Google Acquires Israeli Security Startup SlickLogin

Fnord666 writes "SlickLogin, an Israeli startup and developer of smart identification technology through user smartphones has been acquired by Google for several million (the official transaction amount remains undisclosed). SlickLogin was founded under a year ago by Or Zelig, Eran Galili and Ori Kabeli. The company first unveiled its technology at TechCrunch Disrupt held last September. The company has yet to launch their product."

Interesting

[cascadingstylesheet]

I look forward to the comments about how this could be exploited ... very interesting idea, though.

Re:Interesting

[icebike]

Seems mostly aimed at Two Factor Authentication, not dissimilar to the way Google Authenticator works without having to type anything into your phone.

Currently Google's 2FA uses you phone as a synced clock displaying numbers which you have to key in to your
computer to log in.

These guys revers that and you computer sends a QR code or a sound that your Cellphone authenticates and sends
a response back through the network, via a separate path (tcp connection or sms message).

Its pretty clever, as long as its paired with something else only you would know. It has the same problems
that Google's current two factor has, namely that it is game over if someone steals your phone.

I suspect they bought them more for the patents than anything else.

Re:Interesting

[bondsbw]

It has the same problems that Google's current two factor has, namely that it is game over if someone steals your phone.

Not really, Google Authenticator allows you to switch to another phone or disable it so that codes from the old phone don't work. I assume the same would apply to SlickLogin.

Re: Interesting

The problem with the Google authentication is obvious if you want to keep your mobile personality separate from your desktop one, like I do.

Google really just wants you to give them a phone number so they can better identify you as you, phone numbers tend to be unique and come often with a plethora of contacts for the "social graph" (so that your weak points can be found).

Re:Interesting

[swillden]

It has the same problems that Google's current two factor has, namely that it is game over if someone steals your phone.

Not really, Google Authenticator allows you to switch to another phone or disable it so that codes from the old phone don't work. I assume the same would apply to SlickLogin.

In addition, if your phone is encrypted (and therefore password-protected), the thief is going to find it nearly impossible to get to the code even before you disable it.

Re:Interesting

// personal opinion of mine, not from my employer.

The thief will steal your phone and you. Didn't you read the relevant xkcd strip?

The phone makes access to your account a lot faster and simpler. I don't use that for my bank for that specific reason.

As an aside, if my bank already provides that, how come Google bought a product which didn't launch yet? Probably for the patents, but even so...

Re:Interesting

[swillden]

// personal opinion of mine, not from my employer.

The thief will steal your phone and you. Didn't you read the relevant xkcd strip?

If the thief is going to steal me, my phone and my accounts are the least of my worries.

The phone makes access to your account a lot faster and simpler. I don't use that for my bank for that specific reason.

I don't know what your bank does, but with most 2FA systems that's not the case. The thief needs your phone and also your password, so 2FA actually makes access to your account a little bit more tedious over a password alone... but nearly impossible for someone who doesn't have both.

As an aside, if my bank already provides that, how come Google bought a product which didn't launch yet? Probably for the patents, but even so...

Google already offers 2FA for its accounts, too. They bought this company presumably because the company's new approach is better in some way than what Google and many others are already doing.

Re:Kykes!

[cowwoc2001]

Really ...? At least have the decency to put on your white hood first.

The Big, Bad Wolf

[dotslashit]

"Goodness, what big eyes you have!" "The better to see you with, my dear." SlickLogin's technology uses a combination of protocols to start the authentication process. WiFi, Bluetooth, or QR codes – to name a few – are used to verify that, yes, a user's smartphone is located somewhat near one's active desktop or laptop computer. Use this and Google will be able to identify and tie your id with both your computer and your smartphone ... It's all about whoring the online you to their advertisers.

Re:The Big, Bad Wolf

Use this and Google will be able to identify and tie your id with both your computer and your smartphone ... It's all about whoring the online you to their advertisers.

That's all I need to know to make sure I never ever use this or anything like it.

I have had quite enough of being spied on. I very much doubt I am alone in having that
opinion.

Thanks for your insight.

Re:The Big, Bad Wolf

[icebike]

Use this and Google will be able to identify and tie your id with both your computer and your smartphone .

Yeah, well, Two Factor Authentication already used by Google already KNOWS the computer you are using, and the PHONE you are
using.

This adds no more information than you've already given them for Two Factor Authentication.

Re:The Big, Bad Wolf

[swillden]

Use this and Google will be able to identify and tie your id with both your computer and your smartphone .

Yeah, well, Two Factor Authentication already used by Google already KNOWS the computer you are using, and the PHONE you are using.

This adds no more information than you've already given them for Two Factor Authentication.

Or, for that matter, by just logging into Google on both your phone and your computer.

