Connect with us

Latest News

BadVR is using government grants to build a business that’s independent of venture capital

Published

on

When the Los Angeles-based extended reality data visualization company, BadVR, first heard that one of its earliest benefactors, Magic Leap, was about to shed 1,000 jobs and was fighting for its life, the young startup was unfazed.

Despite the very public ties that BadVR had to Magic Leap, as one of the enterprise applications on the platform, the startup was more insulated than other businesses from the pivot away from consumer-focused apps.

The first step was finding money from the government’s Paycheck Protection Program to get more capital coming in and maintaining its headcount. Eventually, the company managed to land additional financing in the form of a $1 million grant from the National Science Foundation.

It’s the second grant that the company has taken from the NSF and is an example of how startups can turn to government funding for capital and avoid some of the pitfalls of fundraising from venture capital.

To be sure, even Magic Leap’s trip to the brink of collapse wouldn’t have been that bad for BadVR, which makes enterprise applications for extended reality devices.

What the Magic Leap story shows is that companies don’t need to take venture capital to make it. Indeed, as costs come down for equipment and remote work democratizes access to a country that’s still teeming with engineering talent, thrifty startups can get the capital they need from government sources and corporate innovation grants.

That’s how BadVR got most of its $3.5 million in financing. Some money came from a grant from BadVR, while at least $1.25 million has come from the government in the form of two National Science Foundation cooperative agreements through the Small Business Innovation Research financing mechanisms.

A headset capture of BadVR’s climate change application, built for the Magic Leap One headset. Image Credit: BadVR

BadVR uses virtual and augmented reality tools to visualize geospatial data for a range of government and commercial applications. The startup’s tech is already being used by big telecom companies to accelerate the planning and deployment of 5G networks. And, within the public safety sector, the company’s tech is used to improve situational awareness for first responders and to reduce training, staffing, and operational costs.

“Society has become aware of the power of data and the impact it has on our daily lives.  It’s critically important that we make the access of data easy to every organization, regardless of technical skill level or background,” said Suzanne Borders, the chief executive and founder of BadVR, in a statement. 

For Borders, the key to tapping government funding is all about proper advance planning. “Those take a long time,” Borders said. “When you get awarded them, you’re looking at a year’s worth of effort. [Our grant] was a testament to us planning for that about a year ago.”

These grants are typically milestone-based, so as long as BadVR was hitting its targets, it could be fairly assured that the money would be there.

“NSF is proud to support the technology of the future by thinking beyond incremental  developments and funding the most creative, impactful ideas across all markets and  areas of science and engineering,” said Andrea Belz, Division Director of the Division of  Industrial Innovation and Partnerships at NSF. “With the support of our research funds,  any deep technology startup or small business can guide basic science into meaningful  solutions that address tremendous needs.”  

Other government competitions are providing the company with additional non-dilutive cash and a chance to kcik the tires on new capabilities.

A capture from BadVR’s augmented reality geospatial data environment, which allows users to visualize multiple live and historical datasets via overlays relevant to their environment. Image Credit: BadVR

That has translated into traction for the company’s Augmented Reality Operations Center. The AROC is a new offering for the product that visualizes data for first responders. Through a challenge hosted by the National Institute of Standards and Technology, BadVR was able to work with the Eureka, Mo. Fire Department to develop a prototype for a specific emergency situation.

It’s an evolution of an early product the company had developed where enterprises can create digital twins of their factories or stores in virtual reality and do a walk-through to examine different conditions.

The visualization work that BadVR does isn’t necessarily all geo-spatial. The company can take all kinds of data and integrate that into an environment that makes the data easier to see. Borders sees the company’s services extending into creating all kinds of collaborative environments for companies.

“The system highlights things that are important to look at,” Borders said. “It’s virtualizing the data visualization experience and bringing it into an immersive environment — and building a more collaborative aspect to that experience.”

Since the COVID-19 pandemic has forced businesses across the country to operate virtually, Borders said the demand for the kinds of. products her company is building — with the government’s help — has only increased.

“That’s been due to increased demand for remote collaboration tools,” Borders said. “We’ve had increased interest in people across the board — but tools that have remote collaboration capabilities — and bring people together to one immersive data experience… those are taking off.”

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Latest News

Echelon exposed riders’ account data, thanks to a leaky API

Published

on

Image Credits: Echelon (stock image)

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment.

But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class. The API also disclosed some information about members’ workout equipment, such as its serial number.

Masters, if you recall, found a similar bug with Peloton’s API, which let him make unauthenticated requests and pull private user account data directly from Peloton’s servers without the server ever checking to make sure he (or anyone else) was allowed to request it.

Echelon’s API allows its members’ devices and apps to talk with Echelon’s servers over the internet. The API was supposed to check if the member’s device was authorized to pull user data by checking for an authorization token. But Masters said the token wasn’t needed to request data.

Masters also found another bug that allowed members to pull data on any other member because of weak access controls on the API. Masters said this bug made it easy to enumerate user account IDs and scrape account data from Echelon’s servers. Facebook, LinkedIn, Peloton and Clubhouse have all fallen victim to scraping attacks that abuse access to APIs to pull in data about users on their platforms.

Ken Munro, founder of Pen Test Partners, disclosed the vulnerabilities to Echelon on January 20 in a Twitter direct message, since the company doesn’t have a public-facing vulnerability disclosure process (which it says is now “under review”). But the researchers did not hear back during the 90 days after the report was submitted, the standard amount of time security researchers give companies to fix flaws before their details are made public.

TechCrunch asked Echelon for comment, and was told that the security flaws identified by Masters — which he wrote up in a blog post — were fixed in January.

“We hired an outside service to perform a penetration test of systems and identify vulnerabilities. We have taken appropriate actions to correct these, most of which were implemented by January 21, 2021. However, Echelon’s position is that the User ID is not PII [personally identifiable information,” said Chris Martin, Echelon’s chief information security officer, in an email.

Echelon did not name the outside security company but said while the company said it keeps detailed logs, it did not say if it had found any evidence of malicious exploitation.

But Munro disputed the company’s claim of when it fixed the vulnerabilities, and provided TechCrunch with evidence that one of the vulnerabilities was not fixed until at least mid-April, and another vulnerability could still be exploited as recently as this week.

When asked for clarity, Echelon did not address the discrepancies. “[The security flaws] have been remediated,” Martin reiterated.

Echelon also confirmed it fixed a bug that allowed users under the age of 13 to sign up. Many companies block access to children under the age of 13 to avoid complying with the Children’s Online Privacy Protection Act, or COPPA, a U.S. law that puts strict rules on what data companies can collect on children. TechCrunch was able to create an Echelon account this week with an age less than 13, despite the page saying: “Minimum age of use is 13 years old.”

Continue Reading

Latest News

Casualties Mount As Violence Intensifies Between Hamas, Israel

Published

on

Israel has called up more troops and launched its heaviest assault yet along the Gaza border. Seven people in Israel have been killed. Losses are much higher on the Palestinian side.

Continue Reading

Latest News

Palestinian Perspective: What The Conflict With Israel Looks Like From Gaza

Published

on

NPR’s Steve Inskeep talks to Omar Shaban, founder of a Gaza-based think tank, and Palestinian lawyer Diana Buttu, about how this cycle of Palestinian-Israeli violence plays out in their neighborhoods.

Continue Reading

Trending

Copyright © 2020 Latin America Business News

en_USEnglish