EEJournal

feature article
Subscribe Now
July 30, 2020

Protecting Your Software from Cyberslime

by Max Maxfield

Are you a company that creates cunning software products? If so, how can you tell if someone counterfeits your software, perhaps inserting malware, and then distributes it as though it were a legitimate copy? Well, this is your lucky day, because the folks at Cylynt have you covered.

I was just chatting with Ted Miracco, who is the co-founder and CEO of Cylynt, home of the SmartFlow Professional and SmartFlow Enterprise anti-piracy compliance solutions. We will return to these solutions shortly. Unfortunately, talking with Ted has sent my poor old noggin churning with a tangled bundle of interrelated thoughts that will keep on bouncing around unless I write them down.

Growing up in Sheffield, England, in the 1960s, I thought that I was living a regular life. Looking back with the benefit of hindsight (the one exact science), I’ve come to realize that I had an idyllic childhood. There was never any argy-bargy (noisy quarrelling or wrangling) in our house. My parents never raised their voices to me. My dad could speak volumes with a raised eyebrow, while my mother had a “look” that could paralyze an impressionable youngster at 50 paces (the scary thing is that she has continued to hone and refine this look over the years — be afraid, be very afraid).

I was brought up with a set of principles that are now so ingrained I cannot imagine fighting against them. One was “waste not, want not.” We didn’t have a lot, so we did our best not to waste anything we did have. To this day, for example, I turn the cold water tap off while I’m brushing my teeth until I’m ready to rinse things off. Another was that littering was a disgrace. Wherever we went, the rule was to leave things nicer than when we got there. On our summer vacations, for example, the last thing my cousin and I did at the beach each day was to gather all of our families’ rubbish, after which we spread out picking up anyone else’s garbage in the vicinity.

One thing that was really drummed into me was that taking anything that didn’t belong to you was a terribly bad thing to do. When I got my first job, I was living in a council flat in Manchester, England. Shortly after I received my first pay packet, one of the things I invested in was a hammer to hang some pictures on the wall. My father had impressed on me that it was always a good idea to pay a bit more for a good tool, so I was tremendously proud of my perfectly balanced, rubber-handled hammer. A few days later, I returned to my flat to discover the front door hanging off its hinges. I’d been robbed. The one thing they’d taken was the only thing I owned that was worth anything — my perfectly balanced, rubber-handled hammer. This was 40 years ago as I pen these words, and it still brings a little tear to my eye to this day.

It was shortly after I’d bid a sad farewell to my prize hammer — did I mention it had perfect balance and boasted a non-slip rubber-clad handle? — that one of our friends told us her sister was getting married and we were all invited to the wedding. This event took place in our friend’s birthplace, which was a small village somewhere on the south coast of England. A group of us drove down a couple of days early and we camped in our friend’s parent’s garden.

On the day before the wedding, we were wandering through the village when one of our number found herself in need of a restroom. “Don’t worry,” said our friend, who pointed to the nearest cottage, “the door will be unlocked and you can use the restroom in here.” We were surprised, to say the least, but our friend assured us that — so long as we were with her — we could pretty much go anywhere in the village, and she was right.

Once, when I was ambling through Hong Kong circa 1985, someone came up to me on the street and asked if I would like to purchase “a genuine fake Rolex watch.” I can’t swear to it, but he looked like he was wearing a genuine false moustache. I had to admire his honesty in a convoluted sort of way.

On another occasion, I found myself in Singapore, as you do. (As I mentioned in The Times They Are a-Changin’, during his time in the Royal Navy, my grandfather was in the team that charted Singapore Harbor using rowing boats, surveying equipment, and weighted lines to measure the depth of the water.) A local friend took me to a small backstreet store where he said I could purchase some cheap jeans. I found a pair I liked and took them to the checkout, where a little old man was perched on a stool between a cash register and a sewing machine. The old man asked what sort of jeans I liked in a conversational sort of way, and I replied that I was quite fond of Levi 501s. As quick as a flash, he whipped open a draw full of small compartments each packed with different labels, pulled out a Levi 501 label, and sewed it onto my new jeans. A few seconds later, I found myself standing in the street, the perplexed possessor of the first (and only) pair of counterfeit jeans I ever owned.

Stop whimpering. I did warn you. Right at the beginning of this column I told you that my poor old noggin was “churning with a tangled bundle of interrelated thoughts” that would keep on bouncing around until I wrote them down. So, the fact that you are still here tells us either that I’m an extraordinarily gifted writer, or that you have nothing better to do with your time (if you have any self-respect, I know which option I’d go for if I were you).

Are You Guilty?

Things are a little on the hectic side at the moment, what with a global pandemic and all. A lot of us are working from home trying to meet project deadlines while juggling familial distractions. As part of this, many of us end up exploring the internet and downloading various software tools and applications to help ease, or at least smooth, our workloads.

Oftentimes, it’s not easy to spot something as simple as a counterfeit pair of jeans (unless they are counterfeited under your very nose). Things are much harder when it comes to sophisticated software applications.

How do we know that the tools and applications we download over the internet are legitimate copies provided by their original creators or certified partners, and not counterfeit copies that have been hacked by nefarious parties? If we aren’t careful, we could easily end up in violation of the software owner’s copyright. Even worse, we could be talking about an unlicensed, pirated copy of the software carrying a payload of malware that’s poised to set off a chain reaction in our home, office, or company’s IT network.

