Apple Intern Reportedly Leaked iPhone Source Code (theverge.com) 153
Earlier this week, a portion of iOS source code was posted online to GitHub, and in an interesting twist, a new report from Motherboard reveals that the code was originally leaked by a former Apple intern. The Verge reports: According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak. The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year. Eventually, the code was then posted in a Discord chat group, and was shared to Reddit roughly four months ago (although that post was apparently removed by a moderation bot automatically). But then, it was posted again to GitHub this week, which is when things snowballed to where they are now, with Apple ordering GitHub to remove the code.
Secrets (Score:4, Funny)
The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.
5 people can keep a secret, if 4 of them are dead.
Re: (Score:1)
If 5 of them are dead and they didn't use Windows to talk about it.
Re: (Score:1)
The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.
5 people can keep a secret, if 4 of them are dead.
There's an old saying in Security that the probability of a leak increases with the square of the number of people who know the secret. Going in with an expectation of "I'll share with just my five friends" is optimistic and naive that the secret won't get out.
Re: (Score:2)
You always have to ask yourself: if I cannot keep this to myself and feel this overwhelming desire to share it with just a few friends, are those friends more likely or less likely than me to keep it to themselves? Realistically, the answer is always "less likely", no matter how much you trust them. It's just basic maths, really.
Re: (Score:1)
We all take our 'careers' so seriously. The HR representatives are positively gleaming about our enthusiasm.
You, too, can have a secure future! Just sign right here!
Re: (Score:1)
It will be a warning to the next Thief.
Re:Why bother, Apple? (Score:5, Insightful)
Are you fucking kidding me?
Let's say you're an artist that makes a popular webcomic. Someone got ahold of the entire corpus of years of your work, and posted it on their own site, making it available for anyone who wants it (regardless of whether they try to monetize it themselves).
So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"
Fucking NOPE. Apple has invested billions in research and development in their source code.
I'm not sure who taught you to believe that you're entitled to other peoples' work for free without their consent, but where I come from that's called SLAVERY, you stupid fuck.
Apple is completely within their rights to pursue this as far as necessary, and to sue anyone who's been a part of it for everything they're worth, and have them locked up for YEARS.
That wasn't a "cute little mistake". IANAL but I will be shocked if this can't be prosecuted under corporate espionage laws.
This kind of bullshit enrages me (could you tell?), and no, you're not part of some "empowered" culture when you fucking steal from others. I hope they throw the book at this piece of shit.
Re: (Score:2, Insightful)
That school is thought is all well and good (and I actually support the idea), but it's ONLY appropriate if the work is donated voluntarily, as is the case with open source projects.
Taking the work of others without consent is unacceptable.
Re: (Score:3)
Re: (Score:1)
I'm pretty sure the source code for an Operating System is of sufficient length to be safely considered proprietary information (copyrighted or not).
Until then all IP is up for grabs.
Try making this argument in a courtroom without getting laughed out of the building.
Re: (Score:3)
Re: (Score:2)
I think the point is, the code is out there. Apple can't get it back.
The hackers that care will get a hold of it, one way or another, and Apple can't do much about it. Especially outside of the United States.
Hell, the hackers that care almost certainly *already* have the code.
Re: (Score:2)
So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"
Can you stop mass market distribution? Yes. Can you stop underground distribution in iPhone cracking circles? Hell no. This is mostly a show to act like they're taking it seriously and law enforcement is cracking down on it and whatever but... nope. It's still security theater, it's not going to protect against any of the actual threads.
Re: Why bother, Apple? (Score:2)
Stopping mass market distribution has a meaningful amount of value. People/organizations do things with full knowledge it won't eliminate a problem, but will reduce it. Besides, I contend that a takedown to GitHub has increased the publicity any meaningful amount. The story was that it was available for a short period of time smack dab in GitHub. The whole horses having left the barn metaphor breaks down .. some horses are still in there, might leave tomorrow, it's an easy action to take, so it's reasonable
Re: (Score:1)
That was the longest verbal masturbation I've ever been witness to.
Clearly, you think you're amazing. Also, you apparently think stealing is okay.
Making copies of a work *without* permission of the owner is a crime. Unless you REALLY feel that way, in which case I'll just help myself to copies of your social security card, birth certificate, credit card number, and other tidbits. After all, it's not REALLY stealing if it's just a copy of your information right? And if I sell those copies to someone else and
Re: (Score:1)
You're right. This is apple.slashdot.org and the sponsors of this sub-slashdot are really fucking mad.
How dare somebody disobey the Apple.
Re:Why bother, Apple? (Score:5, Insightful)
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.
And its value doesn't even need to be objective or monetary... it only needs to be valuable to the person who had lawful jurisdiction over whatever was stolen.