Re:The Big, Bad Wolf

While this is partially true, please take a look at the source code for Google's authenticator app:

http://code.google.com/p/google-authenticator/source/checkout?repo=android

Note that it doesn't actually care about any unique identifiers for your phone, etc. so Google can't distinguish anything about what devices you actually have installed the Authenticator app on. It doesn't request the necessary permission (READ_PHONE_STATE) to do so:

http://developer.android.com/reference/android/telephony/TelephonyManager.html#getDeviceId()

There's also http://developer.android.com/reference/android/provider/Settings.Secure.html#ANDROID_ID but that identifier is not necessarily associated with your account unless you authenticate w/other Google apps - plus it's not referenced in the source for the Authenticator.

Re:The Big, Bad Wolf

[icebike]

Its all time based. You get you your first sms from google, and that sets up the sequence of numbers that are calculated based on that seed and the current time.
I if have two phones, or move your Sim to a different phone, you have to set that up as well. But the weird thing is both phones will show different sequences, but either sequence will work to authenticate.

But use your friend's phone, it won't work. So it sounds to me that Google is keeping one timer for each authorized phone for your google account. So I thinks they CAN know which device you authenticate with.

Re:The Big, Bad Wolf

[heypete]

Its all time based. You get you your first sms from google, and that sets up the sequence of numbers that are calculated based on that seed and the current time.
I if have two phones, or move your Sim to a different phone, you have to set that up as well. But the weird thing is both phones will show different sequences, but either sequence will work to authenticate.

But use your friend's phone, it won't work. So it sounds to me that Google is keeping one timer for each authorized phone for your google account. So I thinks they CAN know which device you authenticate with.

You're partially right: Google's two-factor authentication service has two independent means of authenticating you:
1. You enter a code produced by the code generating app.
2a. They send an SMS to a phone number you've registered with them ahead of time, and you enter the code.
2b. They call a phone number you've registered with them ahead of time and a text-to-speech robot reads you a code, which you enter.

Mode #1 does not require (and in fact cannot use) SMS to setup -- rather, they show you a QR code containing the needed configuration information (e.g. the shared secret and some descriptive text). You use the Google Authenticator (or other OATH-TOTP compatible app) to take a picture of the QR code, thus configuring your code generating app. If your app does not support QR code reading, you can display the shared secret itself and manually enter it. At no time does the app ever send or receive any data over the network to/from Google. So long as you use the code generator, Google has no way of knowing which device you're using to authenticate. In my case, I have an iPod Touch, a Nexus 7 Android tablet, and a dumbphone with no data access that uses a third-party OATH-TOTP J2ME app to generate codes and they all produce the same codes as I've configured them all to use the same shared secret. Google cannot tell which one I'm using.

Google will only display the QR code/shared secret once -- you can configure as many devices as you want at that time by scanning the code/entering the secret and they'll all generate the same time-based code. However, if you ever go back to your Google Account settings and re-intialize the two-factor authentication it will generate a new secret and show a new QR code. When this happens the old shared secret is disabled and is no longer valid for authenticating to your account (this gives you the ability to revoke the code generator on a lost or stolen phone).

Put simply: there is only a single TOTP secret for your account. Changing the secret revokes the old one.

Naturally, if you use the SMS/voice call system they will know what device you've used to authenticate, but that doesn't apply to the code generator.

Re:The Big, Bad Wolf

This adds no more information than you've already given them for Two Factor Authentication.

Wrong. This gives them more vectors to uniquely and reliably identify you on your mobile; for example by the MAC address of the WiFi and Bluetooth receiver on the phone. Why do you think the Google vans were also sniffing for WiFi packets while "mapping" the streets?

Is Israel the only middle-east starter-up?

Why every time one of the big "monsters" of technology acquires a start-up is it from Israel?
Are the big technology players of the world biased?
Why we never read about Google buying a start-up from Egypt or Apple buying a start-up from Lebanon or Facebook buying some Jordanian start-up?

Are the Israelis the only people interested in technology in the middle-east? Is that a demographic matter?

Where are the contributions of the other middle-east countries in the areas of reearch and technology?

Re:Is Israel the only middle-east starter-up?

Where are the contributions of the other middle-east countries in the areas of reearch and technology?

Most of the contributions were blown up by Islamic fundamentalists long ago. But don't fret, many middle-eastern countries remain on the forefront of IED technology.

Re:Is Israel the only middle-east starter-up?

[icebike]

What are you talking about?
The last purchase Google made was from Britain.
Before that was Nest, a Palo Alto CA company.

This page http://en.wikipedia.org/wiki/L... lists all the major acquisitions Google has made.

I only count 4 on the list from Israel. They buy where you find the tech that you need, and which has a body of law that allows you to acquire it cleanly with no future arguments.

I suspect you are really asking why some countries never produce much of technical value/interest to Google, rather than wondering why Google only buys from certain countries.

