iPhone Source Code Was Leaked by Low-Level Apple Employee

[EdT]

These criminals need to be dealt with swiftly and aggressively. Jail is necessary because you don't want others thinking they can get away with it.

Jails are full of people who stole things knowing that no one would catch them. Most deterrence based crime prevention philosophies assume that the person doing the crime thinks he has a good chance of getting caught. As I'm sure this guys friends said to him "No one will find out".

And once caught once what little deterrence there was is lost as far as a second criminal act is concerned.

 

[Tech198]

"I knew one day that if those kids got it they'd be dumb enough to push it to GitHub"

- True words.

Any site that allows easy access to legit uses has the potential as well. If we agreed on that basis, no one would be sharing.

It may have been 'true words' but less of the reasons why

 

[doctor-don]

Really? Any iPad 2, 3, 4, iPad Mini 1, iPod Touch 5th Gen, etc. can't run anything above iOS 9. I imagine there are more of those devices still out there than you might think.

I know that where I work, people and departments still continue to hang on to quite a lot of these types of devices, despite efforts from IT to get them to trade up or give them up.

Does it matter what devices will run that code? How many of those people/owners could use it to do ANYTHING?
[doublepost=1518223761][/doublepost]

The funny thing is that his friends push him to do it and then they expose him.

No, thank you. I think I'll eat a Cuties mandarine instead.

 

[Stella]

I’d be interested in how they wrote the code and their coding style.

You could probably learn quite a lot!

 

[lowendlinux]

This was the bootloader, pretty sure that isn't Open Source on Android otherwise rooting wouldn't be such a big deal.

Yes the bootloader on Android is open source and that has absolutely nothing to do with rooting

 

[TheColtr]

It's been said before and it's a cliché but Tim Cook is no Steve Jobs. Not even close. I wonder how much respect he has within the ranks. I really doubt that employees respect him or admire him the way they did Steve. Steve ran a pretty tight ship and now info on every unreleased product is leaked way in advance and even hints in the damn OS code with icons and other crap. There's something really special about surprises. Under this management and climate, it's impossible for anyone to deliver a keynote launching a new product like when Steve showed the world the iPhone. People were truly caught by surprise. They knew a phone would be launched but that's where it ended.

Not to get into politics, but Apple should protect their information the way special counsel Mueller is not allowing anything from the investigation to leak. I want to be truly surprised when I see a keynote, not just have it confirm everything that has been known months in advance.

The public at large has their eye on Apple closer than ever. I think it would be fair to say that every year Apple is watched closer and closer. Is there things that could be done better? Probably, but at some point you have to trust employees because they are the ones that will make designing and building your hardware/software. And most of the leaks I would say, come from the suppliers who’s employees probably don’t care as much.
[doublepost=1518226791][/doublepost]

We don't know anything? Apple confirmed the source code was taken and distributed and the press has interviews with the 5 people he shared it with. They've done their due-diligence in confirming the guy was an intern.

We have the code, an employee who shouldn't of had access to it did and distributed it outside of Apple. Also this isn't the only code that was taken, other source code unrelated to iBoot has been distributed and doing the rounds since last year this is just the first piece to be put up on GitHub.

The security at Apple needs to be evaluated.

There’s a difference between “low level” employee, like a receptionist, and a “low level” software engineer. Maybe the employee was an software engineering intern, who was working with other employees on the source code. Just trying to make a distinction between what’s considered low level.

 

[jinnj]

Yikes. I wonder if he's going to be fired.

Fired? Wonder if he will be facing a lawsuit before the end of the day. When you work for most software companies you sign lots of documents that cover stuff like this. If he hope to have a job in tech he pretty much blew it. Not much can be done about the others, but blackballing the source of the leak is the norm.
[doublepost=1518229290][/doublepost]

My takeaway from this is that low-level Apple employees have access to very sensitive closed-source operating system code that could potentially be used by the FBI and other government institutions (not just American but abroad) to help them discover vulnerabilities that would undermine the security of our devices.

They really need to step up security if they haven't already done so because this is plainly ridiculous when weighed against Apple (and Tim Cook's) security rhetoric regarding the FBI and back-doors. The FBI won't need a backdoor if they can just bribe an intern to lift Apples firmware and signing keys covertly (Not that I'm suggesting the intern had access to Apple code signing certificates but it's within the realm of possibility considering what he did manage to ex-filtrate).

Really. He has access to the certs! I'll bet senior devs don't have access to it.

 

[Quu]

Really. He has access to the certs! I'll bet senior devs don't have access to it.

As I said in my original post that you quoted I am not suggesting he has access to the code signing certificates. But we shouldn't just assume he couldn't get to them some how. He did after-all leak the iBoot source code and other code, that's serious.

Combined with all the other security failings at Apple recently like being able to login to a Mac using any password this is just another in a long list of security failings recently when it comes to Apples software.

 

[Elian_Gonzalez]

The Apple internal community is really full of curious kids and teens. I knew one day that if those kids got it they'd be dumb enough to push it to GitHub."

Then it seems the internal community aren't "curious kids and teens" (such a cute phrase) but rather malfeasant actors who like stealing stuff.

You know, the average tech guy.

 

[elmaco]

Information wants to be free.

Now, can anybody tell me what OS Apple Airpods run?

 

[Karma*Police]

Yikes. I wonder if he's going to be fired.

He should be in jail if you ask me.

