March 7, 2014, 5:52 p.m.
Joe Hoffman, Practice Director
The latest rumor in telecom M&A arena has French conglomerate Bouygues in a hot bid for Vivendi’s SFR. A tie-up like this will result in the largest mobile Telecom in France. How does this concentration of market power measure up, and what will the regulator say?
Let’s look at market share before (blue) and after (red) any such acquisition. The resulting telecom giant represents nearly 50% subscriber market share – enough to alarm the anti-trust regulators. The resulting duopoly with Orange would control nearly 90% of French mobile telecom subscribers - not a good sign.
Now look at the Herfindahl-Hirschman Index as measure of market power concentration. Though this is used by the U.S. Department of Justice, it is still reasonable to help understand where to French regulators might rule on any such proposal. Looking at the subscriber base and the resulting concentration, we see the HHI increasing from 2950 to a staggering 4004. This change in market power concentration goes beyond the ill-fated AT&T acquisition of T-Mobile US.
This is yet another example of the economic pressure observed by the Rule of Three and Four that may not gain regulatory approval. Proponents of an acquisition of SFR by Bouygues should prepare for serious headwinds.
March 4, 2014, 10:25 a.m.
Dominique Bonte, Vice President and Practice Director
Media attention for the launch of Apple’s in-car smartphone integration standard CarPlay on Volvo, Ferrari, and Mercedes vehicles at the Geneva auto show is huge. Announced as iOS in the Car in 2013, it emerged under the CarPlay name allowing calling, messaging, navigating, and listening to music on iPhones controlled via voice (Siri) or the car’s head unit touch screen. No word on third party automotive applications yet, except for audio apps such as Spotify and iHeartRadio. Nonetheless Apple enjoys huge support from the automotive industry (BMW, Ford, GM, Honda, Hyundai, JLR, Kia, Mitsubishi, Nissan, PSA, Subaru, Suzuki and Toyota next to the ones mentioned above).
Despite Apple getting in the limelight with CarPlay, more relevant is what the Open Automotive Alliance will do. The OAA was announced at CES 2014 to develop an Android smartphone vehicle integration standard as well as facilitating the adoption of Android as an embedded automotive operating system.
At the same time the CCC’s MirrorLink made a big splash at MWC 2014 with MirrorLink 1.1 Developer Fast Track application certification in place, the first apps such as Glympse, Parkopedia , and Coyote having been made available and Honda, Toyota and VW showing implementations . PSA also announced MirrorLink support on the new 108 and C1. While support from the car industry is overwhelming, handset support is still limited to mainly Android phones from vendors such as Sony and recently HTC.
And what will Samsung do? Adopt whatever the OAA comes up with or – in their typical style – add some differentiating features on top? Samsung also supports MirrorLink on phones such as the Galaxy S3, so that might be another route.
Are we seeing a real in-vehicle smartphone integration war being unleashed? And why do we need that many standards? What the connected car industry needs most is less fragmentation, not more. Having a separate standard for each handset brand is missing the point entirely. Third party developers are looking for a common platform such as MirrorLink spanning the entire connected car industry. For the car OEMs it’s about having little choice other than supporting all possible standards, clearly showing where the power has shifted to. Once more, all eyes are on Google (and the OAA) to unlock the full potential of the connected car and automotive application ecosystem.
Feb. 28, 2014, 8:28 a.m.
Michela Menting , Senior Analyst
A little over two weeks ago, anon posted almost 13,000 IP addresses of vulnerable Asus routers to Pastebin. The list has been viewed over 44,400 times since posting, enough for a few malicious hackers to get their act together and start exploiting. Another link is available containing over 10,000 lists of files stored on Asus-connected hard drives. The issue is that the vulnerabilities were first exposed more than 6 months ago and Asus had not done anything to patch it until last week. Asus is not the only culprit. Linksys vulnerabilities were exposed by the Internet Storm Center two weeks ago in 23 separate router models. The Moon, a worm targeting Linksys routers, has been happily self-replicating in the E-Series and Wireless-N product line. The exploit bypasses the admin authentication, but only works when the Remote Management Access feature is on. Linksys has published technical advice about how to prevent the routers from getting infected.
