Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
IOS Businesses Iphone The Internet Apple

Apple Intern Reportedly Leaked iPhone Source Code (theverge.com) 153

Earlier this week, a portion of iOS source code was posted online to GitHub, and in an interesting twist, a new report from Motherboard reveals that the code was originally leaked by a former Apple intern. The Verge reports: According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak. The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year. Eventually, the code was then posted in a Discord chat group, and was shared to Reddit roughly four months ago (although that post was apparently removed by a moderation bot automatically). But then, it was posted again to GitHub this week, which is when things snowballed to where they are now, with Apple ordering GitHub to remove the code.
This discussion has been archived. No new comments can be posted.

Apple Intern Reportedly Leaked iPhone Source Code

Comments Filter:
  • Secrets (Score:4, Funny)

    by Anonymous Coward on Friday February 09, 2018 @05:07PM (#56097557)

    The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.

    5 people can keep a secret, if 4 of them are dead.

    • by Anonymous Coward

      The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.

      5 people can keep a secret, if 4 of them are dead.

      There's an old saying in Security that the probability of a leak increases with the square of the number of people who know the secret. Going in with an expectation of "I'll share with just my five friends" is optimistic and naive that the secret won't get out.

      • You always have to ask yourself: if I cannot keep this to myself and feel this overwhelming desire to share it with just a few friends, are those friends more likely or less likely than me to keep it to themselves? Realistically, the answer is always "less likely", no matter how much you trust them. It's just basic maths, really.

  • by PCM2 ( 4486 ) on Friday February 09, 2018 @05:15PM (#56097593) Homepage

    Hmm. It's almost as if when a company asks to to sign a confidentiality agreement, they fuckin mean it, and for good reason.

  • Security? (Score:1, Troll)

    by mspohr ( 589790 )

    I guess they'll have to think of an alternative to security by obscurity.
    Hopefully there are no glaring security holes revealed in the code.

    • by mark-t ( 151149 )
      According to Apple on this matter, "the security of our products does not depend on the secrecy of our source code".
    • I guess they'll have to think of an alternative to security by obscurity.
      Hopefully there are no glaring security holes revealed in the code.

      What you want is security in depth. Multiple layers of obstacles to get around. Obscurity is a perfectly fine first layer of defence.

      And what do you mean "no glaring security holes"? I rather hope that ther are _no_ security holes, glaring or almost perfectly hidden. Perfectly hidden is fine, because it's perfectly hidden :-)

  • by Anonymous Coward

    Name the intern so other companies can know who NOT to hire.

    You want to have a position that involves trust, then live up to it. Break that trust and live with those results too.

  • There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]

    • There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]

      Who is this mysterious elite hacker "GPL", anyway? I wonder if ESR or RMS might know?

    • Let us know when the Actual "Android" that runs (including Google Play Services) is available.

      Anything else looks like grandstanding by a Google employee.

      Which it is.

      • Let us know when the Actual "Android" that runs (including Google Play Services) is available.

        Google Play Services is not part of Android.

  • Assuming this stays out of criminal court, this kid's salary will be garnished for a lifetime as he tries to pay back the judgement against him.

  • by TexasDiaz ( 4256139 ) on Friday February 09, 2018 @06:02PM (#56097887)
    And now this intern has ruined life for all other interns in the company - past, present, and future. I'm sure all of the current interns have gotten a "leak like this guy and we'll ruin you" speech by now, and I bet web crawlers are already trained on past employees and interns looking for a hint of anything similar. Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner while they're working. Thanks, asshole, for ruining the intern experience for everyone.
    • Future interns will have to sign away even more of their rights

      What rights are they signing away now? The right to steal company IP and distribute it on the internet?

    • Im not sure what you are saying. Interns have always been treated like that, plus overworked and yet still paid like crap. In fact I'm pretty sure if your intern experience isn't 'ruined' you were never doing it right to begin with. Though if you really want a ruinous experience you should try engineering college business outreach programs. It's like being an intern, but without the prestige and dignity.
      • by larryjoe ( 135075 ) on Friday February 09, 2018 @06:39PM (#56098067)

        Im not sure what you are saying. Interns have always been treated like that, plus overworked and yet still paid like crap. In fact I'm pretty sure if your intern experience isn't 'ruined' you were never doing it right to begin with. Though if you really want a ruinous experience you should try engineering college business outreach programs. It's like being an intern, but without the prestige and dignity.

        In my personal experience as an intern and as a mentor, I've never seen interns treated like that. The point of employing interns is to have extended hands-on job interviews with them and then hire the best of the bunch. As part of that process, we treat the interns well in terms of pay, gifts, hours, and access to technology, information, and people because we want the good ones to want to join us later.

