logo
allArticlesConferencesPresentations

Déjà Vu: Uncovering Stolen Algorithms in Commercial Products

Conference:  Black Hat USA 2022

2022-08-11

Summary

The presentation discusses the issue of code theft and provides solutions for both developers and corporations to prevent and resolve such incidents.
  • Developers should be proactive in protecting their code and use methods to detect if companies are stealing their work
  • Corporations should educate their employees on the issue of code theft and implement internal procedures to detect and prevent it
  • Reaching out professionally and having a legal team can lead to amicable resolutions and win-win situations
  • Anecdotes and examples are provided to illustrate the importance of taking action to prevent and resolve code theft
The presenter shares their experience of having their code stolen and the importance of being proactive in protecting one's work. They also provide examples of corporations acknowledging fault and taking steps to resolve the issue in a mutually beneficial way.

Abstract

In an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world. In this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.First, we’ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then we’ll show how reverse-engineering and binary comparison techniques can confirm such findings. Next, we will apply these approaches in a real-world case study. Specifically, we’ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.The talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we'll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, we’ll provide recommendations for corporations to ensure this doesn’t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.
Materials:
Tags:

Post a comment

Related work

Keynote: How to Become an Open Source Mechanic

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Emily Fox
2022-10-28

Track the Planet! Mapping Identities, Monitoring Presence, and Decoding Business Alliances in the Azure Ecosystem

Conference:  Defcon 31
Authors: nyxgeek hacker at TrustedSec
2023-08-01

Government-Mandated Front Doors?: A Global Assessment of Legalized Government Access to Data

Conference:  BlackHat USA 2021
Authors:
2021-08-05

Tineola: Taking a Bite Out of Enterprise Blockchain

Conference:  Defcon 26
Authors:
2018-08-01

Story of Jailbreaking iOS 13

Conference:  BlackHat EU 2020
Authors:
2020-12-10

B’Envoy-age to Pre-Quantum Encryption

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Doron Podoleanu, Daniel Rouhana, Emma Dickenson
2022-10-28