Former Tesla employee admits uploading Autopilot source code to his iCloud

Photo by Amelia Holowaty Krales / The Verge

Guangzhi Cao, a former engineer at Tesla, admitted in a court filing this week that he uploaded zip files containing Autopilot source code to his personal iCloud account in late 2018 while still working for the company. Tesla sued Cao earlier this year for allegedly stealing trade secrets related to Autopilot and bringing them to Chinese EV startup Xiaopeng Motors, also known as Xmotors or XPeng, which is backed by tech giant Alibaba.

Cao denied stealing sensitive information from the automaker in the same filing. His legal team argued he “made extensive efforts to delete and/or remove any such Tesla files prior to his separation from Tesla.” Cao is now the “head of perception” at XPeng, where he is “[d]eveloping and delivering autonomous driving technologies for production cars,” according to his LinkedIn profile.

According to a joint filing from the two parties that was also filed this week, Tesla has subpoenaed documents from Apple. While Apple is not involved in this case, a former employee who worked on the tech company’s secretive autonomous car project was charged by the FBI with stealing trade secrets last July.

That employee allegedly Air Dropped sensitive data to his wife’s laptop and was also caught on CCTV leaving Apple’s campus with a box of equipment. He had left his job at Apple to take a position at XPeng before being arrested. Cao was also a senior image scientist for Apple for two years before he joined Tesla, according to his LinkedIn profile.

The suit comes at a time when the US is locked in a trade war with China and has accused the nation and some of its biggest companies of committing so-called “economic espionage.” Tesla, Apple, XPeng, and a lawyer for Cao did not respond to requests for comment.

In a statement to The Verge earlier this year, XPeng said it opened an internal investigation into Tesla’s allegations, and that it “fully respects any third-party’s intellectual property rights and confidential information.” XPeng said it “by no means caused or attempted to cause Mr. Cao to misappropriate trade secrets, confidential and proprietary information of Tesla, whether such allegations by Tesla being true or not,” and said it “was not aware of any alleged misconduct by Mr. Cao.”

Tesla filed its suit against Cao this past March. The former employee was one of around 40 people with direct access to the source code for Autopilot, which is Tesla’s advanced driver assistance system. The company claimed Cao began uploading “complete copies of Tesla’s Autopilot-related source code” to his personal iCloud account late last year. Cao zipped and moved more than 300,000 files and directories related to Autopilot, according to the complaint.

At the end of 2018, Cao allegedly deleted 120,000 files off his work computer, disconnected his personal iCloud account, and deleted his browser history all around the same time he accepted a job with XPeng, an EV startup based in China that makes cars that look very similar to Tesla’s. Tesla also claimed Cao recruited another Autopilot employee to XPeng in February.

Cao admits he “used his personal iCloud account to create backup copies of certain Tesla information in 2018” in the new court filing. He also admits he created zip files containing Autopilot source code in late 2018, and confirmed that XPeng extended him an offer letter on December 12th. He says he disconnected his personal iCloud account from his Tesla-issued computer “on or around December 26,” and that he kept logging into Tesla’s networks between December 27 and January 1st, 2019.

While Cao does not specify when he formally accepted the job at XPeng, Tesla says his last day was January 3rd. He also denies poaching any employees from the Autopilot team.

Cao “further admits that he deleted certain files stored on his Tesla computer and cleared his web browser history prior to his separation from employment with Tesla but denies that any of this activity constitutes any kind of ‘misconduct,’” according to the filing, though he disagrees with the number of files that Tesla alleged he stole. He also claims he “made extensive efforts to delete and/or remove any such Tesla files” from his personal iCloud account before he left Tesla, though he does not say if he deleted all the files.

In the joint filing, Cao’s lawyers argue that any source code or other confidential information that remained on his devices after he left Tesla would only be there “as a result of inadvertence.” They also argue that Cao “did not access and has made no use whatsoever of any of the ‘Autopilot Trade Secrets’” after he left the company, nor did he transfer any information to XPeng.

According to the joint filing, Cao has already given Tesla a “subset of his electronic devices or digital images of such devices,” and access to his Gmail account for forensic analysis, which is already underway. XPeng also “voluntarily produced to Tesla a digital image of [Cao’s] work laptop.”

“This is a lawsuit about routine employee offboarding issues that could and should have been resolved by Tesla either through its own human resources or information technology policies,” Cao’s lawyers write in the joint filing. “Despite the vague innuendo in Tesla’s complaint (and in its recitation of the ‘facts’ above) that its trade secrets are ‘at risk’ and that Tesla ‘must learn what Cao has done with Tesla’s IP,’ the truth of this case is that Cao has done precisely nothing with Tesla’s IP. Prior to his departure from Tesla, Cao diligently and earnestly attempted to remove any and all Tesla intellectual property and source code from his own personal devices.”


i thought all tesla stuff was open source, they don’t hold any patents

Tesla has offered its patents related to electric vehicles and related equipment under a permissive license (which forbids licensees from making "knock-offs" of Tesla products, so in this case ), but it still holds the patent rights. Making unauthorized copies of source code is a copyright infringement, and "Autopilot Trade Secrets" are, well, trade secrets, which are not covered by patents.

Wow, the Chinese really went all in on mining / stealing all the EV tech from the U.S. they could. They also had the 2 EV startups here in the U.S. they funded till they got the knowledge they wanted then let them run out of cash.

Made In China 2025. It’s happening.

Stolen by China 2025?

I get why you might want to copy Tesla tech. I do not know why you would want to actually copy their vehicle designs. Tesla’s are…not great looking, especially the Model 3. Not as bad as most other electrics, though.

