EEJournal

feature article
Subscribe Now
July 30, 2020

Protecting Your Software from Cyberslime

by Max Maxfield

Are you a company that creates cunning software products? If so, how can you tell if someone counterfeits your software, perhaps inserting malware, and then distributes it as though it were a legitimate copy? Well, this is your lucky day, because the folks at Cylynt have you covered.

I was just chatting with Ted Miracco, who is the co-founder and CEO of Cylynt, home of the SmartFlow Professional and SmartFlow Enterprise anti-piracy compliance solutions. We will return to these solutions shortly. Unfortunately, talking with Ted has sent my poor old noggin churning with a tangled bundle of interrelated thoughts that will keep on bouncing around unless I write them down.

Growing up in Sheffield, England, in the 1960s, I thought that I was living a regular life. Looking back with the benefit of hindsight (the one exact science), I’ve come to realize that I had an idyllic childhood. There was never any argy-bargy (noisy quarrelling or wrangling) in our house. My parents never raised their voices to me. My dad could speak volumes with a raised eyebrow, while my mother had a “look” that could paralyze an impressionable youngster at 50 paces (the scary thing is that she has continued to hone and refine this look over the years — be afraid, be very afraid).

I was brought up with a set of principles that are now so ingrained I cannot imagine fighting against them. One was “waste not, want not.” We didn’t have a lot, so we did our best not to waste anything we did have. To this day, for example, I turn the cold water tap off while I’m brushing my teeth until I’m ready to rinse things off. Another was that littering was a disgrace. Wherever we went, the rule was to leave things nicer than when we got there. On our summer vacations, for example, the last thing my cousin and I did at the beach each day was to gather all of our families’ rubbish, after which we spread out picking up anyone else’s garbage in the vicinity.

One thing that was really drummed into me was that taking anything that didn’t belong to you was a terribly bad thing to do. When I got my first job, I was living in a council flat in Manchester, England. Shortly after I received my first pay packet, one of the things I invested in was a hammer to hang some pictures on the wall. My father had impressed on me that it was always a good idea to pay a bit more for a good tool, so I was tremendously proud of my perfectly balanced, rubber-handled hammer. A few days later, I returned to my flat to discover the front door hanging off its hinges. I’d been robbed. The one thing they’d taken was the only thing I owned that was worth anything — my perfectly balanced, rubber-handled hammer. This was 40 years ago as I pen these words, and it still brings a little tear to my eye to this day.

It was shortly after I’d bid a sad farewell to my prize hammer — did I mention it had perfect balance and boasted a non-slip rubber-clad handle? — that one of our friends told us her sister was getting married and we were all invited to the wedding. This event took place in our friend’s birthplace, which was a small village somewhere on the south coast of England. A group of us drove down a couple of days early and we camped in our friend’s parent’s garden.

On the day before the wedding, we were wandering through the village when one of our number found herself in need of a restroom. “Don’t worry,” said our friend, who pointed to the nearest cottage, “the door will be unlocked and you can use the restroom in here.” We were surprised, to say the least, but our friend assured us that — so long as we were with her — we could pretty much go anywhere in the village, and she was right.

Once, when I was ambling through Hong Kong circa 1985, someone came up to me on the street and asked if I would like to purchase “a genuine fake Rolex watch.” I can’t swear to it, but he looked like he was wearing a genuine false moustache. I had to admire his honesty in a convoluted sort of way.

On another occasion, I found myself in Singapore, as you do. (As I mentioned in The Times They Are a-Changin’, during his time in the Royal Navy, my grandfather was in the team that charted Singapore Harbor using rowing boats, surveying equipment, and weighted lines to measure the depth of the water.) A local friend took me to a small backstreet store where he said I could purchase some cheap jeans. I found a pair I liked and took them to the checkout, where a little old man was perched on a stool between a cash register and a sewing machine. The old man asked what sort of jeans I liked in a conversational sort of way, and I replied that I was quite fond of Levi 501s. As quick as a flash, he whipped open a draw full of small compartments each packed with different labels, pulled out a Levi 501 label, and sewed it onto my new jeans. A few seconds later, I found myself standing in the street, the perplexed possessor of the first (and only) pair of counterfeit jeans I ever owned.

Stop whimpering. I did warn you. Right at the beginning of this column I told you that my poor old noggin was “churning with a tangled bundle of interrelated thoughts” that would keep on bouncing around until I wrote them down. So, the fact that you are still here tells us either that I’m an extraordinarily gifted writer, or that you have nothing better to do with your time (if you have any self-respect, I know which option I’d go for if I were you).

Are You Guilty?

Things are a little on the hectic side at the moment, what with a global pandemic and all. A lot of us are working from home trying to meet project deadlines while juggling familial distractions. As part of this, many of us end up exploring the internet and downloading various software tools and applications to help ease, or at least smooth, our workloads.

Oftentimes, it’s not easy to spot something as simple as a counterfeit pair of jeans (unless they are counterfeited under your very nose). Things are much harder when it comes to sophisticated software applications.

How do we know that the tools and applications we download over the internet are legitimate copies provided by their original creators or certified partners, and not counterfeit copies that have been hacked by nefarious parties? If we aren’t careful, we could easily end up in violation of the software owner’s copyright. Even worse, we could be talking about an unlicensed, pirated copy of the software carrying a payload of malware that’s poised to set off a chain reaction in our home, office, or company’s IT network.

