TSMC says employees tried to steal trade secrets on iPhone 18 chip process
192 comments
·August 5, 2025sgarland
ryanjshaw
This abuse of Excel might be in the running for a new form of esports.
ethbr1
It's always worth remembering there's exactly one reason Excel is abused -- IT isn't giving "non-developers" access to tools they need to automate their work.
LarMachinarum
while I don't doubt that such situations also exist, that wasn't the reason for any of the many "Excel abusers" I've encountered in different positions. Quite to the contrary, these people all had access to the appropriate tools, but their whole thinking was totally formatted and fixated on Excel as their go-to tool for everything:
be it things better done with a database, a word processor, a diagramming program, a label generator, a Form editor, a markup language, a web page, anything: they had all the tools at their disposal but no, no, they felt the odd compulsive need to do it with only Excel instead…
…often leading to problems down the line when the limitations of Excel for the use case (for which it wasn't made) would show more and more but they wasted already so much time and (needless) effort doing it in Excel that they would be even more reluctant to the possibility of switching to any more appropriate tool for the task.
garyfirestorm
Bingo. Working in an automotive OEM the entire company works on excel specifically excel vb scripts. No one knows why and no one has figured out how we got here. But it’s slow and steady abuse excel.
FirmwareBurner
Also how the simplest, fastest and most secure way to send someone from another corporation a file for collaboration is an encrypted zip and phone in the password.
bombcar
Roko's Basilisk or whatever it is should more properly be called Excel's Visual Basicilisk - once Excel becomes self-aware it is going to punish everyone who tortured it for decades.
CGMthrowaway
It just sounds like Mail Merge to me. Which if you were using a computer for work in the 90s, you might know something about. (It was also convoluted) :)
raverbashing
Maybe we need an IOCCC or Demoscene for Excel
WhyNotHugo
> it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint
My guess is that they're worried that you'll download data and then copy it out of the device while the device is offline. An employee could even "lose" the device, giving an attacker unbound time to extract data from it.
Another equally likely explanation is that the exec in charge of their cloud services gains more prestige due to his solution being universally adopted internally, or some other crap along this line.
jve
It is great that particular tools enable employees automate stuff and make their work more effective.
From developer point of view I see that the effort would most certainly be diverted in another kind of solution.
But yeah, "citizen developer" stuff is a thing that microsoft pushes especially in Power Platform / Canvas Apps - one programs with WYSIWIG and Excel-like formulas (PowerFX)
But then again I wonder who are the people that can program in VBA and chooses excel. Is it the constraint around software they can use? An excel being a GUI which you don't have to implement? Anyways, a net positive for business.
mjlee
I'm sure the free GUI is the gateway drug, but at this point practically everybody in finance uses Excel. You can pass files and scripts around and be pretty confident that the external auditor will be able to use them.
skeezyboy
where else can you run vba these days?
CGMthrowaway
A common and innovative solution to this problem now, that I have seen in other fabs (not semis, but other industries), is to put QR codes on each machine. That way the info behind it can be dynamic and maintained
hbarka
At least they didn’t make you use Sharepoint and OneDrive. How fun using VBA and ODBC in 2019, proving the mighty Excel will go on as the new MS Access.
gedy
Nice ha. Your story reminds me of why I flinch whenever I hear "just give them the spreadsheet, engineer, don't argue..."
simpleintheory
The original link from Nikkei Asia that the 9to5mac article is a repost of has some more information and less generic filler:
Link: https://asia.nikkei.com/business/technology/tsmc-fires-worke...
Archive: https://archive.ph/ta1kq
ants_everywhere
Industrial espionage has to be totally insane to defend against these days.
tjpnz
Just knowing how the thing is built doesn't seem to be enough. Comac still sources its jet engines from Pratt and Whitney for instance, despite many years of trying no local manufacturer has been able to build them to the same spec.
Workaccount2
The product I oversee at my job is something that can only be built by people who are intimately aware of the process and have a strong understanding of the underlying engineering.
