Day: August 8, 2019

Uber’s ‘Other Bets’ category, which includes Uber Freight, triples revenue in first half of 2019

Source: Geek Wire On:

Read On

(Uber Photo)

Uber’s stock had a rough day in after-hours trading Thursday after the company revealed a $5.2 billion quarterly loss and slowing revenue growth.

One bright spot in its earnings report was the “Other Bets” category, which is primarily made up of Uber Freight, its on-demand trucking marketplace that launched in May 2017.

Revenue from that category, which also includes Uber’s mobility services such as bike-sharing, reached $340 million through the first half of 2019, triple from the year-ago period. It’s the company’s fastest-growing segment — Uber Eats revenue was up 80 percent, while ride-sharing revenue was up 6 percent during the first six months of this year.

While revenue is growing, so are losses. The “Other Bets” category posted a loss of $193 million through the first two quarters of 2019, up from $48 million in the year-ago period.

“Uber Freight added new shipping customers across the enterprise, middle market, and small- and medium-sized business segments,” Uber said in a press release. “Our platform for shippers targets the underserved long tail of small shippers with an automated self-serve tool that helped drive 10X year-over-year revenue on the platform. ”

Uber Freight helps match carriers with shipper’s loads, using new technology to expedite and automate a traditionally manual process that involves email and phone calls.

In the past two years, Uber has contracted with more than 36,000 carriers and served more than 1,000 shippers, including corporations such as Anheuser-Busch InBev, Niagara, Land O’Lakes, and Colgate-Palmolive. In March it expanded to Europe and is already growing to various countries.

Uber CEO Dara Khosrowshahi spoke to CNBC after the earnings call:

“Yeah, I think Uber Freight’s growth if you look on year on year basis, the top line is growing over 150%. If you look at customer cohorts, our customers love us, our signing of new customers, and the use of the customer is kind of year on year, it continues to increase at a very significant pace. The freight industry hit a soft pocket in the first quarter and second quarter of the year. We went in and adjusted to that soft pocket to sell much more aggressively into accounts and if you look at the grass for Uber Freight now, the growth rates are exciting and we remain bullish. It is going to take a couple of years, but this is a multibillion dollar industry and we think we have got kind of the best solution with the best tech and a great brand. And we think we can succeed there very much so.”

Convoy co-founder Grant Goodale accepts the award for Next Tech Titan at the 2018 GeekWire Awards. (GeekWire Photo / Kevin Lisota)

Uber Freight competes directly with Seattle-based Convoy; it listed the company in its IPO prospectus earlier this year.

Convoy launched in 2015 and has raised $265 million, including a giant $185 million round this past September led by Google’s VC arm that turned the startup into one of the Seattle region’s only unicorns.

Much like Uber Freight, Convoy also builds technology to facilitate transactions between trucking companies and shippers, providing an alternative to brokers.

Convoy’s investors include Jeff Bezos, Bill Gates, Expedia Chairman Barry Diller, Salesforce CEO Marc Benioff, Code.org founders Hadi and Ali Partovi, LinkedIn co-founder Reid Hoffman, and former Starbucks president Howard Behar.

The company does not disclose revenue but says it has “tens of thousands of carriers and a fast‑growing, nationwide roster of shippers comprised of Fortune
500 companies and other organizations.”

Convoy last week put out research about empty miles in trucking, noting the longstanding issue of truckers driving without goods and the associated costs involved. It estimates that 33 percent of trucks drive empty in the U.S.

“New advances in data and technology mean it is now more realistic to make progress toward reducing this industry-critical metric — so it likely that the next two decades won’t look like the last two,” wrote Convoy’s Aaron Terrazas.

Companies such as Convoy and Uber aim to help close that gap — and build their own business in the process.

This past April, Convoy launched a new marketplace to help small trucking businesses compete with large carriers.

Other competitors to Uber Freight and Convoy include traditional brokers such as publicly-traded giant C.H. Robinson, while freight operators themselves are also investing heavily in technology to keep up with demand. There are also newer direct competitors including TransfixTrucker PathDAT; and others.

The U.S. trucking industry is estimated to be $800 billion.

Popular Avaya enterprise VoIP phones are vulnerable to hacking

Source: CSO Magazine On:

Read On

Security researchers have found a critical remote code execution vulnerability in popular models of enterprise VoIP desk phones made by Avaya. The flaw allows hackers to gain full control of the devices, listen in on calls and even turn the phone into a spying device.

The issue was discovered by researchers from security firm McAfee and was disclosed Thursday at the DEF CON security conference in Vegas. However, firmware updates have been available since June 25.

The vulnerability is located in the DHCP service, which allows the devices to automatically obtain IP addresses on the network. Attackers can exploit it by sending maliciously modified DHCP responses to the devices, which do not require authentication, and winning a race condition with the network’s legitimate DHCP server.

The flaw is a buffer overflow that can result in code execution with root privileges. This means attackers are in full control of the phone’s operating system and can do anything including spoofing calls, changing the messages users see on the display, exfiltrating audio calls or turning on the internal microphone in order to spy on nearby conversations.

“There are a lot of different attack vectors, but we thought the most interesting would be the snooping microphone-based attack, and that’s what we used to build the demo,” Steve Povolny, the head of Advanced Threat Research at McAfee, tells CSO.

Vulnerable device models

The McAfee team found and confirmed the vulnerability on Avaya 9600 Series IP Deskphones. However, according to Avaya’s advisory, J100 Series IP Phones and B100 Series Conference Phones are also affected.

Only phones running firmware version 6.8.1 and earlier and configured with H.323 signaling, not SIP, are affected. The company advises users to upgrade to firmware version 6.8.2 or later. Fortunately, these devices can be managed from a central server, so deploying updates can be done automatically.

Old unmaintained code was at fault

It turns out that the vulnerability had actually been patched a decade ago in dhclient, the open-source component that Avaya used in its firmware. The problem is that after forking the open-source code over ten years ago, the company did not update it or backport security patches from upstream. As a result, Avaya phones were using a dhclient version from 2007.

This is a common problem with many embedded devices and proprietary software projects, which in general rely heavily on open-source code and libraries. Past studies have shown that many companies and device makers do not keep track of which versions of open-source libraries are used where, which means they also don’t track the security issues that are later found and fixed in those projects.

In a different talk at Black Hat this week on vulnerabilities in enterprise SSL VPNs, researchers found that VPN appliances from top vendors were using highly outdated data parsing libraries and even an Apache web server version from 2002. The good news is that there are now increased efforts to create standards that would help companies maintain software bills of materials, which could help address some of these issues.