Consider copyright, for example, which is supposed to entail the exclusive right to control who may make copies of a work. Exclusive, by definition means that nobody else is doing it, so when someone makes an unauthorized copy, they are actually depriving the copyright holders of some measure of their exclusivity of control on the copying of that work. Whether one thinks that copyright holders should not have this amount of control is irrelevant.. it is the entire point of copyright, and because copyright is protected by law, the copyright holder is recognized as the lawful possessor of the exclusivity it entails. Once infringed, the copyright holder's exclusivity is dilluted, and is never as strong as it was before.
Re: (Score:3)
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
If you steal electricity a power plant has to make more, it's consumed just like the water from the tap. How is that not a physical, tangible resource? While the signal in a cable loop is passing through anyway, you're only listening in like turning on your radio. Unauthorized use of bandwidth is displacing other people's traffic, though I think this is more like identity theft / fraud where you trick an ISP into making virtual deliveries instead of physical deliveries from Amazon.
A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.
I think you've confused "s
Re: (Score:2)
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
Many years ago, in Germany they had the very first case of someone stealing electricity. At a time ages ago when not everybody had electricity supplied to their home, someone connected their home to their neighbour's supply. Got caught, and it turned out it was not illegal to any of the laws in place at the time.
They created a new law.
There was also in the 1970's a first case of computer fraud. It turned out that with fraud, you needed to convince _a human_ of something that isn't true. The person _al
Re: (Score:2)
Re: (Score:2)
So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?
Perhaps a better analogy is your bank account details. If I copied your bank account details you would probably quite reasonably use the term 'stolen' (even if that's not strictly the correct word based on a particular dictionary definition) even though it hasn't caused you any harm nor have you been deprived of anything. Of course if I were to then sell/give a copy of those details to some nefarious party who then transferred your money somewhere then you would quite rightly hold me significantly accountab
Re: (Score:2)
Re: (Score:3)
If you take something from someone else, that's stealing. Copyright infringement amounts to the taking of some of the exclusivity that the copyright holder otherwise had to control over who can make copies of the work, so the infringer is stealing that from the copyright holder. Full stop.
Now you can argue that one has no compunction against stealing when it might serve what they could argue is some greater and more important good, and suggest that there is no moral dilemma involved with theft in such
Re: (Score:2)
To precisely the same degree that copyriright infringement is, which I would argue is the case.
The thing is, I've never alleged that that in the case of copyright infringement, the work itself is being stolen. It's clearly not,. because the original still exists, and looking at the situation as if the copyrighted work is the only thing of value that exists in the scenario can easily mislead a person to believe that copyright infringement and theft
Re: (Score:1)
WTF, has Slashdot be overtaken by a big herd of fucking Eagle Scouts now?
Apple has rolled out a brigade of defenders, that is for certain.
Re: (Score:2)
Re: Why bother, Apple? (Score:2)
Re: Why bother, Apple? (Score:2)
Re: (Score:1)
Re: Why bother, Apple? (Score:2)
Blow my mind (Score:5, Funny)
Hmm. It's almost as if when a company asks to to sign a confidentiality agreement, they fuckin mean it, and for good reason.
Re: (Score:3)
Re: (Score:2)
Security? (Score:1, Troll)
I guess they'll have to think of an alternative to security by obscurity.
Hopefully there are no glaring security holes revealed in the code.
Re: Security? (Score:2)
Re: (Score:2)
You mean like installing apps from the playstore that have malware hidden in them?
Re: (Score:1)
Yes, like installing apps from Apple's iOS app store that have malware hidden in them.
It gets around and it goes around.
Re: (Score:2)
It's Apple code. It will be bulletproof, Like an apple.
I really have no idea how secure Apple code is, (Z-80 forever!) but this is funny.
Re: (Score:3)
Re: (Score:2)
I guess they'll have to think of an alternative to security by obscurity.
Hopefully there are no glaring security holes revealed in the code.
What you want is security in depth. Multiple layers of obstacles to get around. Obscurity is a perfectly fine first layer of defence.
:-)
And what do you mean "no glaring security holes"? I rather hope that ther are _no_ security holes, glaring or almost perfectly hidden. Perfectly hidden is fine, because it's perfectly hidden
Name.. (Score:1)
Name the intern so other companies can know who NOT to hire.
You want to have a position that involves trust, then live up to it. Break that trust and live with those results too.
Re: (Score:2)
san quentin
Android too! (Score:2)
There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]
Re: (Score:2)
There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]
Who is this mysterious elite hacker "GPL", anyway? I wonder if ESR or RMS might know?
Re: (Score:2)
Let us know when the Actual "Android" that runs (including Google Play Services) is available.