We could hand the full project file to a competitor and they almost certainly would not be able to build functional units. The failure points are fractal, so you need a strong intuition about what part you are installing, what qualities an ideal part has, what qualities the one in your hand has, how you might install it differently because of those qualities, and/or how you might change a later process to accommodate it. Or if the part should just be junked. The process is fraught with seemingly good intuitions that will ultimately lead you to failure as well.
These units also cannot be reworked, reused, or repaired, so any mistake before finalizing the build junks the entire thing.
For extremely low-entropy products, mother nature is incredibly unforgiving.
K0balt
This is a bigger issue than most people appreciate, and a huge problem for the USA.
There is a specialised trade known as tool and die maker, or just die maker (https://en.m.wikipedia.org/wiki/Tool_and_die_maker) that is fundamental to a country’s ability to create industrial capacity. So far, no automation tool has been able to replace their expertise.
Without die makers, you can’t build tools that make things, you can’t build factories, and mass production in general is dependent on their skillset.
Right now, the USA only has 50k die makers, and the average age of a die maker, including apprentices, is 54. The average age of a master die maker is 73, and the average age of a journeyman is 62. A master die maker can teach about 5 apprentices to the journey man level in a work environment, after 2+ years of basic engineering school, in about 5-7 years. A journeyman may generally considered a master after 10-20 years of experience, depending on the nature of their experience.
We don’t have enough die makers to rebuild the industrial capacity of the USA, and we can’t teach the amount we need in less than 5-7decades without some kind of major change in the process of doing so. And since more than half of the master die makers are months from retirement or death, we are in an extremely precarious position as a viable industrial power.
This is why it is extremely difficult to build anything physical in the USA using only USA sourced parts and materials. It’s almost impossible to even get a decent variety of screws and fasteners made here in the USA, and we can’t easy build the machines to make screws because of the critical shortage of master die makers.
If we are to maintain the ability to build and maintain our machines, weapons, and critical infrastructure without being completely dependent on imported tools, supplies, and knowledge, we will have to reinvent the industrial process using automation or something similar to compensate for our foolish exportation and devaluation of strategic skills and capabilities.
tracker1
That's not a high bar... Boeing can't seem to reliably manufacture their own designs.
wyre
What product is it?
mitjam
A relative of mine worked at a medical devices company (brain sensors). She told me how small intricacies of the manufacturing process were critical to reach good enough yield or functioning devices, at all. The critical process steps were closely guarded and only a handful employees knew how to do them. The devil is often in the details - and the moat, too.
null
throw0101c
> Just knowing how the thing is built doesn't seem to be enough.
See perhaps:
> Tacit knowledge or implicit knowledge is knowledge that is difficult to extract or articulate—as opposed to conceptualized, formalized, codified, or explicit knowledge—and is therefore more difficult to convey to others through verbalization or writing. Examples of this include individual wisdom, experience, insight, motor skill, and intuition.[1] An example of "explicit" information that can be recorded, conveyed, and understood by the recipient is the knowledge that London is in the United Kingdom. Speaking a language, riding a bicycle, kneading dough, playing an instrument, or designing and operating sophisticated machinery, on the other hand, all require a variety of knowledge that is difficult or impossible to transfer to other people and is not always known "explicitly," even by skilled practitioners.
baggachipz
Or for analogy, following a recipe doesn't make you a good cook.
motorest
> Or for analogy, following a recipe doesn't make you a good cook.
For an analogy, no one cares if you're a good cook if you're able to make a passable burger. Most of the demand is not for the best burger money can buy, the just want a burger.
chii
But it also depends on how precise the recipe is - if it's described down to the exact movements the cook needs to do, which may be replicated via a machine...
reaperducer
Or for analogy, following a recipe doesn't make you a good cook.
Following a recipe can you close enough for thousands of Door Dash customers to put the original restaurant out of business.
