenge for hobbyists and hackers alike. As far back as 2015, researchers were building low-cost alternatives to cell site simulators as proof of concepts. Nowadays,according to the Electronic Frontier Foundation, cell site simulators are &easy to acquire or build, with homemade devices costing less than $1,000 in parts.&

Thatgoing to become a problem for regulators and the authorities — if itnot already a nationals security problem. Although cell site simulators are only available for purchase to law enforcement, Homeland Security recently warned that foreign spies have also obtained the technology — and are using the devices in the nationcapital.

The EFF said that the &only way to stop the public safety and public privacy threats that cell-site simulators pose is to increase the security of our mobile communications infrastructure at every layer.&

&All companies involved in mobile communications from the network layer [cell carriers] to the hardware layer (chip and networking device makers], to the software layer [tech giants] need to work together to ensure that our cellular infrastructure is safe, secure, and private from attacks by spies, criminals, and rogue law enforcement,& said the rights group.

A fund affiliated with the Singaporean government has a great interest in making sure that American consumers are getting the tech support they need.

Temasek, the multi-billion dollar investment fund associated with the government in Singapore, has led a $50 million round forPuls Technologies, Inc., a San Francisco-based company aiming to be the tech support for American homes and offices.

Current investors Sequoia Capital, Red Dot Capital Partners, Samsung NEXT and Viola Ventures all participated in the new financing as well alongside additional new investors Hanaco Ventures and Hamilton Lane.

Founded only three years ago, Puls pitches a service that can match consumers with the appropriate technician in a little over an hour, any day of the week.

The company has built a network of 2,500 technicians in the top 50 cities in the United States, and will provide same-day installation and repair of over 200 products.

Some things the companytechnicians can service include smartphones, televisions, antennas, garage door openers, and smart home devices like voice-activated speakers, video doorbells, keyless locks, AI cameras, thermostats and security systems.

Itthe full circle of consumer electronics crap.

&As consumers depend on electronic devices for every aspect of daily life, the world needs a new service model,& said Eyal Ronen, Puls co-founder and CEO, in a statement. &No one should have to drive across town and stand in line to speak to an expert, or wait hours at home for a local repair van to show up.&

With the new funding, the company said itpoised to take a large chunk of the $50 billion in home automation services around the world. By the end of 2018, the company predicts that there will be 11 billion connected devices globally (although that statistic likely includes connected equipment in factories and other technologies related to the internet of things that may not have a place in the home).

The companyprojections are also based on a forecast that predicts an average household will have 50 connected devices (to which I can only say… bless their hearts).

&We&re delighted to have Temasek leading this round,& said Ronen in a statement. &As investors in global online leaders, Temasek brings incredible expertise to our board. Ita huge vote of confidence in our vision, team and execution, as we accelerate our direct-to-consumer business and expand strategic partnerships with big name retailers, insurance companies, and hardware OEMs.&

Puls raised a $25 million round last year as it completed its rebrand from the cell phone servicing business it had been running under the Cell Savers brand.

&You can&t hack what isn&t there,& Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers for the real ones. Then when the data needs to be moved or operated on, VGS injects the original info without clients having to change their code.

Itessentially a data bank that allows businesses to stop storing confidential info under their unsecured mattress. Or you could think of it as Amazon Web Services for data instead of servers. Given all the high-profile breaches of late, itclear that many companies can&t be trusted to house sensitive data. Andreessen Horowitz is betting that they&d rather leave it to an expert.

Thatwhy the famous venture firm is leading an $8.5 million Series A for VGS, and its partner Alex Rampell is joining the board. The round also includes NYCA, Vertex Ventures, Slow Ventures and PayPal mafioso Max Levchin. The cash builds on VGS& $1.4 million seed round, and will pay for its first big marketing initiative and more salespeople.

&Hey! Stop doing this yourself!,& Abdelkader asserts. &Put it on VGS and we&ll let you operate on your data as if you possess it with none of the liability.& While no data is ever 100 percent unhackable, putting it in VGS& meticulously secured vaults means clients don&t have to become security geniuses themselves and instead can focus on whatunique to their business.

&Privacy is a part of the UN Declaration of Human Rights. We should be able to build innovative applications without sacrificing our privacy and security,& says Abdelkader. He got his start in the industry by reverse-engineering games like StarCraft to build cheats and trainer software. But after studying discrete mathematics, cryptology and number theory, he craved a headier challenge.

Abdelkader co-founded Y Combinator-backed payment system Balanced in 2010, which also raised cash from Andreessen. But out-muscled by Stripe, Balanced shut down in 2015. While transitioning customers over to fellow YC alumni Stripe, Balanced received interest from other companies wanting it to store their data so they could be PCI-compliant.

Very Good Security co-founder and CEO Mahmoud Abdelkader

Now Abdelkader and his VP from Balanced, Marshall Jones, have returned with VGS to sell that as a service. Ittargeting startups that handle data like payment card information, Social Security numbers and medical info, though eventually it could invade the larger enterprise market. It can quickly help these clients achieve compliance certifications for PCI, SOC2, EI3PA, HIPAA and other standards.

VGS& innovation comes in replacing this data with &format preserving aliases& that are privacy safe. &Your app code doesn&t know the difference between this and actually sensitive data,& Abdelkader explains. In 30 minutes of integration, apps can be reworked to route traffic through VGS without ever talking to a salesperson. VGS locks up the real strings and sends the aliases to you instead, then intercepts those aliases and swaps them with the originals when necessary.

&We don&t actually see your data that you vault on VGS,& Abdelkader tells me. &Itbasically modeled after prison. The valuables are stored in isolation.& That means a business& differentiator is their business logic, not the way they store data.

For example, fintech startup LendUp works with VGS to issue virtual credit card numbers that are replaced with fake numbers in LendUpdatabases. That way if ithacked, users& don&t get their cards stolen. But when those card numbers are sent to a processor to actually make a payment, the real card numbers are subbed in last-minute.

VGS charges per data record and operation, with the first 500 records and 100,000 sensitive API calls free; $20 a month gets clients double that, and then they pay 4 cent per record and 2 cents per operation. VGS provides access to insurance too, working with a variety of underwriters. It starts with $1 million policies that can be much larger for Fortune 500s and other big companies, which might want $20 million per incident.

Obviously, VGS has to be obsessive about its own security. A breach of its vaults could kill its brand. &I don&t sleep. I worry I&ll miss something. Are we a giant honey pot,& Abdelkader wonders. &We&ve invested a significant amount of our money into 24/7 monitoring for intrusions.&

Beyond the threat of hackers, VGS also has to battle with others picking away at part of its stack or trying to compete with the whole, like TokenEx, HPVoltage, Thales& Vormetric, Oracle and more. But itdo-it-yourself security thatthe status quo and what VGS is really trying to disrupt.

But VGS has a big accruing advantage. Each time it works with a clients& partners like Experian or TransUnion for a company working with credit checks, it already has a relationship with them the next time another clients has to connect with these partners. Abdelkader hopes that, &Effectively, we become a standard of data security and privacy. All the institutions will just say ‘why don&t you use VGS'&

That standard only works if itconstantly evolving to win the cat-and-mouse game versus attackers. While a company is worrying about the particular value it adds to the world, these intelligent human adversaries can find a weak link in their security — costing them a fortune and ruining their relationships. &I&m selling trust,& Abdelkader concludes. That peace of mind is often worth the price.