The Game Developers Conference is around the corner, and attendees will have the opportunity to interact with an array of sponsors who help fuel the game industry.
At GDC 2022, developers interested in protecting themselves against cheating, mods, copycat games, and more will have a chance to meet with representatives from Digital.ai—as well as check out the Thursday, March 24 at 10:00am sponsored session "Welcome to the Shift Show" from Amir Amitai, Director of Threat Research at Digital.ai. To give you a sneak peek at his upcoming session, as well as what Digital.ai can offer game devs at GDC 2022, we spoke with him for a Q&A that you can check out below.
Could you please introduce yourself and your role at Digital.ai?
I’m Amir, a 33 yo from Tel-Aviv, Israel. I "started" my career when I was a teenager, trying to bypass DRM and anti-cheats for fun and learning to reverse-engineer games at home. When it was my time to serve my mandatory military duty, the intelligence corps found my reverse-engineering skills appealing, and so I joined the 8200 Unit, aka SigInt, within the Israeli Defense Forces. With time, I have found myself turning slowly from the offensive side of cyber to the defensive side. Eventually I crossed paths with Digital.ai, I have gone back to doing what I love—but on the defensive side. I’m the Director of Threat Research at Digital.ai, and my responsibility is to research and develop new protection techniques to defend against modern attack tools, techniques, and processes. In a way, I am here to defend game companies against my teenage self!
What’s the most exciting thing Digital.ai is looking forward to presenting at GDC?
We want to raise awareness around the ways in which gaming companies can protect themselves against cheating, mods, and piracy. We’ll do this by showcasing modern security attacks and protections, and hopefully imparting how important the concept of “Shifting left” is to the development life cycle—meaning protecting games by incorporating security protections early in the development process (after coding but during the build and before testing). In this way, security measures become an integral part of the development process without requiring game developers to become security experts.
What cybersecurity skills can game devs and studios learn from a former hacker that they can’t learn anywhere else?
There are almost too many to list. I find malware and games very similar, they both use technologies that complicate things for a reverse engineer. My plan is to present a general overview of modern client-side security solutions and threats, and I will jam as many topics as I can in the allocated time.
What tools should game devs have at their disposal to combat cloning and copycat games?
I guess that it depends on the type of the game and the target platform. I think awareness comes before the tooling, because once you know your weak points, you could seek for the right solution for you. Sometimes you need to have protections for your protections: For example, certificate pinning is one way you could defend your app against man-in-the-middle attacks, or protocol analysis. But you don’t want to have your server’s certificate just laying around in the resources directory. You wouldn’t want to have it sitting plaintext in your binary either. Also, leaving your game vulnerable in one platform will probably disclose information about the other platforms.
What questions are you hoping to get from GDC attendees when they visit Digital.ai’s booth (P1856 and N2318) this year?
- Where should I start to look for an attack vector in a game?
- What would be the best means to defend against certain types of attacks?
- How is a defender point of view differing from an attacker?
- What are the security challenges in each platform?
- Is there a perfect solution?
- Does security hurt game performance?
- What is different in Digital.ai’s approach to security?
What’s one thing you do or enjoy that might surprise people about you?
I love to plan, find and invent new ways for me to cook without dirtying dishes or at least, keeping it to the bare minimum. I might even eat from the pot or grab an accessible wooden chopstick.
I have an Anime addiction, anytime I relapse I end up binging whole shows.
I find myself most productive in specific hours of the day: 9:00-11:00, 15:00-17:00, 21:00-03:00.
Head here for more information on Digital.ai and its services!
GDC 2022 will take place from March 21-25 at the Moscone Convention Center in San Francisco, California, with our virtual event happening March 21 to April 1. This year’s event will deliver the industry’s greatest source of content and connections—with plenty of exciting talks, sessions, and networking events. Register for GDC 2022 today!
GDC returns in-person to San Francisco, March 21-25—registration is open! For more information on GDC 2022, including our virtual options, be sure to visit our website and follow the #GDC22 hashtag on social media.
Subscribe to the GDC newsletter and get regular updates via Facebook, Twitter, LinkedIn, or RSS.