• Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Reading: This Mac hacker’s code is so good, corporations keep stealing it
Share
Ad image
Technology MagazineTechnology Magazine
Aa
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Search
  • Home
  • News
  • Business
  • Gear
  • Reviews
  • Games
  • Science
  • Security
Have an existing account? Sign In
Follow US
Technology Magazine > News > This Mac hacker’s code is so good, corporations keep stealing it
News

This Mac hacker’s code is so good, corporations keep stealing it

Press room
Press room Published August 11, 2022
Last updated: 2022/08/11 at 12:10 PM
Share
SHARE

Patrick Wardle is known for being a Mac malware specialist — but his work has traveled farther than he realized..

A former employee of the NSA and NASA, he is also the founder of the Objective-See Foundation: a nonprofit that creates open-source security tools for macOS. The latter role means that a lot of Wardle’s software code is now freely available to download and decompile — and some of this code has apparently caught the eye of technology companies that are using it without his permission.

three different companies were found to be incorporating techniques from Wardle’s work

Wardle will lay out his case in a presentation on Thursday at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. The researchers found that code written by Wardle and released as open source has made its way into a number of commercial products over the years — all without the users crediting him or licensing and paying for the work.

The problem, Wardle says, is that it’s difficult to prove that the code was stolen, rather than implemented in a similar way by coincidence. Fortunately, because of Wardle’s skill in reverse-engineering software, he was able to make more progress than most.

“I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common,” Wardle told The Verge in a call before the talk. “Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern.”

The thefts are a reminder of the precarious status of open-source code, which undergirds enormous portions of the internet. Open-source developers typically make their work available under specific licensing conditions — but since the code is often already public, there are few protections against unscrupulous developers who decide to take advantage. In one recent example, the Trump-backed Truth Social app allegedly lifted significant portions of code from the open-source Mastodon project, resulting in a formal complaint from Mastodon’s founder.

One of the central examples in Wardle’s case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users, but also uncover the fact that a legitimate application like Shazam was always listening in the background.

Wardle — whose cousin Josh Wardle created the popular Wordle game — says he built OverSight because there wasn’t a simple way for a Mac user to confirm which applications were activating the recording hardware at a given time, especially if the applications were designed to run in secret. To solve this challenge, his software used a combination of analysis techniques that turned out to be unusual, and thus unique.

But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products – even down to replicating the same bugs that Wardle’s code had.

A slide from Wardle and McGuire’s DEFCON presentation
Patrick Wardle

Three different companies were found to be incorporating techniques lifted from Wardle’s work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy.

The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective See Foundation.

Code theft is an unfortunate reality, but by bringing attention to it, Wardle hopes to help both developers and companies protect their interests. For software developers, he advises that anyone writing code (whether open or closed source) should assume it will be stolen and learn how to apply techniques that can help uncover instances where this has happened.

For coporations, he suggests that they better educate employees on the legal frameworks surrounding reverse engineering another product for commercial gain. And ultimately, he hopes they’ll just stop stealing.

Press room August 11, 2022
Share this Article
Facebook TwitterEmail Print
What do you think?
Love0
Sad0
Happy0
Sleepy0
Angry0
Dead0
Wink0
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You Might Also Like

News

Microsoft says it has stopped its Xbox Game Pass $1 trial offer

2 Min Read
News

Apple staff reportedly express doubts about mixed-reality headset months ahead of launch

2 Min Read
News

The Wii U and Nintendo 3DS eShops shut down tomorrow

2 Min Read
News

Elon Musk reportedly halves Twitter’s valuation in internal memo

1 Min Read
  • Review
  • Top Lists
  • Contact
  • Privacy Policy
  • Terms of use

We influence 20 million users and is the number one business and technology news network on the planet.

I have read and agree to the terms & conditions

Contact US

  • Contact Us
  • DMCA
  • Editorial Policy
  • Advertise

Quick Link

  • Gear
  • Games
  • Security
  • Reviews

© 2022 Technology Magazine. All Rights Reserved.

Follow US on Socials

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?