International proof of security
CodeMeter not cracked at international Hacker’s Contest
Hanover (CeBIT) – Today, the fourth Hacker’s hosted by Wibu-Systems
closed. The task was to by-pass of the software protection solution
CodeMeter that was developed by Wibu-Systems. The competition started
on February 1, 0:00 CET and ended on March 14, 23:59 CET. All in all,
1,092 contestants from 27 countries participated. Most of the
participants were located in Germany, followed by China, the United
States, the Netherlands, Poland, Hungary, France, Great Britain and
the Ukraine.
No protection solution can offer 100% protection. This time the
competition was extremely exciting because each contestant had
received the protected software together with the suitable license
stored in a CmStick, the dongle. Both are necessary for executing the
competition software on their PC. For a second function in the
competition software the license bit in the CmStick wasn’t set. Here
the encryption would be cracked – which is nearly impossible – or the
license bit in the dongle or software would be manipulated.
But today, after exactly six weeks, it is certain: no contestant was
able to crack the protection. Oliver Winzenried, C.E.O. of
Wibu-Systems AG, said: “We hoped that our solution CodeMeter held out
against attacks and now we are especially pleased about the fantastic
result. There are plenty of protection solutions available on the
market with their advantages and disadvantages. One of the most
important features is the protection level in addition to flexibility
and license management. Here we have given proof of the security of
our solutions in public as a worldwide first manufacturer of software
protection solutions.”
Next to the usage of approved secure encryption algorithms and the
secure storage of keys in a Smart Card Chip in the CmStick, it is
characterized by the identification of hacking attacks so that the
license in the hardware will be disabled through a policy registered
for a patent by Wibu-Systems. Many of the contestants have addressed
exactly this problem and some of them asked for a second activation.
If the license in the CmStick is disabled, the competition program
can’t be executed. This is comparable to what would happen if a
CmStick was not connected.
Only some contestants in Germany, China and one of Poland have sent
partial solutions that will be rewarded each time with 1,000 Euro by
Wibu-Systems. They provided suggestions for the company for improving
the protection mechanisms further. Oliver Winzenried says: “Of course
it was the ambition of this contest to show that our solutions
provide a high level of security. Additionally it was an important
purpose to find unknown weak points for improving the security
level.” Christoph Fischer, an accepted IT security specialist, says:
“The contest shows clearly that even if there is no 100% protection
possible in all areas, top-quality solutions can provide a sufficient
high barrier against cracking even through specialists.”
At the end the competition was worth it for all involved:
Wibu-Systems didn’t need to pay off the complete prize and received
invaluable ideas for a continuous improvement of the software
protection on the interest of all vendors of software and digital
content. The contestants have received a CmStick for an attractive
price and they can use its personal “security suite” further on. And
the senders of a partial solution have received an attractive
consolation prize.