Apple sues Corellium, saying that they are profiteering from supposedly good-faith security research

Apple filed a lawsuit against Corellium today, a mobile device virtualization company that supports iOS, accusing the upstart of illegally selling virtual copies of the iPhone and iPad operating systems under the guise of helping to discover security flaws.

Corellium describes itself as the “first and only platform” that offers iOS, Android, and Linux virtualization on ARM. In other words, the company allows customers to create and interact with virtual iOS devices.

In the lawsuit, filed today in the Southern District of Florida, Apple accuses Corellium of copyright infringement of illegally replicating the operating system and applications that run on the iPhone and iPad. 

The product Corellium offers is a “virtual” version of Apple mobile hardware products, accessible to anyone with a web browser. 

Specifically, Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple’s market-leading devices–recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple.

According to Apple, Corellium’s iOS virtualization product infringes on Apple’s copyrights. “Corellium has simply copied everything: the code, the graphical user interface, the icons — all of it, in exacting detail,” reads the lawsuit. 

Apple’s lawsuit comes days after it announced that it would be launching an “iOS Security Research Device Program,” which grants security researchers to Apple’s operating system in order to help the company find vulnerabilities.

The program said that it supports “good-faith security research,” and even offering a $1 million “bug bounty” for anyone who discovers flaws in its system and gives custom versions of the iPhone to “legitimate” researchers. Corellium, on the other hand, said that they can offer the same and take it even farther.

Corellium’s product creates digital replicas of iOS, iTunes, and user interface elements just from a person’s laptop or a custom platform built by Corellium themselves. At the recent Black Hat USA conference, Corellium even said themselves that its “Apple product” is an exact copy of iOS and is able to allow researchers and hackers to find and test vulnerabilities. 

Forbes did a deep dive on the company last year. As they point out, two of the company’s co-founders were some of the earliest members of the iPhone jailbreak scene, showing that they do have know-hows of Apple’s operating system.

Despite Corellium’s seemingly genuine cause of providing access to detect vulnerabilities, Apple goes on to say that the company’s actual goal is “profiting off its blatant infringement.”

Apple says it does not want to encumber “good-faith security research” but instead is aiming to end Corellium’s “unlawful commercialization of Apple’s valuable copyrighted works.”

“Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder,” the lawsuit says.

On information and belief, Corellium makes no effort whatsoever to confine use of its product to good-faith research and testing of iOS. Nor does Corellium require its users to disclose any software bugs they find to Apple, so that Apple may correct them. Instead, Corellium is selling a product for profit, using unauthorized copies of Apple’s proprietary software, that it avowedly intends to be used for any purpose, without limitation, including for the sale of software exploits on the open market.

Furthermore, Apple indicated the Corellium has every intention to market the copyrighted iOS products to any customer, which includes foreign governments and commercial enterprises. Apple said. “Corellium is not selectively limiting its customers to only those with some socially beneficial purpose.”

Overall, Apple says that Corellium is in no business to compete with its  Apple Developer Program, even though they have created perfect replicas of Apple’s devices.

Apple is seeking a permanent injunction to prevent Corellium from continuing to offer a product that replicates iOS. Apple also wants Corellium to destroy all infringing materials that it’s collected, and pay Apple damages, lost profits, and attorney fees. 

In addition to an order blocking sales of the Corellium Apple Product, Apple wants a court order forcing Corellium to notify its customers that they are in violation of Apple’s rights, destruction of any products using Apple copyrights, and cash compensation.

Be the first to comment on "Apple sues Corellium, saying that they are profiteering from supposedly good-faith security research"

Leave a comment

Your email address will not be published.