logo

Déjà Vu: Uncovering Stolen Algorithms in Commercial Products

Conference:  Black Hat USA 2022

2022-08-11

Summary

The presentation discusses the issue of code theft and provides solutions for both developers and corporations to prevent and resolve such incidents.
  • Developers should be proactive in protecting their code and use methods to detect if companies are stealing their work
  • Corporations should educate their employees on the issue of code theft and implement internal procedures to detect and prevent it
  • Reaching out professionally and having a legal team can lead to amicable resolutions and win-win situations
  • Anecdotes and examples are provided to illustrate the importance of taking action to prevent and resolve code theft
The presenter shares their experience of having their code stolen and the importance of being proactive in protecting one's work. They also provide examples of corporations acknowledging fault and taking steps to resolve the issue in a mutually beneficial way.

Abstract

In an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world. In this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.First, we’ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then we’ll show how reverse-engineering and binary comparison techniques can confirm such findings. Next, we will apply these approaches in a real-world case study. Specifically, we’ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.The talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we'll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, we’ll provide recommendations for corporations to ensure this doesn’t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.

Materials:

Tags: