Apple still chasing down hundreds of forked repositories of iOS source code on GitHub

After a leak of critical iBoot source code, Apple is still trying to pick up all the pieces.

Everything you need to know about the iBoot iOS software leak
Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Days after getting leaked iOS source code removed from GitHub, Apple is still working to remove any other clone repositories containing the code.
  • Apple has filed a DMCA request to remove all infringing repos, without pointing to specific infringements of copyright, which could violate DMCA law.

Nothing can ever truly be deleted from the internet, and Apple is learning that lesson the hard way. After successfully getting the original leak of its iOS iBoot source code removed from GitHub, the company is stuck chasing down hundreds of forked repository clones that contain the same information.

Now, according to a Digital Millennium Copyright Act (DMCA) filed Sunday, Apple is asking GitHub to remove any and every fork stemming from the original repository. In its request, Apple wrote that, based on the forks it reviewed, "we believe that all or most of the forks in these networks are infringing to the same extent as the parent repositories. Accordingly, and because there are a growing number of forks that contain the infringing content at issue, we respectfully request that GitHub disable the entire fork network(s)."

As noted by The Register, this is Apple's sixth DMCA request made after the iBoot code was originally found on GitHub. And, while it seems logical that a company would want to protect its copyrighted materials, Apple's methods may be a little outside of the law.

SEE: Information security incident reporting policy (Tech Pro Research)

Because of the guidelines on GitHub, a company filing a DMCA takedown notice must specifically identify the copyrighted work or material that is being infringed upon. As such, Apple's sweeping request that "all or most of the forks in these networks are infringing" doesn't technically follow the rules, The Register reported. However, whether or not that technicality is worth pursuing will be up to an attorney.

The iBoot source code leak was an embarrassing one for Apple--a company known for its mobile security and closely-guarded secrets. Despite the severity of the leak, Apple's initial response was to assure iPhone users that their security wouldn't be compromised by it.

"There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections," Apple said in its statement.

The original source of the leak turned out to be a former Apple employee, Motherboard reported. And despite the low risk of the iBoot leak, that developer has access to even more source code that, if leaked, could cause a bigger issue.

Also see

Image: iStockphoto/BCFC