Experienced in playing digital defense, Wardle decided to do something about the spyware threat: he created OverSight, a MacOS tool that lets you monitor your webcam and mic for signs of malware manipulation.
Sifting through the program, Wardle found familiar code.
Alongside John Hopkins University professor Tom McGuire, Wardle demonstrated how reverse engineering—the process by which a program is taken apart and reconstructed—can reveal evidence of such theft.
To do that, Wardle used this week’s talk to outline some lessons he had learned while attempting to notify companies about the theft issue.
“Some are great: I get an email from the CEO admitting it and asking, ‘What can we fix?’ Awesome...[With] others, it’s a three-week internal investigation, and then they come back and tell you to take a hike because they don’t see any internal consistencies.” In those cases, Wardle has had to provide more evidence of what happened?
But in every case, it was essentially a misguided or naive developer who had been tasked with [finding a way to] monitor the mic and the webcam...and then he or she would reverse engineer my tool and steal the algorithm...and then nobody in the corporation would ask, ‘Hey, where did you get this from?’”.In all three cases, after Wardle stated his case to a company, executives eventually admitted wrongdoing and offered to rectify the situation.
To effectively make his case, however, Wardle often had to show them the evidence.
To bolster his case, Wardle also teamed up with the non-profit Electronic Frontier Foundation (EFF), which offers pro-bono legal services to independent security researchers.