Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Quu

macrumors 68040
Apr 2, 2007
3,419
6,789
My takeaway from this is that low-level Apple employees have access to very sensitive closed-source operating system code that could potentially be used by the FBI and other government institutions (not just American but abroad) to help them discover vulnerabilities that would undermine the security of our devices.

They really need to step up security if they haven't already done so because this is plainly ridiculous when weighed against Apple (and Tim Cook's) security rhetoric regarding the FBI and back-doors. The FBI won't need a backdoor if they can just bribe an intern to lift Apples firmware and signing keys covertly (Not that I'm suggesting the intern had access to Apple code signing certificates but it's within the realm of possibility considering what he did manage to ex-filtrate).
 
  • Like
Reactions: Marekul

Tech198

Cancelled
Mar 21, 2011
15,915
2,151
wow... trust with Apple .. *fingers in the ears*

You would have thought at a low level, who know about just about the entire workings would be the "most secretive" not the "less secretive"

It doesn't work that way.. or it shouldn't work that way
 
  • Like
Reactions: pratikindia

killawat

macrumors 68000
Sep 11, 2014
1,947
3,581
this guy wanted to be part of the scene but didn’t go full anon for a rls of this magnitude?
 

nt5672

macrumors 68040
Jun 30, 2007
3,288
6,937
Midwest USA
These criminals need to be dealt with swiftly and aggressively. Jail is necessary because you don't want others thinking they can get away with it.

The sad thing is that people that are good at what they do would never think to steal from their employer. This just proves that Apple is hiring the bottom of the barrel and is suffering for it not only in code quality, but also directly like this. While the thief should definitly be punished, Apple should also be looking at their hiring practices.
 
  • Like
Reactions: pratikindia

Baymowe335

Suspended
Oct 6, 2017
6,640
12,451
The sad thing is that people that are good at what they do would never think to steal from their employer. This just proves that Apple is hiring the bottom of the barrel and is suffering for it not only in code quality, but also directly like this. While the thief should definitly be punished, Apple should also be looking at their hiring practices.
I don't think a one off incident really proves anything other than it's a one off. He was probably pretty young and stupid...and it got out of hand. They said it was thought he could keep it private to just help jailbreak. Obviously, a stupid decision, but he probably wasn't purposely trying to screw Apple.

He'll be dealt with.
 

Tech198

Cancelled
Mar 21, 2011
15,915
2,151
These criminals need to be dealt with swiftly and aggressively. Jail is necessary because you don't want others thinking they can get away with it.

Its seems strange that when we refer to a company such a "higher level of privacy" we automatically think hasher punishments compared to those of equal rights outside. but still have "privacy" rights

I always found that bit interesting, but still doesn't change the view.
 
  • Like
Reactions: rafark

lec0rsaire

macrumors 68000
Feb 23, 2017
1,525
1,450
What a scumbag. There's really no other word to describe someone who would do this. You're given an opportunity to work for one of the best companies in the industry or the world for that matter and you betray them in the worst way possible. This isn't a careless employee leaving an iPhone 4 prototype at a bar. Malicious intent or not, this is a criminal act and I hope this guy is prosecuted to the fullest extent of the law.

It's one thing when jailbreakers find exploits on their own through countless hours of hard work and another thing when an employee violates the trust given to him by his employer. Thankfully the impact of this is limited and the security of most users won't be compromised but Apple will have to be a lot more careful with the people they hire from now on and what they're able to leave the premises with.
 
Last edited:

Naaaaak

macrumors 6502a
Mar 26, 2010
637
2,068
Luckily, low-level jobs are easy to come by.
If that were the case, how come a company with hundreds of billions in cash can't hire a thousand testers for iOS and macOS and stop shipping crapOS for both?

Apple seems to have a problem attracting people, even low-level, and a problem with retention.
 

iReality85

macrumors 65816
Apr 29, 2008
1,107
2,380
Upstate NY
Example of a Resume Enhancing Item:

- Worked for Fortune 5 company.


Not an Example of a Resume Enhancing Item:

- Stole source code of smartphone software.


*cumulative effect worse if presented together on the same resume.
 
  • Like
Reactions: gixxerfool

lec0rsaire

macrumors 68000
Feb 23, 2017
1,525
1,450
It's been said before and it's a cliché but Tim Cook is no Steve Jobs. Not even close. I wonder how much respect he has within the ranks. I really doubt that employees respect him or admire him the way they did Steve. Steve ran a pretty tight ship and now info on every unreleased product is leaked way in advance and even hints in the damn OS code with icons and other crap. There's something really special about surprises. Under this management and climate, it's impossible for anyone to deliver a keynote launching a new product like when Steve showed the world the iPhone. People were truly caught by surprise. They knew a phone would be launched but that's where it ended.

Not to get into politics, but Apple should protect their information the way special counsel Mueller is not allowing anything from the investigation to leak. I want to be truly surprised when I see a keynote, not just have it confirm everything that has been known months in advance.
 

JetLaw

Cancelled
Jan 21, 2009
246
750
“The employee did not steal the code with mal intent.”

Ummm...what exactly does the author think it means to intentionally steal something?
 
  • Like
Reactions: loby

Dysnomia

macrumors member
Jun 3, 2015
33
21
Please note humans of the United States of America, that when the government gets its highly sought backdoor to the iPhone, it will *never* get out :/
 

deanthedev

Suspended
Sep 29, 2017
1,287
2,406
Vancouver
My takeaway from this is that low-level Apple employees have access to very sensitive closed-source operating system code that could potentially be used by the FBI and other government institutions (not just American but abroad) to help them discover vulnerabilities that would undermine the security of our devices.

