This Mac hacker’s code is so good, corporations keep stealing it 

Patrick Wardle is known for being a Mac malware specialist — but his work has traveled farther than he realized..

A former employee of the NSA and NASA, he is also the founder of the Objective-See Foundation: a nonprofit that creates open-source security tools for macOS. The latter role means that a lot of Wardle’s software code is now freely available to download and decompile — and some of this code has apparently caught the eye of technology companies that are using it without his permission.

three different companies were found to be incorporating techniques from Wardle’s work

Wardle will lay out his case in a presentation on Thursday at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. The researchers found that code written by Wardle and released as open source has made its way into a number of commercial products over the years — all without the users crediting him or licensing and paying for the work.

The problem, Wardle says, is that it’s difficult to prove that the code was stolen, rather than implemented in a similar way by coincidence. Fortunately, because of Wardle’s skill in reverse-engineering software, he was able to make more progress than most.

“I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common,” Wardle told The Verge in a call before the talk. “Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern.” 

The thefts are a reminder of the precarious status of open-source code, which undergirds enormous portions of the internet. Open-source developers typically make their work available under specific licensing conditions — but since the code is often already public, there are few protections against unscrupulous developers who decide to take advantage. In one recent example, the Trump-backed Truth Social app allegedly lifted significant portions of code from the open-source Mastodon project, resulting in a formal complaint from Mastodon’s founder. 

One of the central examples in Wardle’s case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users, but also uncover the fact that a legitimate application like Shazam was always listening in the background. 

Wardle — whose cousin Josh Wardle created the popular Wordle game — says he built OverSight because there wasn’t a simple way for a Mac user to confirm which applications were activating the recording hardware at a given time, especially if the applications were designed to run in secret. To solve this challenge, his software used an analysis.