Cyph0n
Are P&W and Rolls Royce the only companies in the world capable of manufacturing high-end jet engines end-to-end?
seanmcdirmid
No, but they provide the best efficiency/performance for the buck. China can produce its own jet turbines, but they have to trade off performance or longevity to do it.
a2tech
They don't make them end to end either. Their jet engines are made up of parts supplied by thousands of suppliers.
prussian
Don't forget GE Aerospace. It gets a bit weirder too since you have joint ventures like CFM and Engine Alliance.
mensetmanusman
We don’t have sensors that can grok the full building process that deep human experts have.
prussian
Which Comac? I thought they all used GE (CFM for Comac 919) or Russian/Chinese sourced engines.
ta20240528
That's the OP's point: COMAC is using CFM LEAP 1-C engines on the C919.
To be fair, they have taken the effort to build the CJ 1000A engine - which is on wing testing should the tangerine fellow cut them off. But its Plan B at best.
_DeadFred_
I can't remember but I think Lance Air or Epic got split in a sale and a company bought the type design/blueprints but ran into issues actually manufacturing from them.
sneak
I frequently wonder what steps SpaceX security has to take, given the insane geopolitical significance of reusable rockets and cheap access to orbit.
bwfan123
There is a very nice chapter in the somewhat dated but classic book Business Adventures [1] on trade-secrets and what happens when employees of one company move to another. In chapter 11, "A man, his knowledge, and his job", there is a story of a "space-suit" manufacturer Goodrich suing an employee for moving to its rival Latex for stealing trade-secrets. The story is timely in context of Meta hiring researchers from open-ai, deepmind etc for 100s of millions for the knowledge in their heads of the recipes which work for making superior LLMs - the knowledge of which is empirical and may take years to discover.
[1] https://www.amazon.com/Business-Adventures-Twelve-Classic-St...
AlotOfReading
You could also argue that they're hiring people for the general expertise they have in developing frontier LLMs. Distinguishing trade secrets from general knowledge is difficult and employees building the latter to make them more valuable to new employers is an explicit policy goal of US employment law.
CGMthrowaway
What is the story?
m4rtink
I would say the main element of their success is not really in any specific close kept secrets - its in actually committing to reusable rockets and keep working until they had a working system.
While there are some really nice components and clever ideas (Merlin/Raptor engines & very good guidance tech) this all really has been doable for decades in less efficient form.
But so far no one other than Space X has been able to win against all the naysayers who were so sure only single use rockets are ever going to work, get enough funding to build a partial RLV & then operate it successfully as a business.
I don't think it depends on any single technology or a set of them only they have access to - rather that they have been able to persist and see it through, unlike all the other RLV projects that never got funding to go past the paper stage or very simply not viable (Space shuttle).
null
chilmers
So, this is admittedly a little tinfoil, but I wouldn't be surprised if Musk is happy for some degree of espionage to happen. If it looked like there was a possibility of China getting this capability first, it would light a fire under the US government to give financial and regulatory assistance to the Starship program.
bilbo0s
Musk does seem to think in terms of how much money he can get from the government for his companies. But to be fair, government subsidies are a successful strategy for entrepreneurs who want to make a lot of money.
Maybe they shouldn't be? And I think honest people can have that debate.
But you can't really argue against the effectiveness of government subsidy as a path to prosperity for the guy getting the money.
pythonguython
Spacex rocketry tech is subject to ITAR regulations. That restricts who they’re allowed to contract with, data encryption and handling, but altogether those regulations are quite bare. It likely wouldn’t be enough to stop a state actor or rogue employees.
pc86
I think ITAR is mostly just to stop the outright sale of controlled items to foreign entities, not necessarily to prevent IP theft or corporate espionage.
null
colechristensen
Lots of space technology is classified as weapons subject to export control. ITAR has plenty of rules about who can see information. US immigration status generally has to be green card or citizen, and country of origin and any second citizenships are considered.
