Jailbreak hacker uncovers stolen open-source code in voice.ai

  • Published
  • Posted in Tech News
  • 4 mins read

Header image for voiceai piece

It’s official – AI is now the wild west. While tech giants like Microsoft and Google engage in all-out warfare, leveraging their global cloud datacenters in a race for AI supremacy, the little guy is on the frontlines fighting for relevancy. One of those companies is voice.ai who offer a synthesizer meant to change your voice in real-time.

According to @ronsoros, known for the jail-breaking tool ra1nstorm, they’re taking shortcuts to get to the top in the audio AI game. According to him, Voice.ai has been found to have violated the terms of the GPLv3 and LGPLv2.1 licenses in its software. In short, they’ve been packaging the open-source libraries that enable the software without adhering to their terms of service. These licenses, commonly used in the open-source community, govern the use and distribution of open-source software, and it is important that all parties using these licenses abide by their terms. Below is a screenshot showing some of his research where he compares decompiled code from the project.

Screenshot showing a comparison of code with stolen code and without

After an extensive investigation into an installation of Voice.ai, it was found that the company had integrated code from Praat, a widely-used open-source speech analysis software, and libgcrypt, a cryptographic library, in its proprietary software without releasing the source code of its software or providing proper attribution. In short, it’s common for software to rely of open-source projects, but those projects are kept separate from the main project and proper attribution is offered through a readme file or in a dialog window in the main application.

Here is an excerpt from voice.ai’s license agreement:

We retain all right, title and ownership to the Beta product. You agree the Beta Product is for personal use only. You may not sell, transfer, assign, pledge or in any way encumber or convey the Beta product or any portion or component thereof to any third party or use it in any manner to produce, market or support your own products. You shall not copy, sell or market Beta product to any third party; or modify, reuse, disassemble, decompile, reverse engineer or otherwise translate the beta product or any portion thereof

This is in stark contrast to the GPLv3, which says the following:

When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work’s users, your or third parties’ legal rights to forbid circumvention of technological measures.

In his blog, undeleted, @ronsoros details the steps that were taken to uncover the violations. The GPLv3 and LGPLv2.1 licenses are designed to ensure that open-source software remains free and accessible to everyone, and it is essential that companies using software like this adhere to the terms of the licenses. Misuse of open-source software can threaten the integrity of the open-source community and undermines the principles that make open-source software so valuable.

This is where things take a turn for the worse. @ronsoros reached out to the company to let them know they were in violation of two opensource licenses and was promptly booted from the community’s Discord server.

In conclusion, the investigation conducted by @ronsoros into voice.ai’s alleged misuse of open-source licenses serves as a warning to the tech industry about the importance of respecting open-source licenses. Companies must be diligent in their use of open-source software, ensuring that they adhere to the terms of the licenses and do not abuse the trust of the open-source community. The open-source community must remain vigilant in protecting the integrity of open-source software.

Source: undeleted

News Article Courtesy Of Dean Howell »