Connect with us

Latest News

Uber and Arrival partner to create an EV for ride-hail drivers

Published

on

Arrival, the electric vehicle manufacturer that’s attempting to do away with the assembly line in favor of highly automated microfactories, is partnering with Uber to create an EV for ride-hail drivers. 

Arrival expects to reveal the final vehicle design before the end of the year and to begin production in the third quarter of 2023. Uber drivers have been invited to contribute to the design process to ensure the vehicles are built to suit their needs.

Uber is trying to make good on a promise it made last year to become a fully electric mobility platform by 2025 in London, 2030 in North America and Europe and platform-wide by 2040. The company recently launched Uber Green, which gives passengers the opportunity to select an EV at no extra cost and drivers a chance to pay a lower service fee, part of an $800 million initiative to get more drivers in EVs

To reach its aims of doubling the number of EV drivers by the end of 2021, Uber is kicking its incentives for drivers into gear by helping them purchase or finance new vehicles. The Arrival Cars might be among those recommended to Uber drivers who want to make the switch to electric, especially drivers in London who are eligible for “EV Assistance” via the company’s Clean Air Plan, which launched in 2018, but an Uber spokesperson declined to confirm how the Arrival Cars will be made available. Last September, Uber partnered with General Motors in a similar deal to provide drivers in the United States and Canada discounted prices for the 2020 Chevrolet Bolt. 

“Uber is committed to helping every driver in London upgrade to an EV by 2025, and thanks to our Clean Air Plan more than £135m has been raised to support this ambition,” Jamie Heywood, Uber’s regional general manager for Northern and Eastern Europe said in a statement. “Our focus is now on encouraging drivers to use this money to help them upgrade to an electric vehicle, and our partnership with Arrival will help us achieve this goal.” 

London, where Arrival is based, aims for its entire transport system to be zero emission by 2050, and will create zero emissions zones in central London and town center from 2025, expanding outward to inner London by 2040 and city-wide by 2050. If Uber drivers want to be able to work in the hottest parts of the city, they’ll have no choice but to go electric. 

The partnership with Uber marks Arrival’s first foray into electric car development. Because Arrival focuses on the commercial space rather than commercial sales, its existing vehicle models are vans and buses. The British EV company already has an order from UPS for 10,000 purpose-built vehicles.

Arrival wants to change the way commercial electric vehicles are designed and manufactured. By designing its own batteries and other components in-house and building vehicles through multiple microfactories, which are much smaller than traditional manufacturing facilities, Arrival says it produces vehicles quicker, cheaper and with far fewer environmental costs.

The company began publicly trading in March following a SPAC merger with CIIG, one of many EV companies to hit the markets via the SPAC route as opposed to the traditional, and slower, IPO route.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Latest News

Echelon exposed riders’ account data, thanks to a leaky API

Published

on

Image Credits: Echelon (stock image)

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Fitness technology company Echelon, like Peloton, offers a range of workout hardware — bikes, rowers, and a treadmill — as a cheaper alternative for members to exercise at home. Its app also lets members join virtual classes without the need for workout equipment.

But Jan Masters, a security researcher at Pen Test Partners, found that Echelon’s API allowed him to access the account data — including name, city, age, sex, phone number, weight, birthday, and workout statistics and history — of any other member in a live or pre-recorded class. The API also disclosed some information about members’ workout equipment, such as its serial number.

Masters, if you recall, found a similar bug with Peloton’s API, which let him make unauthenticated requests and pull private user account data directly from Peloton’s servers without the server ever checking to make sure he (or anyone else) was allowed to request it.

Echelon’s API allows its members’ devices and apps to talk with Echelon’s servers over the internet. The API was supposed to check if the member’s device was authorized to pull user data by checking for an authorization token. But Masters said the token wasn’t needed to request data.

Masters also found another bug that allowed members to pull data on any other member because of weak access controls on the API. Masters said this bug made it easy to enumerate user account IDs and scrape account data from Echelon’s servers. Facebook, LinkedIn, Peloton and Clubhouse have all fallen victim to scraping attacks that abuse access to APIs to pull in data about users on their platforms.

Ken Munro, founder of Pen Test Partners, disclosed the vulnerabilities to Echelon on January 20 in a Twitter direct message, since the company doesn’t have a public-facing vulnerability disclosure process (which it says is now “under review”). But the researchers did not hear back during the 90 days after the report was submitted, the standard amount of time security researchers give companies to fix flaws before their details are made public.

TechCrunch asked Echelon for comment, and was told that the security flaws identified by Masters — which he wrote up in a blog post — were fixed in January.

“We hired an outside service to perform a penetration test of systems and identify vulnerabilities. We have taken appropriate actions to correct these, most of which were implemented by January 21, 2021. However, Echelon’s position is that the User ID is not PII [personally identifiable information,” said Chris Martin, Echelon’s chief information security officer, in an email.

Echelon did not name the outside security company but said while the company said it keeps detailed logs, it did not say if it had found any evidence of malicious exploitation.

But Munro disputed the company’s claim of when it fixed the vulnerabilities, and provided TechCrunch with evidence that one of the vulnerabilities was not fixed until at least mid-April, and another vulnerability could still be exploited as recently as this week.

When asked for clarity, Echelon did not address the discrepancies. “[The security flaws] have been remediated,” Martin reiterated.

Echelon also confirmed it fixed a bug that allowed users under the age of 13 to sign up. Many companies block access to children under the age of 13 to avoid complying with the Children’s Online Privacy Protection Act, or COPPA, a U.S. law that puts strict rules on what data companies can collect on children. TechCrunch was able to create an Echelon account this week with an age less than 13, despite the page saying: “Minimum age of use is 13 years old.”

Continue Reading

Latest News

Casualties Mount As Violence Intensifies Between Hamas, Israel

Published

on

Israel has called up more troops and launched its heaviest assault yet along the Gaza border. Seven people in Israel have been killed. Losses are much higher on the Palestinian side.

Continue Reading

Latest News

Palestinian Perspective: What The Conflict With Israel Looks Like From Gaza

Published

on

NPR’s Steve Inskeep talks to Omar Shaban, founder of a Gaza-based think tank, and Palestinian lawyer Diana Buttu, about how this cycle of Palestinian-Israeli violence plays out in their neighborhoods.

Continue Reading

Trending

Copyright © 2020 Latin America Business News

en_USEnglish