Déjà Vu: Uncovering Stolen Algorithms in Commercial Products

Presented at DEF CON 30 (2022), Aug. 13, 2022, 3 p.m. (20 minutes)

In an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world.

In this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.

First, we’ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then we’ll show how reverse-engineering and binary comparison techniques can confirm such findings.

Next, we will apply these approaches in a real-world case study. Specifically, we’ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.

The talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we'll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, we’ll provide recommendations for corporations to ensure this doesn’t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.


Presenters:

  • Tom McGuire
    Tom has been working in the security industry since the late 90s. He is the CTO of a cybersecurity firm and an Instructor at Johns Hopkins University where he teaches Reverse Engineering, OS Security, Cryptology and Cyber Risk Management. He loves his family, all things security, biotech and the Red Sox!
  • Patrick Wardle - Founder, Objective-See Foundation
    Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the “Objective by the Sea” macOS Security conference. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.

Links:

Similar Presentations: