Apple fires legal salvo at Corellium claiming the virtual iPhone flinger is infringing copyright
Good-faith security research tool or help for hackers? Both?
Apple has filed a copyright infringement complaint against Corellium, which provides virtual machines running iOS as a service to developers and security researchers.
The Florida-based company sells virtual iPhones running in the cloud, with extra features including "optional jailbreak for any version", according to a tweet soon after its launch in early 2018.
Corellium's products have won praise from researchers like Daniel Cuthbert, global head of cybersecurity research at Banco Santander, who recently stated "the sheer flexibility to virtualise the downgrading of devices, to test fixes/bugs/features on older versions, is amazing. Then, ability to change Device IDs on the fly, with Coretrace, this is heaven."
That service will be coming to an end if Apple has its way. The complaint filed in Florida yesterday claims that "Corellium's business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple's Phone, iPad and other Apple devices."
Apple stated that while it "strongly supports good-faith security research", Corellium does not qualify since, according to Apple's complaint, "far from fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the market to the highest bidder."
In its complaint, Apple cited how Corellium tweeted "glad we could help" when a developer of an iOS hacking tool praised the product and shortly afterwards was able to release an improved version of the tool.
Apple said that Corellium "does not have authorization, license, or permission from Apple" for its iOS virtual machines and is seeking an injunction to end this service.
Cuthbert, on the other hand, said on Twitter that being able to run tests across all versions of iOS via the Corellium service "has the potential to help developers make more secure apps, which in turn makes iOS even more secure".
Testing software against a wide range of Apple hardware running different versions of iOS is difficult and expensive, a point made by Corellium CTO Chris Wade earlier this month. "Why not just give virtual devices to ALL developers?" he said on Twitter.
Apple said in the filing that it "has never pursued legal action against a security researcher" but claims "the purpose of this lawsuit is not to encumber good-faith security research, but to bring an end to Corellium's unlawful commercialization of Apple's valuable copyrighted works."
The Register has asked Corellium to comment. ®