Magnet sues ex-contractor over iPhone exploit leak

Magnet Forensics has accused a former contractor of disclosing confidential information about an undisclosed iPhone vulnerability to a rival cybersecurity company, potentially destroying the commercial value of a hacking capability used by government investigators.

The Canadian digital forensics company filed a federal lawsuit against exploit engineer Mario Del Gaudio and Spain-based Paradigm Shift Technology S. L. The complaint alleges that Paradigm Shift published technical research derived from Magnet’s trade secrets, exposing a flaw affecting Apple’s A12 and A13 processors.

Magnet lodged the case on July 7 in the US District Court for the Northern District of Georgia. It is seeking emergency restrictions intended to prevent further use or disclosure of the disputed information, along with damages and other remedies available under federal trade-secret law.

ADVERTISEMENT

The allegations have not been proved in court. Del Gaudio, his lawyer and Paradigm Shift did not immediately respond publicly to requests for comment. Apple also offered no immediate comment on the claims or whether the vulnerability had been addressed.

The contested security weakness was described in court filings as a previously unknown flaw capable of helping investigators obtain information from protected iPhones. Apple used the A12 chip in devices including the iPhone XS, XS Max and XR, while the A13 powered the iPhone 11 series and the second-generation iPhone SE.

Magnet said Del Gaudio worked directly on the vulnerability for several months while serving as an iOS exploit engineer for the company. His contract allegedly contained intellectual-property and confidentiality obligations covering technical discoveries, exploit methods and other proprietary work developed during the engagement.

Paradigm Shift published research about a vulnerability involving the same generations of Apple processors in June. Magnet alleges Del Gaudio participated in that research and supplied knowledge obtained through his work for the company.

The public release alerted Apple and the broader security community to the weakness, Magnet argued. That disclosure created the possibility that Apple could fix the flaw, reducing or eliminating its usefulness to customers who had paid for the ability to access locked devices.

ADVERTISEMENT

Zero-day vulnerabilities are security weaknesses unknown to the affected software or hardware developer when they are first exploited. Companies specialising in digital forensics may spend substantial sums discovering, purchasing and developing them because a reliable method of bypassing phone protections can be valuable to police, intelligence services and other government agencies.

Such vulnerabilities usually lose much of their value after they become public. Once a technology company identifies the underlying defect, it can prepare software updates, introduce hardware mitigations or change security procedures to block the exploitation technique.

Magnet said it sent cease-and-desist notices to Del Gaudio and Paradigm Shift before taking legal action. The complaint includes correspondence between the parties, an intellectual-property agreement and written responses from Paradigm Shift. The disputed research remained publicly accessible after those exchanges.

The company has requested a temporary restraining order and preliminary injunction. The case, assigned to US District Judge Victoria Calvert, was filed under the Defend Trade Secrets Act. Magnet also demanded a jury trial.

Magnet develops software and specialised tools that allow investigators to collect, process and analyse digital evidence from smartphones, computers and cloud services. Its products are used by more than 6,000 public and private organisations across about 100 countries, the lawsuit states.

US private equity firm Thoma Bravo acquired Magnet in 2023 through a transaction valued at about C$1.8 billion, or roughly US$1.3 billion. The purchase combined Magnet with mobile-forensics provider Grayshift, an Atlanta-area company known for technology designed to extract data from locked smartphones.

Grayshift’s location provides a connection to Georgia, where the lawsuit was filed. The combined business operates in a specialised market that includes Cellebrite and other companies supplying digital investigation technology to law-enforcement bodies.

Paradigm Shift also conducts vulnerability research and develops zero-day capabilities for government customers. The litigation therefore centres not only on an alleged breach of contractual duties but also on competition within a secretive industry where individual researchers can possess highly valuable technical knowledge.

The dispute comes as Apple continues strengthening protections around stored data, device passcodes and encrypted communications. Improvements such as hardware-backed encryption and limits on repeated passcode attempts have increased the difficulty and cost of extracting evidence from newer iPhones.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com