Apple Employee Stole Driverless Car Data – Report

A former Apple employee has been arrested by the FBI as he attempted to leave the United States, after allegedly stealing self-driving car secrets.

The charges filed in Northern District Court of California allege that a former employee (Xiaolang Zhang) had booked a last-minute flight to China after downloading the plan for a circuit board for a self-driving car. The suspect allegedly planned to move to Chinese autonomous vehicle start-up called Xiaopeng Motors.

The case (if true) highlights the problem the United States has had with Chinese firms over the past several decades, with multiple allegation corporate espionage made by US companies.

Trade secrets

According to Macrumors, Zhang was hired at Apple in December of 2015 to work on Project Titan. His role was to develop software and hardware for use in autonomous vehicles.

Specifically, Zhang worked on Apple’s Compute Team, designing and testing circuit boards to analyse sensor data.

Zhang apparently had “broad access to secure and confidential internal databases” due to his position, which contained trade secrets and intellectual property for Apple’s autonomous driving project.

Zhang reportedly took family leave from Apple in April 2018 following the birth of his child, and during that time, he visited China.

Shortly after this, he allegedly told his supervisor at Apple he was leaving the company and moving to China to work for XMotors, a Chinese startup that also focuses on autonomous vehicle technology.

But it seems that Zhang’s supervisor felt that he had “been evasive” during the meeting, all of which prompted an investigation by Apple’s New Product Security Team. They examined Zhang’s historical network activity and began analysing his Apple devices, which were seized when he resigned.

Apple reportedly discovered that just prior to Zhang’s departure, his network activity had “increased exponentially” compared to the prior two years he had worked at Apple.

He had allegedly accessed content that included prototypes and prototype requirements, which the court documents specify as power requirements, low voltage requirements, battery system, and drivetrain suspension mounts.

A review of recorded footage at Apple indicated Zhang had visited the campus on the evening of Saturday, 28 April, entering both Apple’s autonomous vehicle software and hardware labs, which coincided with data download times, and he left with a box of hardware.

Zhang in an interview with Apple’s security people, apparently admitted to taking both online data and hardware (a Linux server and circuit boards) from Apple during his paternity leave.

He also admitted to AirDropping sensitive content from his own device to his wife’s laptop.

Apple then relayed the evidence to the FBI, who in late June was interviewed by the Feds, during which he apparently admitted to stealing the information, and he was later arrested attempting to leave to China on 7 July.

Zhang faces up to 10 years in prison and a $250,000 (£189,000) fine if found guilty of stealing Apple’s trade secrets.

“We’re working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions”, Apple was quoted by the BBC as saying in a statement.

IP protection

At least one expert pointed out the need to protect valuable intellectual property and said that firms must recognise the threat posed by insiders.

“First Tesla, now Apple — as we inch closer to building autonomous cars, along with the programmable complexities that this entails, it’s not surprising that employees are increasingly tempted to get their hands on sensitive IP through software theft,” said Dr Jamie Graves, CEO and founder of data protection specialists ZoneFox.

“However, many of these tech giants still haven’t got appropriate protection in place that flags insider threats before they cause serious damage,” said Dr Graves. “With anything automotive, driverless or otherwise, protecting IP is vital. This is an alarming reminder of the havoc that can be caused by insider threats – malicious in this case, rather than accidental. No doubt this will only increase as the competition for building autonomous cars increases.”

“Apple might have an open culture of security – the investigation into the perpetrator stemmed from concerns expressed by his supervisor – but culture alone is never enough,” said Dr Graves. “From a cyber security perspective, the technology within Apple must be addressed. Machine-learning capabilities can flag suspicious behaviour within a company after building a picture of ‘normal’ behaviour. This, combined with a robust company-wide education programme is crucial for keeping sensitive data within a company.”

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

2 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

2 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

2 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

2 days ago