 

[femike]

I wouldn't be surprised if the FBI/NSA/CIA was involved in some way. If agencies like this cannot get the info they want from a company directly, there are many other ways to get secrets from foreign/domestic companies. Having a mole inside is very effective.

I wonder how much money the intern hoped to make or have already made. He could of sold it to his 'friends' and/or sold it to other interested parties that wouldn't of made it public. Anyway, there is much more to this story.

 

[supercoolmanchu]

Any site that allows easy access to legit uses has the potential as well. If we agreed on that basis, no one would be sharing.

It may have been 'true words' but less of the reasons why

What you are calling ‘sharing’ is a highly overrated life strategy.

Reciprocation is never usually fulfilled, and you end up with a net drain on resources with no net increase in production.

Best used as an exception for special people like close friends and family, and special occasions like birthdays and Xmas. Sharing too much just creates bad habits for those receiving, and encourages self destructive behavior by the sharer.

What so called ‘sharing’ has wrought...
1. Fired guy who posted iOS9 source code.
2. Fired guy who let his daughter post unreleased iPhone X on her social media.

 

[zorinlynx]

Somebody is going to prison for a long time. FBI is investigating.

Is prison really necessary? This guy has broken trust and likely won't be able to work for any large company again. Locking him in a cage is protecting us from what, exactly?

I think a large fine and the fact that he's going to have a very hard time supporting himself in his career of choice is punishment enough. We shouldn't be out for blood here.

 

[vcboard]

All kinds of people are working in Apple now. While not disrespecting those who are still doing great jobs at Apple, but sadly many good ones have left and new ones, sigh. Double down he said...

 

[JosephAW]

It's probably a fly trap to kill off jail breaking for future devices.

 

[supercoolmanchu]

Information wants to be free.

Now, can anybody tell me what OS Apple Airpods run?

That shallow canard is just a weak diversionary rational. Information is inert and has no feelings or ambitions.

AirPods, like many Apple accessories (mice, keyboards, trackpads, TV remotes) run their own special software/firmware.

 

[HallStevenson]

A "low level employee" has access to source code ? Not buying that....

 

[Swift]

"low level"?? jeez.. I wonder how many "high level" Apple execs would have known which way was top or bottom if handed a string of source code.

Not everybody has to know how to code. There's executives, designers, publicists, project managers, and cleaners and people overseeing the systems in running a large spaceship building. They all turn out Apple products, though.

 

[dogslobber]

Is prison really necessary? This guy has broken trust and likely won't be able to work for any large company again. Locking him in a cage is protecting us from what, exactly?

I think a large fine and the fact that he's going to have a very hard time supporting himself in his career of choice is punishment enough. We shouldn't be out for blood here.

He stole trade secrets from a Fortune 5 company which could wreck its business. Who does this individual think he is that he can just thieve intellectual property from said business? He is a criminal and should be prosecuted to the maximum extent of the law and thrown in prison where he belongs. Let it be a deterrent to others that source code isn't a commodity to be shared with your pals. It's a valuable trade secret.
[doublepost=1518238432][/doublepost]

A "low level employee" has access to source code ? Not buying that....

This is damage limitation from the corporate PR machine. You should always assume that stuff like this is lies as that's what PR depts do with their spin.
[doublepost=1518238543][/doublepost]

All kinds of people are working in Apple now. While not disrespecting those who are still doing great jobs at Apple, but sadly many good ones have left and new ones, sigh. Double down he said...

“Steve Jobs has a saying that A players hire A players; B players hire C
players; and C players hire D players. It doesn't take long to get to Z
players. This trickle-down effect causes bozo explosions in companies.”

 

[bollman]

I’ve got two words for him: You’re Fired.

With your math skill, I'm pretty sure you won't be superseding him.

 

[dogslobber]

It's been said before and it's a cliché but Tim Cook is no Steve Jobs. Not even close. I wonder how much respect he has within the ranks. I really doubt that employees respect him or admire him the way they did Steve. Steve ran a pretty tight ship and now info on every unreleased product is leaked way in advance and even hints in the damn OS code with icons and other crap. There's something really special about surprises. Under this management and climate, it's impossible for anyone to deliver a keynote launching a new product like when Steve showed the world the iPhone. People were truly caught by surprise. They knew a phone would be launched but that's where it ended.

Steve ruled by fear and respect. You knew if you fcked up with Steve that you would get absolutely slaughtered for it. That causes employees to work 110% and really not get complacent. There is nobody who can crack the whip like Steve. I mean, could you imagine Tim Cook screaming his head off at an employee? You possibly could, but it would be funny. He's not Steve. Nobody is.
[doublepost=1518238939][/doublepost]

I’d be interested in how they wrote the code and their coding style.

You could probably learn quite a lot!

Go check out Darwin source to understand their code and style. It's uniform across their organization.

 

[pika2000]

The funny thing is that his friends push him to do it and then they expose him.

More often than not, most leaks and breaches use social engineering, not actual hacking. Both the strongest and weakest links on any businesses are the human resources.

 

[cmaier]

Is prison really necessary? This guy has broken trust and likely won't be able to work for any large company again. Locking him in a cage is protecting us from what, exactly?

I think a large fine and the fact that he's going to have a very hard time supporting himself in his career of choice is punishment enough. We shouldn't be out for blood here.

Locking him or her up might deter the next one.

 

[latweek]

the whole backstory smells like fiction..and not very good fiction.