Apple Intern Reportedly Leaked iPhone Source Code

Earlier this week, a portion of iOS source code was posted online to GitHub, and in an interesting twist, a new report from Motherboard reveals that the code was originally leaked by a former Apple intern. The Verge reports: According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak. The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year. Eventually, the code was then posted in a Discord chat group, and was shared to Reddit roughly four months ago (although that post was apparently removed by a moderation bot automatically). But then, it was posted again to GitHub this week, which is when things snowballed to where they are now, with Apple ordering GitHub to remove the code.

Secrets

[Anonymous Coward]

The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.

5 people can keep a secret, if 4 of them are dead.

Re:

[Narcocide]

If 5 of them are dead and they didn't use Windows to talk about it.

Re:

[Anonymous Coward]

The plan was originally to make sure that the code never left the initial circle of five friends, but apparently the code spread beyond the original group sometime last year.

5 people can keep a secret, if 4 of them are dead.

There's an old saying in Security that the probability of a leak increases with the square of the number of people who know the secret. Going in with an expectation of "I'll share with just my five friends" is optimistic and naive that the secret won't get out.

Re:

[michelcolman]

You always have to ask yourself: if I cannot keep this to myself and feel this overwhelming desire to share it with just a few friends, are those friends more likely or less likely than me to keep it to themselves? Realistically, the answer is always "less likely", no matter how much you trust them. It's just basic maths, really.

Re:

[Bing Tsher E]

We all take our 'careers' so seriously. The HR representatives are positively gleaming about our enthusiasm.

You, too, can have a secure future! Just sign right here!

Re:

[Anonymous Coward]

It will be a warning to the next Thief.

Re:Why bother, Apple?

[Anonymous Coward]

Are you fucking kidding me?

Let's say you're an artist that makes a popular webcomic. Someone got ahold of the entire corpus of years of your work, and posted it on their own site, making it available for anyone who wants it (regardless of whether they try to monetize it themselves).

So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"

Fucking NOPE. Apple has invested billions in research and development in their source code.
I'm not sure who taught you to believe that you're entitled to other peoples' work for free without their consent, but where I come from that's called SLAVERY, you stupid fuck.

Apple is completely within their rights to pursue this as far as necessary, and to sue anyone who's been a part of it for everything they're worth, and have them locked up for YEARS.

That wasn't a "cute little mistake". IANAL but I will be shocked if this can't be prosecuted under corporate espionage laws.

This kind of bullshit enrages me (could you tell?), and no, you're not part of some "empowered" culture when you fucking steal from others. I hope they throw the book at this piece of shit.

Re:

[Anonymous Coward]

That school is thought is all well and good (and I actually support the idea), but it's ONLY appropriate if the work is donated voluntarily, as is the case with open source projects.

Taking the work of others without consent is unacceptable.

Re:

[spire3661]

When copyright returns to a sane length, THEN you can make this argument. Until then all IP is up for grabs. Copyrights are social bargains, and we have been getting the shaft on that for a good long while now.

Re:

[Anonymous Coward]

I'm pretty sure the source code for an Operating System is of sufficient length to be safely considered proprietary information (copyrighted or not).

Until then all IP is up for grabs.

Try making this argument in a courtroom without getting laughed out of the building.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[realmolo]

I think the point is, the code is out there. Apple can't get it back.

The hackers that care will get a hold of it, one way or another, and Apple can't do much about it. Especially outside of the United States.

Hell, the hackers that care almost certainly *already* have the code.

Re:

[Kjella]

So when you discover this, you're going to say "OH WELL, Looks like it's out there! I guess I'll just sit on my thumbs and accept it because I have no recourse!"

Can you stop mass market distribution? Yes. Can you stop underground distribution in iPhone cracking circles? Hell no. This is mostly a show to act like they're taking it seriously and law enforcement is cracking down on it and whatever but... nope. It's still security theater, it's not going to protect against any of the actual threads.

Re: Why bother, Apple?