("export control" in this sense really doesn't have to do with moving a physical object out of the country but sharing information, to the extent that a conversation in an elevator could be an export violation. most export violations amount to emails being sent to the wrong person)
When I worked briefly in defense, for example, there would be regular random searches of my stuff as I exited the building and security would wander the building and look at what you left out on your desk while you went to lunch. Entirely seriously they told us not to wear our badge in public if we left the building and not to leave our laptops in our cars because someone might follow us and steal it. Had colleagues who were visiting a foreign country for work have their hotel rooms obviously thoroughly and messily searched while they were out.
They also do national security missions so there are folks there with high clearances.
Thing is that even if you did steal a bunch of information, that doesn't mean you could just copy and be successful. Any one of a million things can go wrong with a self-landing rocket that will cause it to explode, you can't just steal the whole system of operation that keeps these things from happening.
You couldn't steal all of the secrets of a circus performer and suddenly be able to juggle chainsaws while riding a unicycle.
null
_DeadFred_
I imagine SpaceX having pretty fishbowl conference rooms for customers in the center of everything, with guest network ports just segmented off from the main but using the same hardware. Oh man that would stress me out if I was IT. And of course the '<Customer name> needs to print something off and needs access to the MFCs'. No, you print it out for them, like has been discussed and agreed to and keeps with ITAR. 'No, they need access, and now. Because I'm a sales guy and I won't tell them no' but if they get into/past the MFC, it's all on IT and IT being bad at their job/security, not the sales guy that demanded they get physical access.
oldpersonintx2
[dead]
de6u99er
I don't think what SpaceX is doing is that hard to replicate. There's already competitors launching smaller payloads for smaller costs per weight. Just a matter of time until they creep into SpaceX's market, while SpaceX tries to build a starship inspired by the Futurama rocket.
pc86
This comment has big "I could build a better SpaceX I just don't want to" vibes.
sneak
It is insanely valuable, both commercially and strategically.
If it weren’t that hard to replicate, several countries (and Bezos/Blue Origin) would have replicated it by now.
I think you vastly underestimate how difficult rocketry is. There’s a reason “rocket science” is colloquially a metaphor for an extremely difficult and technical task.
duxup
It seems to me companies ... don't care out side some easy to do basic things.
But when push comes to shove if manufacturing is cheaper in a country where lots of folks want to steal your things. -shrug- Short term profits win.
93po
am i crazy for not caring if a company in a foreign country obtains trade secrets and manufactures the same thing? like we're all humans and we all want access to whatever it is they're building, it seems like more people building the thing is a good thing. if that impacts Samsung's profits, why do I care? its not like corporations give a shit about me
khuey
Well who are you? Maybe there is no reason for you to care.
TSMC alone is 12% of Taiwanese exports. The entire semiconductor industry is 25% of Taiwan's GDP. It's obvious why the Taiwanese government and society, to say nothing of TSMC's shareholders, would care.
fidotron
Yes, because if you tolerate that you disincentivize actually developing the IP in question in favour of stealing everyone else's, which leads to nothing being developed.
rangestransform
I work at a tech company and I’d rather have other countries pay my company to do it, rather than do it themselves with less-than-US salaries
duxup
I really can't answer that, it's your call if you care or not.
I think that the more of a free for all folks stealing tech as they wish will push companies who do the development work towards more proprietary / DRM and similar solutions ... I don't like that.
Allowing people to profit from their inventions / investments encourages more such development, and without that discourages it or encourages less good options.
echelon
Some countries have all the talent and manufacturing and sourcing advantages. Once they take the lead, you might never be able to keep up.
Your engineers lose their jobs, your businesses go bankrupt, you exit that entire field entirely for your entire population. Slowly your ability to do work begins to evaporate.
It's happened before and it'll continue to happen.
monkeyelite
[flagged]
onlyrealcuzzo
We are doing much better off with the status quo than TSMC firing everyone who isn't of the same religion, and even then, it's not hard for a spy to pretend to be <insert religion here>.
monkeyelite
> We are doing much better off
I’m not making a value judgement. I’m making a prediction about material conditions.
> TSMC firing everyone who isn't of the same religion
I didn’t say that. But circles of a trust around important information.
> it's not hard for a spy to pretend to be <insert religion here>.
