Trade secret theft. Self-driving car data allegedly stolen by Apple staff who then tried to flee to China
A former Apple employee has been arrested by the FBI as he attempted to leave the United States, after allegedly stealing self-driving car secrets.
The charges filed in Northern District Court of California allege that a former employee (Xiaolang Zhang) had booked a last-minute flight to China after downloading the plan for a circuit board for a self-driving car. The suspect allegedly planned to move to Chinese autonomous vehicle start-up called Xiaopeng Motors.
The case (if true) highlights the problem the United States has had with Chinese firms over the past several decades, with multiple allegation corporate espionage made by US companies.
Specifically, Zhang worked on Apple’s Compute Team, designing and testing circuit boards to analyse sensor data.
Zhang apparently had “broad access to secure and confidential internal databases” due to his position, which contained trade secrets and intellectual property for Apple’s autonomous driving project.
Zhang reportedly took family leave from Apple in April 2018 following the birth of his child, and during that time, he visited China.
Shortly after this, he allegedly told his supervisor at Apple he was leaving the company and moving to China to work for XMotors, a Chinese startup that also focuses on autonomous vehicle technology.
But it seems that Zhang’s supervisor felt that he had “been evasive” during the meeting, all of which prompted an investigation by Apple’s New Product Security Team. They examined Zhang’s historical network activity and began analysing his Apple devices, which were seized when he resigned.
Apple reportedly discovered that just prior to Zhang’s departure, his network activity had “increased exponentially” compared to the prior two years he had worked at Apple.
He had allegedly accessed content that included prototypes and prototype requirements, which the court documents specify as power requirements, low voltage requirements, battery system, and drivetrain suspension mounts.
A review of recorded footage at Apple indicated Zhang had visited the campus on the evening of Saturday, 28 April, entering both Apple’s autonomous vehicle software and hardware labs, which coincided with data download times, and he left with a box of hardware.
Zhang in an interview with Apple’s security people, apparently admitted to taking both online data and hardware (a Linux server and circuit boards) from Apple during his paternity leave.
He also admitted to AirDropping sensitive content from his own device to his wife’s laptop.
Apple then relayed the evidence to the FBI, who in late June was interviewed by the Feds, during which he apparently admitted to stealing the information, and he was later arrested attempting to leave to China on 7 July.
Zhang faces up to 10 years in prison and a $250,000 (£189,000) fine if found guilty of stealing Apple’s trade secrets.
“We’re working with authorities on this matter and will do everything possible to make sure this individual and any other individuals involved are held accountable for their actions”, Apple was quoted by the BBC as saying in a statement.
At least one expert pointed out the need to protect valuable intellectual property and said that firms must recognise the threat posed by insiders.
“First Tesla, now Apple — as we inch closer to building autonomous cars, along with the programmable complexities that this entails, it’s not surprising that employees are increasingly tempted to get their hands on sensitive IP through software theft,” said Dr Jamie Graves, CEO and founder of data protection specialists ZoneFox.
“However, many of these tech giants still haven’t got appropriate protection in place that flags insider threats before they cause serious damage,” said Dr Graves. “With anything automotive, driverless or otherwise, protecting IP is vital. This is an alarming reminder of the havoc that can be caused by insider threats – malicious in this case, rather than accidental. No doubt this will only increase as the competition for building autonomous cars increases.”
“Apple might have an open culture of security – the investigation into the perpetrator stemmed from concerns expressed by his supervisor – but culture alone is never enough,” said Dr Graves. “From a cyber security perspective, the technology within Apple must be addressed. Machine-learning capabilities can flag suspicious behaviour within a company after building a picture of ‘normal’ behaviour. This, combined with a robust company-wide education programme is crucial for keeping sensitive data within a company.”
Do you know all about security? Try our quiz!