[SirSlud]

Stopping mass market distribution has a meaningful amount of value. People/organizations do things with full knowledge it won't eliminate a problem, but will reduce it. Besides, I contend that a takedown to GitHub has increased the publicity any meaningful amount. The story was that it was available for a short period of time smack dab in GitHub. The whole horses having left the barn metaphor breaks down .. some horses are still in there, might leave tomorrow, it's an easy action to take, so it's reasonable

Re:

[Anonymous Coward]

That was the longest verbal masturbation I've ever been witness to.

Clearly, you think you're amazing. Also, you apparently think stealing is okay.

Making copies of a work *without* permission of the owner is a crime. Unless you REALLY feel that way, in which case I'll just help myself to copies of your social security card, birth certificate, credit card number, and other tidbits. After all, it's not REALLY stealing if it's just a copy of your information right? And if I sell those copies to someone else and

Re:

[Bing Tsher E]

You're right. This is apple.slashdot.org and the sponsors of this sub-slashdot are really fucking mad.

How dare somebody disobey the Apple.

Re:Why bother, Apple?

[mark-t]

Theft deprives another of a tangible good.

So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?

A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.

And its value doesn't even need to be objective or monetary... it only needs to be valuable to the person who had lawful jurisdiction over whatever was stolen.

Consider copyright, for example, which is supposed to entail the exclusive right to control who may make copies of a work. Exclusive, by definition means that nobody else is doing it, so when someone makes an unauthorized copy, they are actually depriving the copyright holders of some measure of their exclusivity of control on the copying of that work. Whether one thinks that copyright holders should not have this amount of control is irrelevant.. it is the entire point of copyright, and because copyright is protected by law, the copyright holder is recognized as the lawful possessor of the exclusivity it entails. Once infringed, the copyright holder's exclusivity is dilluted, and is never as strong as it was before.

Re:

[Kjella]

So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?

If you steal electricity a power plant has to make more, it's consumed just like the water from the tap. How is that not a physical, tangible resource? While the signal in a cable loop is passing through anyway, you're only listening in like turning on your radio. Unauthorized use of bandwidth is displacing other people's traffic, though I think this is more like identity theft / fraud where you trick an ISP into making virtual deliveries instead of physical deliveries from Amazon.

A strict definition of theft may require that the person who has had something stolen has been deprived of something of value to them, but there's no requirement in the definition that the something necessarily be tangible, only that it has value.

I think you've confused "s

Re:

[gnasher719]

So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?

Many years ago, in Germany they had the very first case of someone stealing electricity. At a time ages ago when not everybody had electricity supplied to their home, someone connected their home to their neighbour's supply. Got caught, and it turned out it was not illegal to any of the laws in place at the time.

They created a new law.

There was also in the 1970's a first case of computer fraud. It turned out that with fraud, you needed to convince _a human_ of something that isn't true. The person _al

Re:

[mark-t]

In your latter example, a human is still being deceived... specifically, anyone who has jurisdiction over the funds in the account, since those people are making the (invalid) assumption the computer is only going to remove authorized funds, and of course one would have to deceive the computer to otherwise access such funds. The fact that this assumption is invalid doesn't change the fact that it's still stealing any more than it's not stealing to take a convertible that doesn't belong to you if the keys a

Re:

[exomondo]

So I take it that means you can't steal electricity, cable television, someone else's internet bandwidth, or any number of other things with no physical or tangible component?

Perhaps a better analogy is your bank account details. If I copied your bank account details you would probably quite reasonably use the term 'stolen' (even if that's not strictly the correct word based on a particular dictionary definition) even though it hasn't caused you any harm nor have you been deprived of anything. Of course if I were to then sell/give a copy of those details to some nefarious party who then transferred your money somewhere then you would quite rightly hold me significantly accountab

Re:

[mark-t]

That doesn't change the fact that it still deprives the copyright holder of some level of exclusivity of control that they would have otherwise still had if the infringement had not occurred.

Re:

[mark-t]

If you take something from someone else, that's stealing. Copyright infringement amounts to the taking of some of the exclusivity that the copyright holder otherwise had to control over who can make copies of the work, so the infringer is stealing that from the copyright holder. Full stop.

