Apple Accuses Former Employee of Stealing Confidential Files After Moving to OpenAI
Apple has revealed detailed information in the lawsuit it filed against OpenAI, accusing the company of benefiting from trade secrets related to its unreleased products through former employees who moved to work there.
According to the court filing, former Apple electrical systems engineer Zhang Liu exploited a previously unknown security vulnerability, classified as a 'Zero-Day' exploit, to access the company's internal network and download large amounts of confidential files, weeks after leaving Apple and joining OpenAI.
Exploiting an Undiscovered Vulnerability
Apple says Liu managed to exploit a rare bug in the authentication system that allowed him to access internal file repositories despite the termination of his employment, according to a report by TechCrunch seen by Al Arabiya Business.
It explained that the vulnerability was unknown at the time, meaning it had not had a chance to fix it before it was exploited.
It added that it quickly closed the vulnerability and revoked the employee's permissions as soon as it discovered what it described as a 'security breach.'
Although the vulnerability may have allowed a limited number of people to access the network, Apple confirms that a review of server logs showed that Liu was the only one who exploited it to access company data after his service ended.
Files About Unannounced Products
According to the lawsuit, over several weeks Liu copied dozens of confidential files related to Apple devices, including detailed information about unreleased products, engineering presentations, technical specifications, and data on the company's projects.
Apple also claims that he kept the work laptop provided by the company and did not return it after leaving, the device that was used to access its internal systems.
Exploiting Another Employee's Account
The court documents also indicate that Liu used the permissions of an Apple employee named Yu-Ting Peng, who was still working at the company at the time before later moving to OpenAI.
Apple alleges that Liu used her designated laptop while she continued working at the company, even though he was no longer an employee.
A Suspicious Message
The lawsuit included a message that Apple says Liu sent to Peng after discovering he could still access the internal file repository, which read: 'LOL, I found out I can access the file repository... pretty funny.'
The company believes this message is evidence that he knew the network access was unlawful.
Apple: The Vulnerability Should Have Been Reported
Apple confirmed that Liu violated his contractual obligations, as he did not inform the company of the security vulnerability after discovering it, nor did he delete the software he used to access the network.
The company did not reveal the nature of the software or tool used, but experts point out that corporate employees often have tools such as VPNs or remote access applications that allow them to log into internal systems using their credentials.
Legal Battle May Begin Shortly
Apple filed the lawsuit in the U.S. District Court for the Northern District of California in San Jose, demanding a trial by jury.
For its part, OpenAI had previously confirmed that it 'does not care about other companies' trade secrets,' and court proceedings are expected to begin this year if the lawsuit continues on its legal path.
The case highlights the growing challenges companies face in securing sensitive data after employees leave, especially if access permissions to internal systems are not fully and promptly revoked.
Advertisement
Advertisement
Original source: Al Arabiya
Comments (0)
Be the first to comment.