If you want to ask why isn't there much interesting tech developed in other countries from the same region, that is another question all together.

Re:Is Israel the only middle-east starter-up?

[dskoll]

People in most other countries in the Middle East tend to be too preoccupied with killing one another (only occasionally remembering to surface to denounce the "Zionist Entity") So they don't have time for frivolous things like, you know, progress or betterment of humanity.

Re:Is Israel the only middle-east starter-up?

[dskoll]

The OP mentioned Middle Eastern countries. I didn't know that the UK and California were in the Middle East.

Re:Is Israel the only middle-east starter-up?

Read "Start-Up Nation" by Dan Senor and Saul Singer

Re:Is Israel the only middle-east starter-up?

[icebike]

The OP said

Why every time one of the big "monsters" of technology acquires a start-up is it from Israel?

I answered that question.

Re:Is Israel the only middle-east starter-up?

Hey icebike.
Don't be such a stiff, "stick-up-your-ass" type of moron.
It is obvious the OP was thinking about a middle-eastern only context when he wrote "...every time one of the big "monsters" of technology acquires a start-up is it from Israel?"

And besides jackass, UK and California are NOT middle-eastern locations... DUH!

Re:Is Israel the only middle-east starter-up?

Israel is the only one that all the rich people in New York City have dual citizenship with....

Re: Is Israel the only middle-east starter-up?

Because the rest of the countries are full of camel jockeys living in caves thinking there are 72 virgins waiting for them in heaven of they blow themselves up

Re:Is Israel the only middle-east starter-up?

[Ralph+Wiggam]

Israel has virtually no natural resources to exploit. So they had to build their economy on other things.

From Wikipedia-

Science and technology in Israel is one of the country's most highly developed and industrialized sectors. The percentage of Israelis engaged in scientific and technological inquiry, and the amount spent on research and development (R&D) in relation to gross domestic product (GDP), is amongst the highest in the world.[72] Israel ranks fourth in the world in scientific activity, as measured by the number of scientific publications per million citizens. Israel's percentage of the total number of scientific articles published worldwide is almost 10 times higher than its percentage of the world's population.[73] Despite its small population relative to other industrialized nations around the world, Israel has the highest number of scientists, technicians, and engineers per capita in the world with 140 scientists, technicians, and engineers per 10,000 employees. In comparison, the same is 85 per 10,000 in the United States and 83 per 10,000 in Japan.

http://en.wikipedia.org/wiki/Economy_of_Israel

Re:Is Israel the only middle-east starter-up?

The huge amounts of money funnelled to them thanks to AIPAC lobbying might also help. Research is easier if somebody else is paying the daily bills.
http://www.ifamericansknew.org/stats/usaid.html

Re:Is Israel the only middle-east starter-up?

[Hognoxious]

Because the Mossad totally rocks. That's why they never got caught for 9-1@h&8%.l.
n o
c a r r i e r

Re:Is Israel the only middle-east starter-up?

The OP mentioned Middle Eastern countries. I didn't know that the UK and California were in the Middle East.

With the number of fucking muzzies we have its getting that way

Re:Is Israel the only middle-east starter-up?

[Hognoxious]

Read the title. It's the thin box above the message body and below your UID.

Re:Is Israel the only middle-east starter-up?

[Jean+Taureau]

Are the Israelis the only people interested in technology in the middle-east?

Not necessarliy big in tech, but Israel _are_ big in security.

Re:Is Israel the only middle-east starter-up?

I don't know if that's entirely true.

But Israel would probably be the country in that region that will raise the least amount of proverbial red flags on the US Gov't for a company like Google (in size, market cap, visibility...importance?) to be doing business with, much less acquiring said company.

If, for instance, Google were to announce they're intending to buy a Syrian or an Iranian company, it would set off all kinds of alarms and would be blocked by the US Gov't almost on the spot.

So, yeah, pending due diligence, and Israeli company is Ok.

Also, from my own experience, Israel has a good reputation for producing software.

Will the Arabs use or boycott this technology ?

That technology was pioneered by Israelis (ie. The Jews).

Arabs hate the Jews and they would do _anything_ to boycott the Jews.

Which leads to ... will the Arabs (and the Moslems) boycott this technology, even if it's now under the Google banner ?

Who Cares

[marcgvky]

These Israeli "tech companies", which are deeply subsidized by the U.S. government, are generally worthless. Just like most fails from Silly Valley.

Audio Authentication

[Identita]

Authentication using various methods of audio modulation and demodulation has been around for more than 10 years. My company alongside 2 others were the leaders in developing and patenting this tech. While I haven't looked extensively at how they are doing it, his video does mention something about using ultrasonic frequencies which our patents don't cover but BeepCard's (another Israeli start-up) patents very much do so. I'm sure they'll be looking into this pretty soon. For those of you interested in learning some more on the subject matter check it out here @ http://www.identita.com/produc... http://www.beepcard.com/produc... http://www.digipaygroup.com/

Oy vey, you filthy goyim!