Now you can argue that one has no compunction against stealing when it might serve what they could argue is some greater and more important good, and suggest that there is no moral dilemma involved with theft in such

Re:

[mark-t]

And back to the TFA, is leaking private sourcecode theft?

To precisely the same degree that copyriright infringement is, which I would argue is the case.

The thing is, I've never alleged that that in the case of copyright infringement, the work itself is being stolen. It's clearly not,. because the original still exists, and looking at the situation as if the copyrighted work is the only thing of value that exists in the scenario can easily mislead a person to believe that copyright infringement and theft

Re:

[Bing Tsher E]

WTF, has Slashdot be overtaken by a big herd of fucking Eagle Scouts now?

Apple has rolled out a brigade of defenders, that is for certain.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Why bother, Apple?

[Brockmire]

Fuck face, you keep missing the actual fucking violation, you're stealing the owner/creators RIGHTS to copy the work, not the work itself. By copying it, the toothpaste can't be put back in and copy right forever "stolen". What part of "copy" or "rights" can't you understand? Ever heard of licensing? Educate yourself, rather than trying to be weasely in justifying theft. You just look fucking juvenile and a crybaby.

Re: Why bother, Apple?

[Brockmire]

How come a 4 year old can understand stealing as "taking something that doesn't belong to you without their permission" but so many adults can't? Is this just shitty parenting?

Re:

[DrStoooopid]

***APPLE FANBOY DETECTED*** Remember how Windows software source code is constantly stolen, and it doesn't affect them one Iota? They'll just make a new version, problem solved. The nice thing about a sourcecode breach on an established project, is that 1. it can be scoured for bullshit. 2. sometimes people can learn to fix their fuckups 3. helps the community as a whole, because the average consumer doesn't give two sh*ts about source code.

Re: Why bother, Apple?

[Brockmire]

A few MB of code is NOT extremely small for an embedded device or a bootloader. Do you write some super high level bloated language or something?

Blow my mind

[PCM2]

Hmm. It's almost as if when a company asks to to sign a confidentiality agreement, they fuckin mean it, and for good reason.

Re:

[mark-t]

Confidentiality agreements and NDA's do not apply to the lawful reporting of criminal activities, such as theft, violation of the region's labor standards, etc. They never have.

Re:

[mark-t]

No lawyer would be required because such a lawsuit wouldn't even get as far as a courtroom. Of course, that is assuming what you were reporting was actually illegal, and not just something that you happened to think was illegal but was not.

Security?

[mspohr]

I guess they'll have to think of an alternative to security by obscurity.
Hopefully there are no glaring security holes revealed in the code.

Re: Security?

[Brockmire]

No, it just has more stupid filters to prevent stupid people from doing stupid stuff. Pretty much all malware on Android and iOS is from users installing shit they shouldn't. I must have missed those websites that could root Android devices just by visiting a site like iOS did so many times.

Re:

[Zxern]

You mean like installing apps from the playstore that have malware hidden in them?

Re:

[Bing Tsher E]

Yes, like installing apps from Apple's iOS app store that have malware hidden in them.

It gets around and it goes around.

Re:

[Earthquake Retrofit]

It's Apple code. It will be bulletproof, Like an apple.

I really have no idea how secure Apple code is, (Z-80 forever!) but this is funny.

Re:

[mark-t]

According to Apple on this matter, "the security of our products does not depend on the secrecy of our source code".

Re:

[gnasher719]

I guess they'll have to think of an alternative to security by obscurity.
Hopefully there are no glaring security holes revealed in the code.

What you want is security in depth. Multiple layers of obstacles to get around. Obscurity is a perfectly fine first layer of defence.

And what do you mean "no glaring security holes"? I rather hope that ther are _no_ security holes, glaring or almost perfectly hidden. Perfectly hidden is fine, because it's perfectly hidden :-)

Name..

[Anonymous Coward]

Name the intern so other companies can know who NOT to hire.

You want to have a position that involves trust, then live up to it. Break that trust and live with those results too.