Returning to Cylynt, Ted tells me that a lot of these problems originate in China, Russia, and Iran, where legitimate software is first hacked and then distributed. Ted also says that there is an abundance of websites that are cleverly marketed to have an “air of legitimacy.” As an experiment, he performed a Google search for a well-known software application and purchased “deeply discounted special offers” from a bunch of seemingly legitimate websites, only to discover that these were all hacked copies. How did he know? Because the software’s creators were using Cylynt’s SmartFlow technology.

So, how did this all come about? Well, in 1994, Ted co-founded the EDA company AWR Corporation, which was subsequently acquired by National Instruments in 2011, and later purchased by Cadence Design Systems in 2020. AWR is a suite of RF and microwave design software that sells for tens of thousands of dollars a seat. Back in Ted’s time. they had lots of sales in the USA, Europe, and Japan, but minimal sales in the rest of Asia. This they found to be strange, because there was a huge market in Asia for training on AWR software.

The company’s investors wanted to know how much of their software was being pirated. All Ted could do was shrug his shoulders because the third-party licensing software they were using couldn’t stand up against determined hackers. As a result, Ted and his partners eventually developed their own antipiracy software, sold AWR, and formed a new company called SmartFlow, which they subsequently rebranded as Cylynt.

Things have progressed in leaps and bounds. Today, Cylynt’s SmartFlow technology is used by a very impressive portfolio of clients to protect $44B of software a year, and this number is rising as we speak.

What can SmartFlow do and how does it do it? I’m glad you asked. I’m only sorry that I’m not allowed to tell you. All I can say is that Cylynt provides a software development kit (SDK), which their clients use to configure their software with the desired level of protections, reporting abilities, and response capabilities prior to the product’s compilation, distribution, and deployment.

Once the SmartFlow-enabled application has been released into the wild, the application’s creators can determine who is using it, where it is being used, if it’s in its original state or if it’s been hacked, and what they want the software to do about it. Apart from anything else, this results in significant revenue possibilities, because the first line of defense is to send a letter to whomever is using the software saying something like: “We know that, for the past three months, you’ve been using 10 instantiations of our software that you have not yet paid for. We’re sure this is an oversight, so here’s what you currently owe, plus the cost of your next year’s licenses. We look forward to receiving your payment before the end of the month.”

Of course, there are increasing levels of potential response, including having the software disable itself or delete itself from the system. I did raise the possibility of implementing a nuclear response in the form of deleting any files in the vicinity before taking the suspect network down in its entirety, but Ted quickly changed the subject and started waffling on about all the good stuff on Cylynt’s Success Stories and Resources pages, including articles on anti-piracy and software license compliance.

There is indeed a lot of interesting information on these pages, but I fear my mind is now meandering off in a new direction thinking of a variety of responses I would like pirated software to perform. These thoughts are unbecoming for an honorable man, so you can be assured that, if I meet one, I’ll tell him not to think them. In the meantime, what punishments do you think would be appropriate for the people who hack other people’s software, the people who knowingly use counterfeit or compromised applications, and the people who create and distribute malware?

Leave a Reply

featured blogs
System-Level Optimization: Why It’s Time to Think Beyond the Silicon
Dec 6, 2023
Optimizing a silicon chip at the system level is crucial in achieving peak performance, efficiency, and system reliability. As Moore's Law faces diminishing returns, simply transitioning to the latest process node no longer guarantees substantial power, performance, or c...
More from Cadence...
Q&A With Jyotika Athavale, IEEE Champion, on Advancing Standards Development Worldwide
Dec 6, 2023
Explore standards development and functional safety requirements with Jyotika Athavale, IEEE senior member and Senior Director of Silicon Lifecycle Management.The post Q&A With Jyotika Athavale, IEEE Champion, on Advancing Standards Development Worldwide appeared first ...
More from Synopsys...
A Haunting World Underwater
Nov 6, 2023
Suffice it to say that everyone and everything in these images was shot in-camera underwater, and that the results truly are haunting....
More from Max's Cool Beans...

featured video

Dramatically Improve PPA and Productivity with Generative AI

Sponsored by Cadence Design Systems

Discover how you can quickly optimize flows for many blocks concurrently and use that knowledge for your next design. The Cadence Cerebrus Intelligent Chip Explorer is a revolutionary, AI-driven, automated approach to chip design flow optimization. Block engineers specify the design goals, and generative AI features within Cadence Cerebrus Explorer will intelligently optimize the design to meet the power, performance, and area (PPA) goals in a completely automated way.

Click here for more information

featured paper

Power and Performance Analysis of FIR Filters and FFTs on Intel Agilex® 7 FPGAs

Sponsored by Intel

Learn about the Future of Intel Programmable Solutions Group at intel.com/leap. The power and performance efficiency of digital signal processing (DSP) workloads play a significant role in the evolution of modern-day technology. Compare benchmarks of finite impulse response (FIR) filters and fast Fourier transform (FFT) designs on Intel Agilex® 7 FPGAs to publicly available results from AMD’s Versal* FPGAs and artificial intelligence engines.

Read more

featured chalk talk

Spectral and Color Sensors
Sponsored by Mouser Electronics and ams OSRAM
There has been quite a bit of advancement in the world of spectrometers of the last several years. In this episode of Chalk Talk, Amelia Dalton and Jim Archibald from ams OSRAM investigate how multispectral sensing solutions are driving innovation in a variety of different fields. They also explore the functions involved with multispectral sensing, the details of ams OSRAM’s AS7343 spectral sensor, and why smoke detection is a great application for this kind of multispectral sensing.
Click here for more information about ams OSRAM AS7343 14-Channel Multi-Spectral Sensors
Mar 6, 2023
33,225 views