Returning to Cylynt, Ted tells me that a lot of these problems originate in China, Russia, and Iran, where legitimate software is first hacked and then distributed. Ted also says that there is an abundance of websites that are cleverly marketed to have an “air of legitimacy.” As an experiment, he performed a Google search for a well-known software application and purchased “deeply discounted special offers” from a bunch of seemingly legitimate websites, only to discover that these were all hacked copies. How did he know? Because the software’s creators were using Cylynt’s SmartFlow technology.

So, how did this all come about? Well, in 1994, Ted co-founded the EDA company AWR Corporation, which was subsequently acquired by National Instruments in 2011, and later purchased by Cadence Design Systems in 2020. AWR is a suite of RF and microwave design software that sells for tens of thousands of dollars a seat. Back in Ted’s time. they had lots of sales in the USA, Europe, and Japan, but minimal sales in the rest of Asia. This they found to be strange, because there was a huge market in Asia for training on AWR software.

The company’s investors wanted to know how much of their software was being pirated. All Ted could do was shrug his shoulders because the third-party licensing software they were using couldn’t stand up against determined hackers. As a result, Ted and his partners eventually developed their own antipiracy software, sold AWR, and formed a new company called SmartFlow, which they subsequently rebranded as Cylynt.

Things have progressed in leaps and bounds. Today, Cylynt’s SmartFlow technology is used by a very impressive portfolio of clients to protect $44B of software a year, and this number is rising as we speak.

What can SmartFlow do and how does it do it? I’m glad you asked. I’m only sorry that I’m not allowed to tell you. All I can say is that Cylynt provides a software development kit (SDK), which their clients use to configure their software with the desired level of protections, reporting abilities, and response capabilities prior to the product’s compilation, distribution, and deployment.

Once the SmartFlow-enabled application has been released into the wild, the application’s creators can determine who is using it, where it is being used, if it’s in its original state or if it’s been hacked, and what they want the software to do about it. Apart from anything else, this results in significant revenue possibilities, because the first line of defense is to send a letter to whomever is using the software saying something like: “We know that, for the past three months, you’ve been using 10 instantiations of our software that you have not yet paid for. We’re sure this is an oversight, so here’s what you currently owe, plus the cost of your next year’s licenses. We look forward to receiving your payment before the end of the month.”

Of course, there are increasing levels of potential response, including having the software disable itself or delete itself from the system. I did raise the possibility of implementing a nuclear response in the form of deleting any files in the vicinity before taking the suspect network down in its entirety, but Ted quickly changed the subject and started waffling on about all the good stuff on Cylynt’s Success Stories and Resources pages, including articles on anti-piracy and software license compliance.

There is indeed a lot of interesting information on these pages, but I fear my mind is now meandering off in a new direction thinking of a variety of responses I would like pirated software to perform. These thoughts are unbecoming for an honorable man, so you can be assured that, if I meet one, I’ll tell him not to think them. In the meantime, what punishments do you think would be appropriate for the people who hack other people’s software, the people who knowingly use counterfeit or compromised applications, and the people who create and distribute malware?

Leave a Reply

featured blogs
BoardSurfers: Training Insights: Design Effortlessly Using Structures in Allegro X
Apr 25, 2024
Structures in Allegro X layout editors let you create reusable building blocks for your PCBs, saving you time and ensuring consistency. What are Structures? Structures are pre-defined groups of design objects, such as vias, connecting lines (clines), and shapes. You can combi...
More from Cadence...
Want to Mix and Match Dies in a Single Package? UCIe Can Get You There
Apr 25, 2024
See how the UCIe protocol creates multi-die chips by connecting chiplets from different vendors and nodes, and learn about the role of IP and specifications.The post Want to Mix and Match Dies in a Single Package? UCIe Can Get You There appeared first on Chip Design....
More from Synopsys...
One Robotic Step Closer to Humanoid Robots in the Home
Apr 18, 2024
Are you ready for a revolution in robotic technology (as opposed to a robotic revolution, of course)?...
More from Max's Cool Beans...

featured video

MaxLinear Integrates Analog & Digital Design in One Chip with Cadence 3D Solvers

Sponsored by Cadence Design Systems

MaxLinear has the unique capability of integrating analog and digital design on the same chip. Because of this, the team developed some interesting technology in the communication space. In the optical infrastructure domain, they created the first fully integrated 5nm CMOS PAM4 DSP. All their products solve critical communication and high-frequency analysis challenges.

Learn more about how MaxLinear is using Cadence’s Clarity 3D Solver and EMX Planar 3D Solver in their design process.

featured paper

Designing Robust 5G Power Amplifiers for the Real World

Sponsored by Keysight

Simulating 5G power amplifier (PA) designs at the component and system levels with authentic modulation and high-fidelity behavioral models increases predictability, lowers risk, and shrinks schedules. Simulation software enables multi-technology layout and multi-domain analysis, evaluating the impacts of 5G PA design choices while delivering accurate results in a single virtual workspace. This application note delves into how authentic modulation enhances predictability and performance in 5G millimeter-wave systems.

Download now to revolutionize your design process.

featured chalk talk

Exploring the Potential of 5G in Both Public and Private Networks – Advantech and Mouser
Sponsored by Mouser Electronics and Advantech
In this episode of Chalk Talk, Amelia Dalton and Andrew Chen from Advantech investigate how we can revolutionize connectivity with 5G in public and private networks. They explore the role that 5G plays in autonomous vehicles, smart traffic systems, and public safety infrastructure and the solutions that Advantech offers in this arena.
Click here for more information about Advantech ICR-4461 Industrial Cellular Routers & Gateways
Apr 1, 2024
3,486 views