Re:

[Joe_Dragon]

san quentin

Android too!

[swillden]

There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]

Re:

[93 Escort Wagon]

There's been a massive leak of the Android codebase, too. If you're quick you can download a copy here: https://tinyurl.com/4x7rfdd [tinyurl.com]

Who is this mysterious elite hacker "GPL", anyway? I wonder if ESR or RMS might know?

Re:

[cmdrbuzz]

Let us know when the Actual "Android" that runs (including Google Play Services) is available.

Anything else looks like grandstanding by a Google employee.

Which it is.

Re:

[swillden]

Let us know when the Actual "Android" that runs (including Google Play Services) is available.

Google Play Services is not part of Android.

The skies will darken with Apple lawyers

[sandbagger]

Assuming this stays out of criminal court, this kid's salary will be garnished for a lifetime as he tries to pay back the judgement against him.

Re:

[farble1670]

Sure, but his friends must have thought he was pretty awesome. It was worth it.

Re:

[Bing Tsher E]

Clearly they should reduce him to a grease spot on the pavement somewhere so that people brandishing their iGadgets can urinate on said grease spot and hiss.

What has happened to Slashdot? Stealing code isn't 'cool' but a leak like this is interesting and nerds should be scrambling to get a peek at it.

Also, S. Jobs' edict about 'stealing' should apply. Except Jobs is dead and Apple has become so 'big' that the original company is a fossil, and the people who control it now have made it a big fucking hard t

This is why we can't have nice things

[TexasDiaz]

And now this intern has ruined life for all other interns in the company - past, present, and future. I'm sure all of the current interns have gotten a "leak like this guy and we'll ruin you" speech by now, and I bet web crawlers are already trained on past employees and interns looking for a hint of anything similar. Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner while they're working. Thanks, asshole, for ruining the intern experience for everyone.

Re:

[farble1670]

Future interns will have to sign away even more of their rights

What rights are they signing away now? The right to steal company IP and distribute it on the internet?

Re:

[burtosis]

Im not sure what you are saying. Interns have always been treated like that, plus overworked and yet still paid like crap. In fact I'm pretty sure if your intern experience isn't 'ruined' you were never doing it right to begin with. Though if you really want a ruinous experience you should try engineering college business outreach programs. It's like being an intern, but without the prestige and dignity.

Re:This is why we can't have nice things

[larryjoe]

Im not sure what you are saying. Interns have always been treated like that, plus overworked and yet still paid like crap. In fact I'm pretty sure if your intern experience isn't 'ruined' you were never doing it right to begin with. Though if you really want a ruinous experience you should try engineering college business outreach programs. It's like being an intern, but without the prestige and dignity.

In my personal experience as an intern and as a mentor, I've never seen interns treated like that. The point of employing interns is to have extended hands-on job interviews with them and then hire the best of the bunch. As part of that process, we treat the interns well in terms of pay, gifts, hours, and access to technology, information, and people because we want the good ones to want to join us later.

Re:

[burtosis]

Would you mind telling me where you are from? I'm from the Midwest USA and can tell you as someone who did an internship and had some friends who did as well it was all pretty bad. Then I got into industry around here and saw some seriously negligent, in many cases outright abuse of interns. This was at three unrelated companies, out of maybe 10 or so I was dealing with over a period of a few years. Same goes for grad students. One CS grad student I worked with had to wash and wax his advisors car to

Re:

[larryjoe]

Would you mind telling me where you are from? I'm from the Midwest USA and can tell you as someone who did an internship and had some friends who did as well it was all pretty bad. Then I got into industry around here and saw some seriously negligent, in many cases outright abuse of interns. This was at three unrelated companies, out of maybe 10 or so I was dealing with over a period of a few years. Same goes for grad students. One CS grad student I worked with had to wash and wax his advisors car to be sure he would pass his defense like it was some kind of karate kid parody made real.