Yes it is.
meindnoch
>even then, it's not hard for a spy to pretend to be <insert religion here>.
There are religious groups which you can only be born into. Some people believe that one such religious group wields the most power on our planet.
ants_everywhere
> groups have to return to more traditional forms of trust (family, religion, creed, etc)
a relevant acronym is MICE (money, ideology, compromise/coercion, ego). Religion would fall under ideology.
monkeyelite
Money and coercion is what corporations have now and it doesn’t work very well because the incentive is to violate it as soon as a better offer comes along.
I’m saying it has to be deeper and more durable.
amelius
Compartmentalize your company. Make sure people from one compartment are unaware about things people from other compartments are doing. Don't transfer/hire across compartment boundaries.
ujkhsjkdhf234
This is such a bad idea.
amelius
Care to say why? Security always comes at a cost ...
nunez
Apple does this.
KaoruAoiShiho
Locally in Taiwan, there’s growing suspicion that the 2nm process technology was leaked to Japan’s Rapidus.
People are questioning whether the technology was leaked to Rapidus through Japanese equipment suppliers.
AnonMO
make no sense since Rapidus 2nm process is from IBM.
tonyhart7
idk which shocking, Japanese company try to steal TSMC or IBM have 2nm process out of nowhere
trynumber9
IBM has kept researching in Albany. They license manufacturing technology to other parties even if they gave up trying to build their own fabrication facilities a decade ago.
speed_spread
"Out of nowhere" would be a stretch. IBM may not have mass-market volume anymore but they kept up the production chain to build mainframes (and I would guess other "specialty" products) for institutional customers.
bilbo0s
We can make hypersonic missiles.
I still want to get a look at China's. Right down to the metallurgy.
re-thc
> since Rapidus 2nm process is from IBM
Unless it has great yields with 0 issues, there's always things to learn from. It's also possible the IBM process isn't what it seems and there's more to it.
faeyanpiraat
This article was just the headline repeated in various forms with some generic filler
So strange
jihadjihad
I love that there is the headline, an intro, a heading for a section about the iPhone 18, and then another heading titled "TSMC says employees tried to steal trade secrets", which is literally a word-for-word substring of the headline.
CGMthrowaway
When there isn't any info but you have to turn in 400 words to your editor/get paid by the word...
dortlick
There is literally no indication in the article that this has anything to do with apple other than them being a potential user of the TSMC 2nm process. Strange they tried to connect this story to apple.
SilverElfin
Yep. It doesn’t detail what was stolen, how they were found, if they’re arrested right now, or who it is suspected they are working for. Useless article beyond the headline.
never_inline
At least, it doesnt look like chatgptese.
TheAceOfHearts
Could someone help contextualize what parts of this manufacturing process are considered the most important and closely guarded trade secrets? I'd love to hear some slightly more concrete examples.
How easily could another company replicate this process if they knew all the key details? It was my understanding that access to photolithography machines was one of the major obstacles in replicating chip manufacturing processes.
zozbot234
> Could someone help contextualize what parts of this manufacturing process are considered the most important and closely guarded trade secrets?
There's way too many fine details to even begin to list. Modern chip fabbing is the closest thing on the planet to actual dark magic, and the difficulty only rises exponentially with every new fabrication node. Literally any part of this could be considered a "trade secret" if it's not already described publicly as part of patents, academic research or both.
null
delroth
It's nice to see TSMC's internal security teams are detecting these things, but it would be more surprising news if this kind of IP theft wasn't happening to be honest...
0cf8612b2e1e
Only the bad criminals get caught.
ge96
My probably-racist sounding comment or nationalistic is my concern for software being owned by a certain entity and then this group is going to be used for the foundation of AI with our military, it will be interesting to see how that turns out.
edit: in this case someone pointed out it's a different nation so I'm surprised
chasil
Have we topped Micron?
https://www.freethink.com/the-changing-world-order/chinese-i...
0cf8612b2e1e
How big are all of the design files for a modern chip? 10MB? 100gig? Billions of transistors, but surely a lot of compressible redundancy.