The redesigned model s is nice. The model 3 is funny looking to me though.

Yeah, it’s mostly the Model 3 that bugs me, but I don’t feel like they put their best foot forward with vehicle design in general. The rooflines all look like an amorphous bubble and the front ends are all a bit…squished. I don’t know. If I were to get one, it would definitely be despite its looks. Which is sad.

The new Roadster looks pretty good, though.

Yeah it’s pretty gorgeous.

The design is centred around aerodynamics and reducing drag coefficient to increase range. Besides, I think they look phenomenal.

I get that, and it’s a really good reason. I just don’t find them visually appealing. There are things they could do with the front end that wouldn’t really kill the aerodynamics but would help the look a lot.

Their designs are distinctive and recognizable and their cars are generally coveted. That’s enough reason

if there is jobless ness in USA,

chinas ip theft plays a huge role it,

as soon as a prduct gets built they copy it,

min royalities would be good, millions of dollars waster on reserch, garage to Lab levels

wish the govt would taker a stronger stance against it

If there’s less jobs in the West in general, it’s simply because huge corporations all around the West put the majority of all production in China, and have done so for ages, while the population grows. Don’t blame this on some IP theft lol.

Some corporations were already moving production to India, Vietnam and other Asian countries before the trade war, and more are choosing that route each day. china’s manufacturing sector isn’t in trouble but it is a house of cards that could completely destroy their economy.

Original thought/design is the Achilles of Asia in general. The chinese and Koreans can reverse engineer TF out of anything but they’ll never be the first to invent it. Even china’s golden unicorn, Alibaba, is a chinese knockoff US e-comm platform that the omnipotent Jack Ma knew in 1999 would require the chinese to fundamentally change their approach to work. While stealing IP allows them to replicate products for sale in china, they still manufacture American goods for sale in America with no chinese born export that legitimately competes in any US market.

Saying original thoughts is the Achilles heel of Asia is quite ironic considering how the West have stolen from Asia throughout history.
A few examples of Chinese knockoff don’t remove the merits of the whole continent, you are just playing the BS "Asians aren’t creative" stereotype there.

Why on earth are cloud based storage accessible from Tesla computers? This truly is poor and part of the blame has to go to their lack of IT security. Where I am, personal cloud security is nigh impossible to access.

But also let’s not pretend only the Chinese are stealing trade secrets. This happens all the time, is just that in this climate at the moment, special attention is being aimed at the Chinese. Corporate espionage is an old warfare

Why would you disable cloud storage? An employee can just as well use a USB stick.

You do know that there are technical measures that can prevent that?
I mean, I work in a high security field and we have everything disabled. Cloud Storage is disabled and blocked, employees are not allowed to take their notebooks home, USB access is blocked on all machines, printing is disabled for most of the development team, mobile phones are only allowed without cameras. We have full scanning (including weighing) when entering and leaving the building (any difference higher than 50g triggers the alarm).
This can all be done easily and I would suggest companies to do at least part of this. I mean, there is no damn reason to allow an employee to use his or her personal cloud storage at work or to access USB storage. Our source code is stored central and developers have to check in and out via software to edit the source. Every change has to be taken care of and needs to be documented and there is not a single reason someone should be allowed to interact with code freely or copy anything out of it.
There are several ISO certifications (industry certifications) that need to be taken into account when working at critical components (and I would assume a cars software to be highly critical because it could potentially kill).
And no, this does not cost a ton of money – disabling USB storage access and revoking administrative privileges on a machine can be done very easy. Pair that with a fully encrypted hard drive and only LAN access on the source code storage and you already have a halfway secure way to restrict access.

Except that you could just create a tunnel through 443 to sftp connection on port 22.

There is always a way round if you want to. Honestly the only reason for removing USB access is to stop virus ridden shite being plugged in. IP theft is not the reason.

…and they could also disallow any unauthorized endpoint, or screen every endpoint connection daily to quickly find risks. There exists hardware and software specifically aimed at blocking IP theft. I agree that it’s really surprising that they allow cloud storage connections on work computers when dealing with such sensitive information.

You are kidding right? I would assume someone on a tech blog to at least have basic understanding….
Every firewall outside a simple port filter can usually block VPN on any port. Any sophisticated firewall with deep packet inspection can easily block any VPN (including the ones going through on 443 with SSL). If you are in a high risk and high security surrounding pen testing is mandatory and certifications are only granted if you meet certain criteria. DPI is a minimum there. There are tons of ways, VPNs usually need a client in some form, even without a DPI capable firewall you can usually just block everthing that is not standard.
I am shocked on how much and how many people lack knowledge…..

Deep packet inspection is costly. It requires quite hefty devices to decrypt the session inspect and re-encrypt. It becomes even worse with perfect forward secrecy as the keys rotate meaning even more decryptions or even many dpi devices don’t even support it on the PFS ciphers.

Yes it is costly, but please don’t tell me that a multi billion dollar enterprise like Tesla lacks the money to do this? I mean, honestly.
Your argument was that tunneling through 443 was a valid option for such a company, it is not.
Also, costly strongly depends on the point of view. We have several firewalls serialized and the total product cost was under 450k, which is peanuts. Hell, an average SQL cluster at our place costs more in licensing.

The fact is, 443 tunneling is maybe gonna work at your place or some backyard company. I know enough ISO certified companies in the 30-50 employee range that you will not be able to get out via 443 or any other way.
Also, as I said, the cheaper method is revoking admin privilege on OS level, whitelisting applications and blocking everything unneccessary on your proxy. Do that and your VPN is a faint dream. Sorry to crush it.

View All Comments
Back to top ↑