        • Would you mind telling me where you are from? I'm from the Midwest USA and can tell you as someone who did an internship and had some friends who did as well it was all pretty bad. Then I got into industry around here and saw some seriously negligent, in many cases outright abuse of interns. This was at three unrelated companies, out of maybe 10 or so I was dealing with over a period of a few years. Same goes for grad students. One CS grad student I worked with had to wash and wax his advisors car to
          • Would you mind telling me where you are from? I'm from the Midwest USA and can tell you as someone who did an internship and had some friends who did as well it was all pretty bad. Then I got into industry around here and saw some seriously negligent, in many cases outright abuse of interns. This was at three unrelated companies, out of maybe 10 or so I was dealing with over a period of a few years. Same goes for grad students. One CS grad student I worked with had to wash and wax his advisors car to be sure he would pass his defense like it was some kind of karate kid parody made real.

            I have worked in the telecommunications, computing, storage, and graphics industries in the northeast and California. I should mention that the internships that I've had personal experience with were all in corporate research organizations. For the most part, these interns are paid like new college graduates for about three months, including full health and other benefits. We really were trying to impress the interns, along with giving them an opportunity to impress us. Of course, I've had the good fort

            • Thanks for the reply and I'm glad to hear you have worked for some fair employers and appreciate you like to treat people well. I've seen whole product lines designed and marketed mostly by interns, they really deserve respect when they work hard. Unfortunately I've worked in a few, even one where an argument between a sales guy and the manager in the back meeting room wound up with the manager thrown through the wall right into the sales floor. Needless to say if the cops show up, you may be working in a
        • At my first job, I worked at a place where the boss man wanted a person doing work experience for a few weeks (basically doing network grunt work for free) fired because she was playing Minesweeper on her lunch break. The company isn't a storefront business, any visitors are just delivery people and suppliers. It's really no fucking big deal. That was when my tone went from a scared, reserved one to, "are you shitting me?" tone and reminding him she's not paid. I didn't of course let her go, and over tim
    • by tlhIngan ( 30335 ) <slashdot@worf . n et> on Friday February 09, 2018 @06:21PM (#56097967)

      And now this intern has ruined life for all other interns in the company - past, present, and future. I'm sure all of the current interns have gotten a "leak like this guy and we'll ruin you" speech by now, and I bet web crawlers are already trained on past employees and interns looking for a hint of anything similar. Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner while they're working. Thanks, asshole, for ruining the intern experience for everyone.

      I think you're understating the seriousness. I think companies everywhere are re-evaluating their interns. After all, Apple is well known to have security down pat - defense in depth, layered security, and that's just the physical side (you have secure rooms within secure rooms...).

      And Apple had a breach. Every company is probably looking over their security and their interns because if it happened at Apple, there's no telling it couldn't happen to them. Even worse, if you interned at Apple, you may find yourself at the end of the distrust stick - if you leaked out Apple's stuff, who's to say you won't leak out our stuff?

      Heck, if Apple finds out which intern did it, they're pretty much out of the tech industry. No company will want to touch someone who deliberately leaks their company's secrets. Get branded as someone who violates NDA, become an untouchable. And Apple doesn't even need to press heavy charges - given the age of the code, the damage will likely be minimal, so even if Apple asked for a token $1, the fact that the person violated NDAs is the far greater punishment.

      • Yes, it was an intern in this case, but in reality it could have just as easily been a permanent FTE, a contractor, or whomever with an agenda.

      • For what it’s worth, Apple has had a policy where any developer has access to nearly all of the source code for their non-secret projects. I don’t know if that is true to this day, but it was definitely true as of a couple years ago.
        • by tlhIngan ( 30335 )

          For what itâ(TM)s worth, Apple has had a policy where any developer has access to nearly all of the source code for their non-secret projects. I donâ(TM)t know if that is true to this day, but it was definitely true as of a couple years ago.

          Probably true, and probably still exists.

          After all, the goal of this is not that the developer should leak code out, it's so code can be shared. If you're working on some project and you need an asset used by something else, having full access means you can jus

    • Comment removed based on user account deletion
      • I don't think you can know what others assume. Didn't and couldn't are not the same. People need to be told shit over and over, especially if it's more serious than people are used to. I'm sure HR sees people all the time just sign shit without reading thoroughly.
    • by sgage ( 109086 )

      Or, they could go and do something useful with their life, instead of working for Apple.

    • Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner

      You mean that they'll be treated like regular interns now?

  • by Anonymous Coward

    Maybe hire a more experienced software engineer next time.

  • Poor Intern (Score:4, Funny)

    by mentil ( 1748130 ) on Saturday February 10, 2018 @12:32AM (#56099179)

    He was just told to 'go make some copies' without further instructions, and proceeded to copy some random files onto a public-facing website. Not his fault he didn't understand.

  • If this guy gets caught, the punishment he gets will make him wish he was "just" a rapist.

  • ... so he never works in silicon valley again!

Happiness is a positive cash flow.

Working...