In a new report from Motherboard an Apple intern was responsible for the iBoot leak. The reason? It turns out he didn’t have a beef with Apple. Instead, friends of the employee encouraged the intern to leak it because it would help them with jailbreaking.
What Happened
Motherboard did attempt to reach out to the employee, but he refused to speak because he signed a non-disclosure agreement with Apple. Which I personally find strange, after all he wasn’t afraid to leak the code in the first place, yet still abides by an NDA. But I digress.
According to two people to received the code from the employee, it was originally stolen from the company in 2016. The employee took the code and shared it with a group of five people. The code was never meant to leave the group—at first.
I personally never wanted that code to see the light of day. Not out of greed but because of fear of the legal firestorm that would ensue…I knew one day that if those kids got it they’d be dumb enough to push it to GitHub.
About a year after the code was stolen and shared, someone inside the group gave it to “someone else who shouldn’t have had it.” Once they lost control of it, the iBoot leak started to spread.
In 2017 the code was circulated in the jailbreaking and iPhone research communities. In the fall of 2017 people started sharing screenshots of the code in a jailbreaking Discord group as a way to brag.
When I heard about that Discord group, I burned all the copies of iBoot that I had. I don’t need it anymore, and if this is going public I don’t want to be part of leaking it. If it gets out there it gets out there but it is not coming from me.
Then, it ended up getting shared to Reddit at one point, but it was automatically removed by a moderator bot. Finally, someone who wasn’t connected to the original leak shared it to GitHub. After that, it went viral, first with jailbreakers and then within the greater iOS security research community.
An Apple employee told Motherboard that the company was aware of the leak before the GitHub posting, but they didn’t share when Apple first learned about it.
Android source code is always out in the wild but that supposedly isn’t a security risk – why do people think that 3 year old code for a small part of Apple’s iOS being publicised is a risk?
Whether this is a big deal or not is irrelevant. This kid will, and should, face serious charges. Start with grand theft and trafficking in stolen goods and move on from there. Secondly, this kid’s career in the tech industry is over. Nobody will trust him with anything more valuable than a ham sandwich. Sorry but I have no sympathy for someone who shoots themself in the foot when they knew the gun was loaded.
I completely agree. My intention wasn’t to downplay the seriousness of the issue, just to reassure that its highly unlikely to affect iPhone users.
Oh I understand completely. I apologize if this came across as directed toward you.