They really need to step up security if they haven't already done so because this is plainly ridiculous when weighed against Apple (and Tim Cook's) security rhetoric regarding the FBI and back-doors. The FBI won't need a backdoor if they can just bribe an intern to lift Apples firmware and signing keys covertly (Not that I'm suggesting the intern had access to Apple code signing certificates but it's within the realm of possibility considering what he did manage to ex-filtrate).

That's not how things work in software development, especially on something as complex as an OS. The source code isn't just stored on a drive/directory somewhere where employees can freely access it. The final source code would be under very tight control with access limited to a select few engineers.

Let's say a low-level engineer(s) were tasked with fixing a few bugs in the UI. Once they've made the changes to the source code they're not going to be allowed to just go ahead and edit the master source code files. Their work is going to be checked over by other engineers and if it's determined to be OK then, and only then, would those code fixes be applied to the master source code.

I'm not sure of the exact procedures at Apple, but it would be something similar to this.

What's more likely is this low-level employee could have had read-only access to limited portions of iOS for some as-yet unknown reason. Perhaps Apple was hiring people to work on iOS development, and assigned some basic tasks to this employee to gauge their abilities. Hence access to some source code.

Regardless, the idea that some employee could randomly access critical source code whenever they wanted is beyond asinine.
 
  • Like
Reactions: jinnj

bearcatrp

macrumors 68000
Sep 24, 2008
1,728
67
Boon Docks USA
Glad I sold my iPhone even though it’s an older code. Bad enough iOS 11 nuked millions of iPhones and apples so called fix was for you to pay for the fix. Apple should have fixed iOS 11. But no biggy. I purchased the new blackberry motion. Walks all over iPhone!
 
  • Like
Reactions: loveandhavefun

Quu

macrumors 68040
Apr 2, 2007
3,419
6,789
That's not how things work in software development, especially on something as complex as an OS. The source code isn't just stored on a drive/directory somewhere where employees can freely access it. The final source code would be under very tight control with access limited to a select few engineers.

Let's say a low-level engineer(s) were tasked with fixing a few bugs in the UI. Once they've made the changes to the source code they're not going to be allowed to just go ahead and edit the master source code files. Their work is going to be checked over by other engineers and if it's determined to be OK then, and only then, would those code fixes be applied to the master source code.

I'm not sure of the exact procedures at Apple, but it would be something similar to this.

What's more likely is this low-level employee could have had read-only access to limited portions of iOS for some as-yet unknown reason. Perhaps Apple was hiring people to work on iOS development, and assigned some basic tasks to this employee to gauge their abilities. Hence access to some source code.

Regardless, the idea that some employee could randomly access critical source code whenever they wanted is beyond asinine.

Firstly I work in software development for a very large company so don't talk down to me about how things work in software development.

And if you actually read my post properly you would see that I not once said he would be editing any source code. I said he would be ex-filtrating code outside of Apple to third parties. I never once made it sound like he would be able to put backdoors into Apples code for anyone. My entire angle was, he had access he never should have had to take source code and distribute it outside of Apple.

The guy was an intern for goodness sake, you don't give interns boot code access. It's ridiculous.
 

coolfactor

macrumors 604
Jul 29, 2002
6,993
9,587
Vancouver, BC
Sad. He had an opportunity and position that many people would kill for — to work at Apple — and he abused his position, violated the trust of his colleagues and management, and basically cemented his reputation as untrusting. What company will hire him now? He'll need to work for himself going forward.
 
  • Like
Reactions: jinnj

deanthedev

Suspended
Sep 29, 2017
1,287
2,406
Vancouver
Firstly I work in software development for a very large company so don't talk down to me about how things work in software development.

And if you actually read my post properly you would see that I not once said he would be editing any source code. I said he would be ex-filtrating code outside of Apple to third parties. I never once made it sound like he would be able to put backdoors into Apples code for anyone. My entire angle was, he had access he never should have had to take source code and distribute it outside of Apple.

The guy was an intern for goodness sake, you don't give interns boot code access. It's ridiculous.

You stated:

"My takeaway from this is that low-level Apple employees have access to very sensitive closed-source operating system code"

That's quite a stretch. We don't really know anything about what happened outside of rumors. But to suggest that multiple low-level employees (you used the plural) are getting access to "very sensitive" iOS source code is ridiculous, especially coming from a developer.
 

Quu

macrumors 68040
Apr 2, 2007
3,419
6,789
You stated:

"My takeaway from this is that low-level Apple employees have access to very sensitive closed-source operating system code"

That's quite a stretch. We don't really know anything about what happened outside of rumors. But to suggest that multiple low-level employees (you used the plural) are getting access to "very sensitive" iOS source code is ridiculous, especially coming from a developer.

We don't know anything? Apple confirmed the source code was taken and distributed and the press has interviews with the 5 people he shared it with. They've done their due-diligence in confirming the guy was an intern.

We have the code, an employee who shouldn't of had access to it did and distributed it outside of Apple. Also this isn't the only code that was taken, other source code unrelated to iBoot has been distributed and doing the rounds since last year this is just the first piece to be put up on GitHub.

The security at Apple needs to be evaluated.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.