Not that I think you can just plug in a thumb drive and download as you please, but just a sense of scale on how much data describes the design.
seanw444
> Not that I think you can just plug in a thumb drive and download as you please
Why not? It's just data, and a thumb drive stores data. As long as it fits.
0cf8612b2e1e
I meant that plugging in a thumb drive and downloading the company jewels is sure to be noticed. I was hoping for something a tad more clandestine. USB storage devices on my corporate laptop are auto mounted as read only and need policy exceptions to be able to write.
j_walter
This was not just from a thumb drive as that is very tightly controlled at TSMC (they did catch someone right away before it got leaked). The employees were caught printing info and removing it from the company (caught due to magnetic ink setting off the metal detectors) as well as using phones to take pictures of their laptop info while connecting from offsite. Taking pictures of remote laptops is a more covert way, but both employees were caught through suspicious pattern analysis and review of access logs of people right before they quit the company.
xadhominemx
TSMC practices compartmentalization. The entire recipe is never stored in one place.
mschuster91
Reminds me of the now-infamous "capacitor plague" [1] of 1999-2007 that keeps cropping up in electronics repair.
gus_massa
I guess you got downvoted because the connection is not obvious. The relevant paragraph of https://en.wikipedia.org/wiki/Capacitor_plague#Implications_... is
> [...] A materials scientist working for Rubycon in Japan left the company, taking the secret water-based electrolyte formula for Rubycon's ZA and ZL series capacitors, and began working for a Chinese company. The scientist then developed a copy of this electrolyte. Then, some staff members who defected from the Chinese company copied an incomplete version of the formula and began to market it to many of the aluminium electrolytic manufacturers in Taiwan [...]
voxadam
Asianometry has an interesting video on the topic titled What Happened to the Capacitors in 2002? [1]
sgarland
TIL! The only time (knock on wood) I ever had a motherboard go bad was an MSI from around 2002, due to a blown capacitor. To their credit, MSI had great support at the time, and sent me a new one after I sent a photo of the blown capacitor.
metalman
Grandpa worked heat treat at the alegany national forge, where they made stuff like the beams for the empire state building, periscope tubes, and the 16" guns for the biggest battle ships, each thing had to be tempered in a very specific way, and to deal with spying and espionage, the charts and instuments used on the shop floor were all deliberatly wrong,and the written instructions were also wrong leaving the person in charge to know how to convert the given instructions into what was actualy done through a secret method, not complicated, but essentialy impossible to reverse engineer. There is a story of soviet engineers who somehow were invited to tour the RR jet turbine factory, and were given shoes that had extra sticky soles they wore only for the tour, which ewere then used to anyalise the metal chips that get picked up from the shop floor..... never ends, expected.....even honored
Right before I left Samsung Austin Semiconductor (Samsung’s fab in the U.S.), in 2019, they were phasing out local share drives in favor of a self-hosted cloud that Samsung created. The supposed reason was better security, though it’s unclear to me why they couldn’t globally apply whatever rules they wanted to enforce to all office locations, instead of forcing everyone to use a remote endpoint. The throughput was absolutely terrible, like < 1 MBps. My department had some large files, so that was fun.
One such file was an Excel file that was more script than anything else. We had to have labels in a specific format on every machine we owned in the fab, which was something like 250 of them. The normal stuff like its id number, and also which points of contact for a technician and engineer, as well as their photos and phone numbers. Manually balancing and re-balancing every time a shift gained or lost an employee would’ve been obnoxious, so naturally instead countless hours were spent coercing VBA and ODBC to query a DB containing employee info, extracting and resizing their headshot, applying all of this to a template label, queuing a print job, and repeating. It was pretty fun to watch, honestly. I think I also had created a floor plan map somehow, and it would do its best to group a given technician’s assigned machines such that they minimized distance traveled during inspections. Anyway, the large file size was due to it caching the headshots (might have made a hidden tab for each? I don’t remember) for better performance, as that had proven to be a bottleneck.