[Suiggy]

When will you filthy goyim realize that it is us chosen who will dominate in the tech sector? We will always out compete you. Whenever a business is sold, or a deal goes down that is over a $1 million, you can be sure that we have our hands involved in the affair.

Why do you goyim even bother trying? You'll never make it. Just give up. G-d is only on our side.

We even run Dice.

Re: Oy vey, you filthy goyim!

http://en.m.wikipedia.org/wiki/Poe's_law

Re:There is no "Israeli"

What are you a small child that believes if he sticks his fingers in his ears and shouts "Not Listening!" loud enough then suddenly the world will change to be the way he likes it? The state of Israel exists and it has an amazing culture, a vibrant society, a thriving economy and an army capable of defending it. What there is not ,is a Palestinian Arab state. And, if the Palestinian Arabs do not start negotiating responsibly, they will never get one.

Re:There is no "Israeli"

You mean the democratic state where all the citizens regardless of whether they are Jews, Druzim, Christian Arabs, Muslim Arabs, Muslim Bedouins and Christian Copts all have equal rights, full protection under the law, vote in the elections, can serve as politicians in the parliament, judges in the supreme court, work as doctors in the hospital, teachers in the schools, professors in the university, etc?

Yeah, it sounds really racist to me.

How about checking your facts before spouting off at the mouth?

Re:There is no "Israeli"

[drinkypoo]

What are you a small child that believes if he sticks his fingers in his ears and shouts "Not Listening!" loud enough then suddenly the world will change to be the way he likes it?

Perhaps he grew up believing that violence begets violence, and that the forcible creation of a state and placing a people who were never more than an ethnic minority in a region in a position of power inside of it is a blatant attempt to destabilize the region so as not to have to deal with the muzzies.

Re:There is no "Israeli"

> Yeah, it sounds really racist to me.

Well, around 5 years ago I'd have said that Israel was about about as racist as my neighborhood was in the US in the 1970's, but recently I've been seeing more and more Arabs working and shopping in the city where live, so now I'd say it's a lot less racist than my neighborhood was in the US in the 1970's. Unfortunately I haven't lived in the States for quite a while so I cannot make any comparison with the current situation in the US.

Google - Security???

Ha ha ha ha...

Re:There is no "Israeli"

you seem to have a very bizarre definition of racism to say the least.

Boycott Israel

[ikhider]

Notwithstanding all these racist anti-Jew/Arab remarks (remember, both Jews and Arabs, as well as Palestinains and other desert-dwelling races--please look up 'semite' in an etymology book--are semites), Israel must be boycotted. The land was Palestine pre-1949, until it was taken from Palestinians at gun and bomb point. Noam Chomsky has an excellent book on this called 'Fateful Triangle: The United States, Israel and the Palestinians'. Amnesty International has a long list of Israeli state-backed brutality against Palestinians and their continuing theft of Palestinian land. Currently, no such Palestinian state can exist as Israel seeded too many setters in the region. No peace can exist this way. The state of Israel is backed by the North American tax payer, thus backing oppression. If you believe in human rights, please ask your representative not to support Israel. Please read up on this, journalists like Amira Haas, Robert Fisk, Joe Sacco have written a lot about this. I am appalled at a lot of these 'Anti-Jew' (and anti-Arab) comments as being anti-Israel has nothing to do with Anti-Jewish. There is a clear distinction, and in fact, many Jews who care about justice are also anti-Israel. Israel expelled Palestinians from their homeland while turning the remainder into interned slaves until they did a revolt with the first and second Intifadas. Much like the Warsaw ghetto uprisings.

Re:Boycott Israel

Boycott ikhider: Don't fuck his mommy anymore...
Where do you live bastard?
I'd like to pay you a visit motherfucker!

Why Google Acquires SlickLogin?

Google has recently Acquired SlickLogin in order to strengthen the information security systems. Google in association with SlickLogin have decided to make the world of internet more secured and safe. It will replace the typed passwords with sounds. Although the commercial project has not been launched, yet Google is still in the process of doing it as soon as the project is ready. Google has a first mover advantage with respect to verification process. Google had introduced the two step process for verification for free. They are in the phase of coming up with more features for enhancing security process.

Why Google Acquires SlickLogin ?

[Technogala]

Google has recently Acquired SlickLogin in order to strengthen the information security systems. Google in association with SlickLogin have decided to make the world of internet more secured and safe. It will replace the typed passwords with sounds. Although the commercial project has not been launched, yet Google is still in the process of doing it as soon as the project is ready. Google has a first mover advantage with respect to verification process. Google had introduced the two step process for verification for free. They are in the phase of coming up with more features for enhancing security process.