feature article
Subscribe Now

Protecting Your Software from Cyberslime

Are you a company that creates cunning software products? If so, how can you tell if someone counterfeits your software, perhaps inserting malware, and then distributes it as though it were a legitimate copy? Well, this is your lucky day, because the folks at Cylynt have you covered.

I was just chatting with Ted Miracco, who is the co-founder and CEO of Cylynt, home of the SmartFlow Professional and SmartFlow Enterprise anti-piracy compliance solutions. We will return to these solutions shortly. Unfortunately, talking with Ted has sent my poor old noggin churning with a tangled bundle of interrelated thoughts that will keep on bouncing around unless I write them down.

Growing up in Sheffield, England, in the 1960s, I thought that I was living a regular life. Looking back with the benefit of hindsight (the one exact science), I’ve come to realize that I had an idyllic childhood. There was never any argy-bargy (noisy quarrelling or wrangling) in our house. My parents never raised their voices to me. My dad could speak volumes with a raised eyebrow, while my mother had a “look” that could paralyze an impressionable youngster at 50 paces (the scary thing is that she has continued to hone and refine this look over the years — be afraid, be very afraid).

I was brought up with a set of principles that are now so ingrained I cannot imagine fighting against them. One was “waste not, want not.” We didn’t have a lot, so we did our best not to waste anything we did have. To this day, for example, I turn the cold water tap off while I’m brushing my teeth until I’m ready to rinse things off. Another was that littering was a disgrace. Wherever we went, the rule was to leave things nicer than when we got there. On our summer vacations, for example, the last thing my cousin and I did at the beach each day was to gather all of our families’ rubbish, after which we spread out picking up anyone else’s garbage in the vicinity.

One thing that was really drummed into me was that taking anything that didn’t belong to you was a terribly bad thing to do. When I got my first job, I was living in a council flat in Manchester, England. Shortly after I received my first pay packet, one of the things I invested in was a hammer to hang some pictures on the wall. My father had impressed on me that it was always a good idea to pay a bit more for a good tool, so I was tremendously proud of my perfectly balanced, rubber-handled hammer. A few days later, I returned to my flat to discover the front door hanging off its hinges. I’d been robbed. The one thing they’d taken was the only thing I owned that was worth anything — my perfectly balanced, rubber-handled hammer. This was 40 years ago as I pen these words, and it still brings a little tear to my eye to this day.

It was shortly after I’d bid a sad farewell to my prize hammer — did I mention it had perfect balance and boasted a non-slip rubber-clad handle? — that one of our friends told us her sister was getting married and we were all invited to the wedding. This event took place in our friend’s birthplace, which was a small village somewhere on the south coast of England. A group of us drove down a couple of days early and we camped in our friend’s parent’s garden.

On the day before the wedding, we were wandering through the village when one of our number found herself in need of a restroom. “Don’t worry,” said our friend, who pointed to the nearest cottage, “the door will be unlocked and you can use the restroom in here.” We were surprised, to say the least, but our friend assured us that — so long as we were with her — we could pretty much go anywhere in the village, and she was right.

Once, when I was ambling through Hong Kong circa 1985, someone came up to me on the street and asked if I would like to purchase “a genuine fake Rolex watch.” I can’t swear to it, but he looked like he was wearing a genuine false moustache. I had to admire his honesty in a convoluted sort of way.

On another occasion, I found myself in Singapore, as you do. (As I mentioned in The Times They Are a-Changin’, during his time in the Royal Navy, my grandfather was in the team that charted Singapore Harbor using rowing boats, surveying equipment, and weighted lines to measure the depth of the water.) A local friend took me to a small backstreet store where he said I could purchase some cheap jeans. I found a pair I liked and took them to the checkout, where a little old man was perched on a stool between a cash register and a sewing machine. The old man asked what sort of jeans I liked in a conversational sort of way, and I replied that I was quite fond of Levi 501s. As quick as a flash, he whipped open a draw full of small compartments each packed with different labels, pulled out a Levi 501 label, and sewed it onto my new jeans. A few seconds later, I found myself standing in the street, the perplexed possessor of the first (and only) pair of counterfeit jeans I ever owned.

Stop whimpering. I did warn you. Right at the beginning of this column I told you that my poor old noggin was “churning with a tangled bundle of interrelated thoughts” that would keep on bouncing around until I wrote them down. So, the fact that you are still here tells us either that I’m an extraordinarily gifted writer, or that you have nothing better to do with your time (if you have any self-respect, I know which option I’d go for if I were you).

Are You Guilty?

Things are a little on the hectic side at the moment, what with a global pandemic and all. A lot of us are working from home trying to meet project deadlines while juggling familial distractions. As part of this, many of us end up exploring the internet and downloading various software tools and applications to help ease, or at least smooth, our workloads.

Oftentimes, it’s not easy to spot something as simple as a counterfeit pair of jeans (unless they are counterfeited under your very nose). Things are much harder when it comes to sophisticated software applications.

How do we know that the tools and applications we download over the internet are legitimate copies provided by their original creators or certified partners, and not counterfeit copies that have been hacked by nefarious parties? If we aren’t careful, we could easily end up in violation of the software owner’s copyright. Even worse, we could be talking about an unlicensed, pirated copy of the software carrying a payload of malware that’s poised to set off a chain reaction in our home, office, or company’s IT network.