Anything else looks like grandstanding by a Google employee.
Which it is.
Re: (Score:2)
Let us know when the Actual "Android" that runs (including Google Play Services) is available.
Google Play Services is not part of Android.
The skies will darken with Apple lawyers (Score:2)
Assuming this stays out of criminal court, this kid's salary will be garnished for a lifetime as he tries to pay back the judgement against him.
Re: (Score:2)
Sure, but his friends must have thought he was pretty awesome. It was worth it.
Re: (Score:1)
Clearly they should reduce him to a grease spot on the pavement somewhere so that people brandishing their iGadgets can urinate on said grease spot and hiss.
What has happened to Slashdot? Stealing code isn't 'cool' but a leak like this is interesting and nerds should be scrambling to get a peek at it.
Also, S. Jobs' edict about 'stealing' should apply. Except Jobs is dead and Apple has become so 'big' that the original company is a fossil, and the people who control it now have made it a big fucking hard t
This is why we can't have nice things (Score:5, Insightful)
Re: (Score:3)
Future interns will have to sign away even more of their rights
What rights are they signing away now? The right to steal company IP and distribute it on the internet?
Re: (Score:2)
Re:This is why we can't have nice things (Score:4, Informative)
Im not sure what you are saying. Interns have always been treated like that, plus overworked and yet still paid like crap. In fact I'm pretty sure if your intern experience isn't 'ruined' you were never doing it right to begin with. Though if you really want a ruinous experience you should try engineering college business outreach programs. It's like being an intern, but without the prestige and dignity.
In my personal experience as an intern and as a mentor, I've never seen interns treated like that. The point of employing interns is to have extended hands-on job interviews with them and then hire the best of the bunch. As part of that process, we treat the interns well in terms of pay, gifts, hours, and access to technology, information, and people because we want the good ones to want to join us later.
Re: (Score:2)
Re: (Score:2)
Would you mind telling me where you are from? I'm from the Midwest USA and can tell you as someone who did an internship and had some friends who did as well it was all pretty bad. Then I got into industry around here and saw some seriously negligent, in many cases outright abuse of interns. This was at three unrelated companies, out of maybe 10 or so I was dealing with over a period of a few years. Same goes for grad students. One CS grad student I worked with had to wash and wax his advisors car to be sure he would pass his defense like it was some kind of karate kid parody made real.
I have worked in the telecommunications, computing, storage, and graphics industries in the northeast and California. I should mention that the internships that I've had personal experience with were all in corporate research organizations. For the most part, these interns are paid like new college graduates for about three months, including full health and other benefits. We really were trying to impress the interns, along with giving them an opportunity to impress us. Of course, I've had the good fort
Re: (Score:2)
Re: This is why we can't have nice things (Score:2)
Re:This is why we can't have nice things (Score:5, Interesting)
I think you're understating the seriousness. I think companies everywhere are re-evaluating their interns. After all, Apple is well known to have security down pat - defense in depth, layered security, and that's just the physical side (you have secure rooms within secure rooms...).
And Apple had a breach. Every company is probably looking over their security and their interns because if it happened at Apple, there's no telling it couldn't happen to them. Even worse, if you interned at Apple, you may find yourself at the end of the distrust stick - if you leaked out Apple's stuff, who's to say you won't leak out our stuff?
Heck, if Apple finds out which intern did it, they're pretty much out of the tech industry. No company will want to touch someone who deliberately leaks their company's secrets. Get branded as someone who violates NDA, become an untouchable. And Apple doesn't even need to press heavy charges - given the age of the code, the damage will likely be minimal, so even if Apple asked for a token $1, the fact that the person violated NDAs is the far greater punishment.
Why interns? (Score:1)
Yes, it was an intern in this case, but in reality it could have just as easily been a permanent FTE, a contractor, or whomever with an agenda.
Re: (Score:2)
Re: (Score:2)
Probably true, and probably still exists.
After all, the goal of this is not that the developer should leak code out, it's so code can be shared. If you're working on some project and you need an asset used by something else, having full access means you can jus
Re: (Score:2)
Re: This is why we can't have nice things (Score:2)
Re: (Score:2)
Or, they could go and do something useful with their life, instead of working for Apple.
Re: (Score:2)
Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner
You mean that they'll be treated like regular interns now?
Intern? (Score:1)
Maybe hire a more experienced software engineer next time.
Poor Intern (Score:4, Funny)
He was just told to 'go make some copies' without further instructions, and proceeded to copy some random files onto a public-facing website. Not his fault he didn't understand.
Worse than rape (Score:2)
If this guy gets caught, the punishment he gets will make him wish he was "just" a rapist.
Apple Should Post the Intern's Name... (Score:1)