The router attack vector is not new. Tripwire recently published a study stating that 80% of the top 25 routers available on Amazon were vulnerable. The Polish CERT team also reported a large scale DNS redirection attack on home routers for financial theft. Further, researchers at the University of Liverpool and Queen’s University Belfast published a paper back in October 2013 on a proof-of-concept Wi-Fi access point to access point virus named Chameleon. This attack replaces the firmware of an existing access point (such as a router) and masquerades the outward facing credentials. The virus essentially employs a WLAN attack technique which independently infects and propagates amongst WiFi access point embedded systems.
The issue, as always, is that equipment manufacturers continue to push out products with poor or non-existent security settings. If the markets for personal clouds, IoT and connected homes are ever going to take off, there needs to be a serious change of mind set with regards to the protection of consumer products. Hiding or ignoring security vulnerabilities is not conducive to long-term business success. The cybercriminal menace is already high enough, and added to that is the credible threat of government espionage. Protecting privacy is just as important as protecting intellectual property rights of big corporations. It’s time for consumer security to be taken seriously. Liability for non-patching of known vulnerabilities affecting top product offerings would be a good start. Until such time as the end-user becomes more educated about cybersecurity, the onus is on the providers of consumer ICTs to ensure that security is adequately addressed in a timely fashion. Anything short of this is simply bad business ethics.
Feb. 26, 2014, 1:40 a.m.
Marina Lu, Research Associate
USA based AT & T has announced that it will scrap the costs for sending messages overseas for customers on its Mobile Share and Mobile Share Value plans, which provide unlimited text, picture and video messages.
AT&T is also excited to introduce international calling from the U.S. to any number anytime to over 35 countries, including Canada and Mexico, for 1¢ per minute with the new international calling package, World Connect Value. The "penny-per-minute" calling rates also apply to calls made to any number in the majority of Latin American and Caribbean countries. World Connect Value will be available to all AT&T wireless postpaid customers, including those who have Wireless Home Phone service, for $5 a month as of Friday, February 28.
Feb. 17, 2014, 7:55 a.m.
John Devlin, Practice Director
I have been asked some questions following the news that Wallaby has released the first native payment app for Google Glass last week. This, I thought, was something that could be really interesting but alas I ended up being disappointed. My first major issue is that it isn't really a payment app - its a retail / financial app but in this instance Wallaby for Glass does not allow you to make a payment and Glass does not become the mechanism for making that payment. Perhaps it is an interim step - it recommends which of your cards linked to the Wallaby app will give you the best return/offer/reward but the consumer still pays by card. In the future perhaps it will be possible to pay with your phone or Glass but this is not what it shows in demos yet.
However, it does show that people are interested in making more of the payment-retail user experience and integrating more technology to improve and offer more to consumers. Already there are many contactless wearable devices which are not yet smart or connected which can be used for payment at POS. And the intelligence doesn't have to be on-device, it can all be provided through the back-end systems with real-time updates on your smartphone which is something that could be added in this instance.
There are questions still to be answered if smart wearables are to become the means of payment. For example, if considering Glass, what technology will be the payment channel? NFC seems unlikely to me since I do not believe that users will want to remove them and "tap" to pay. Can it be done via Bluetooth Smart? And will retailers be willing to change their internal processes and customer flow/management to incorporate them? And that brings me to another question - will any smart wearable technology be affordable and mass market enough to have an impact on payments? If this is the case will consumers be better keeping it simple and sticking with contactless wristbands, rings or NFC phones since these are all compatible with existing POS infrastructure?
Don't get me wrong, I can see the appeal - handsfree interaction, information updates, in-door location and offers, augmented reality, etc. can all improve the retail experience for both the vendors and the buyers. It won't be to everyone's taste and it may be seen as too "big brother" or too intrusive but there are those that will want to take advantage of it.
Another aspect that cannot be ignored is security, especially in the current environment with hacks and data breaches all too common these days. Are smart wearables designed with security in mind from the off? Given they - initially at least - are not intended for payments I doubt it. New hardware and software solutions for smartphones and tablets are being developed to improve security in connected devices but it does not mean that these will carry over into smart wearables. It will be interesting to see if this news is the first of many such stories or whether this is just a case of clever marketing to pique our interest in what is a small, yet much hyped and competitive emerging product group.