I have worked in the telecommunications, computing, storage, and graphics industries in the northeast and California. I should mention that the internships that I've had personal experience with were all in corporate research organizations. For the most part, these interns are paid like new college graduates for about three months, including full health and other benefits. We really were trying to impress the interns, along with giving them an opportunity to impress us. Of course, I've had the good fort

Re:

[burtosis]

Thanks for the reply and I'm glad to hear you have worked for some fair employers and appreciate you like to treat people well. I've seen whole product lines designed and marketed mostly by interns, they really deserve respect when they work hard. Unfortunately I've worked in a few, even one where an argument between a sales guy and the manager in the back meeting room wound up with the manager thrown through the wall right into the sales floor. Needless to say if the cops show up, you may be working in a

Re: This is why we can't have nice things

[Brockmire]

At my first job, I worked at a place where the boss man wanted a person doing work experience for a few weeks (basically doing network grunt work for free) fired because she was playing Minesweeper on her lunch break. The company isn't a storefront business, any visitors are just delivery people and suppliers. It's really no fucking big deal. That was when my tone went from a scared, reserved one to, "are you shitting me?" tone and reminding him she's not paid. I didn't of course let her go, and over tim

Re:This is why we can't have nice things

[tlhIngan]

And now this intern has ruined life for all other interns in the company - past, present, and future. I'm sure all of the current interns have gotten a "leak like this guy and we'll ruin you" speech by now, and I bet web crawlers are already trained on past employees and interns looking for a hint of anything similar. Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner while they're working. Thanks, asshole, for ruining the intern experience for everyone.

I think you're understating the seriousness. I think companies everywhere are re-evaluating their interns. After all, Apple is well known to have security down pat - defense in depth, layered security, and that's just the physical side (you have secure rooms within secure rooms...).

And Apple had a breach. Every company is probably looking over their security and their interns because if it happened at Apple, there's no telling it couldn't happen to them. Even worse, if you interned at Apple, you may find yourself at the end of the distrust stick - if you leaked out Apple's stuff, who's to say you won't leak out our stuff?

Heck, if Apple finds out which intern did it, they're pretty much out of the tech industry. No company will want to touch someone who deliberately leaks their company's secrets. Get branded as someone who violates NDA, become an untouchable. And Apple doesn't even need to press heavy charges - given the age of the code, the damage will likely be minimal, so even if Apple asked for a token $1, the fact that the person violated NDAs is the far greater punishment.

Why interns?

[phorm]

Yes, it was an intern in this case, but in reality it could have just as easily been a permanent FTE, a contractor, or whomever with an agenda.

Re:

[Lord_Jeremy]

For what it’s worth, Apple has had a policy where any developer has access to nearly all of the source code for their non-secret projects. I don’t know if that is true to this day, but it was definitely true as of a couple years ago.

Re:

[tlhIngan]

For what itâ(TM)s worth, Apple has had a policy where any developer has access to nearly all of the source code for their non-secret projects. I donâ(TM)t know if that is true to this day, but it was definitely true as of a couple years ago.

Probably true, and probably still exists.

After all, the goal of this is not that the developer should leak code out, it's so code can be shared. If you're working on some project and you need an asset used by something else, having full access means you can jus

Re:

[account_deleted]

Comment removed based on user account deletion

Re: This is why we can't have nice things

[Brockmire]

I don't think you can know what others assume. Didn't and couldn't are not the same. People need to be told shit over and over, especially if it's more serious than people are used to. I'm sure HR sees people all the time just sign shit without reading thoroughly.

Re:

[sgage]

Or, they could go and do something useful with their life, instead of working for Apple.

Re:

[eclectro]

Future interns will have to sign away even more of their rights, be locked down even harder, and feel like a prisoner

You mean that they'll be treated like regular interns now?

Intern?

[Anonymous Coward]

Maybe hire a more experienced software engineer next time.

Poor Intern

[mentil]

He was just told to 'go make some copies' without further instructions, and proceeded to copy some random files onto a public-facing website. Not his fault he didn't understand.

Worse than rape

[lucasnate1]

If this guy gets caught, the punishment he gets will make him wish he was "just" a rapist.

Apple Should Post the Intern's Name...

[Panthros]

... so he never works in silicon valley again!