Returning to Cylynt, Ted tells me that a lot of these problems originate in China, Russia, and Iran, where legitimate software is first hacked and then distributed. Ted also says that there is an abundance of websites that are cleverly marketed to have an “air of legitimacy.” As an experiment, he performed a Google search for a well-known software application and purchased “deeply discounted special offers” from a bunch of seemingly legitimate websites, only to discover that these were all hacked copies. How did he know? Because the software’s creators were using Cylynt’s SmartFlow technology.

So, how did this all come about? Well, in 1994, Ted co-founded the EDA company AWR Corporation, which was subsequently acquired by National Instruments in 2011, and later purchased by Cadence Design Systems in 2020. AWR is a suite of RF and microwave design software that sells for tens of thousands of dollars a seat. Back in Ted’s time. they had lots of sales in the USA, Europe, and Japan, but minimal sales in the rest of Asia. This they found to be strange, because there was a huge market in Asia for training on AWR software.

The company’s investors wanted to know how much of their software was being pirated. All Ted could do was shrug his shoulders because the third-party licensing software they were using couldn’t stand up against determined hackers. As a result, Ted and his partners eventually developed their own antipiracy software, sold AWR, and formed a new company called SmartFlow, which they subsequently rebranded as Cylynt.

Things have progressed in leaps and bounds. Today, Cylynt’s SmartFlow technology is used by a very impressive portfolio of clients to protect $44B of software a year, and this number is rising as we speak.

What can SmartFlow do and how does it do it? I’m glad you asked. I’m only sorry that I’m not allowed to tell you. All I can say is that Cylynt provides a software development kit (SDK), which their clients use to configure their software with the desired level of protections, reporting abilities, and response capabilities prior to the product’s compilation, distribution, and deployment.

Once the SmartFlow-enabled application has been released into the wild, the application’s creators can determine who is using it, where it is being used, if it’s in its original state or if it’s been hacked, and what they want the software to do about it. Apart from anything else, this results in significant revenue possibilities, because the first line of defense is to send a letter to whomever is using the software saying something like: “We know that, for the past three months, you’ve been using 10 instantiations of our software that you have not yet paid for. We’re sure this is an oversight, so here’s what you currently owe, plus the cost of your next year’s licenses. We look forward to receiving your payment before the end of the month.”

Of course, there are increasing levels of potential response, including having the software disable itself or delete itself from the system. I did raise the possibility of implementing a nuclear response in the form of deleting any files in the vicinity before taking the suspect network down in its entirety, but Ted quickly changed the subject and started waffling on about all the good stuff on Cylynt’s Success Stories and Resources pages, including articles on anti-piracy and software license compliance.

There is indeed a lot of interesting information on these pages, but I fear my mind is now meandering off in a new direction thinking of a variety of responses I would like pirated software to perform. These thoughts are unbecoming for an honorable man, so you can be assured that, if I meet one, I’ll tell him not to think them. In the meantime, what punishments do you think would be appropriate for the people who hack other people’s software, the people who knowingly use counterfeit or compromised applications, and the people who create and distribute malware?

Leave a Reply

featured blogs
Oct 25, 2020
https://youtu.be/_xItRYHmGPw Made on my balcony (camera Carey Guo) Monday: The Start of the Arm Era Tuesday: The Gen Arm 2Z Ambassadors Wednesday: CadenceLIVE India: Best Paper Awards Thursday:... [[ Click on the title to access the full blog on the Cadence Community site. ]...
Oct 23, 2020
Processing a component onto a PCB used to be fairly straightforward. Through-hole products, or a single or double row surface mount with a larger centerline rarely offer unique challenges obtaining a proper solder joint. However, as electronics continue to get smaller and con...
Oct 23, 2020
[From the last episode: We noted that some inventions, like in-memory compute, aren'€™t intuitive, being driven instead by the math.] We have one more addition to add to our in-memory compute system. Remember that, when we use a regular memory, what goes in is an address '...
Oct 23, 2020
Any suggestions for a 4x4 keypad in which the keys aren'€™t wobbly and you don'€™t have to strike a key dead center for it to make contact?...

featured video

Better PPA with Innovus Mixed Placer Technology – Gigaplace XL

Sponsored by Cadence Design Systems

With the increase of on-chip storage elements, it has become extremely time consuming to come up with an optimized floorplan with manual methods. Innovus Implementation’s advanced multi-objective placement technology, GigaPlace XL, provides automation to optimize at scale, concurrent placement of macros, and standard cells for multiple objectives like timing, wirelength, congestion, and power. This technology provides an innovative way to address design productivity along with design quality improvements reducing weeks of manual floorplan time down to a few hours.

Click here for more information about Innovus Implementation System

featured paper

Fundamentals of Precision ADC Noise Analysis

Sponsored by Texas Instruments

Build your knowledge of noise performance with high-resolution delta-sigma ADCs. This e-book covers types of ADC noise, how other components contribute noise to the system, and how these noise sources interact with each other.

Click here to download the whitepaper

Featured Chalk Talk

Smart Embedded Vision with PolarFire FPGAs

Sponsored by Mouser Electronics and Microchip

In embedded vision applications, doing AI inference at the edge is often required in order to meet performance and latency demands. But, AI inference requires massive computing power, which can exceed our overall power budget. In this episode of Chalk Talk, Amelia Dalton talks to Avery Williams of Microchip about using FPGAs to get the machine vision performance you need, without blowing your power, form factor, and thermal requirements.

More information about Microsemi / Microchip PolarFire FPGA Video & Imaging Kit