Corellium, a startup virtualization software company, has been reportedly offering hackers a virtual iPhone. It is alleged that it is illegally reselling virtual copies of its iOS operating system under the pretence of legitimate security research.
Apple is suing Corellium to shut the virtual iPhone down. Apple claims that Corellium’s virtual iPhone replica infringes on the company’s copyright of iOS and related technology. It would be near impossible to use Corellium’s system as a replacement for an iPhone, but it still copies iOS directly.
Corellium advertises itself as “the first and only platform to offer iOS, Android and Linux virtualization on ARM.” The company allows users to interact with simulated iOS devices such as an iPhone or iPad via a web portal.
Corellium argues that it is helping white hat hackers?
- Corellium is illegally reselling virtual copies of iOS operating system under the pretense of legitimate security research. Prior coverage of Corellium has emphasized that some of its founders have roots in the iOS jailbreaking scene says Apple.
- Corellium says its goal is to enable white hat hackers (those whose intention is discovering and reporting rather than exploiting vulnerabilities). It encourages it’s users to sell any discovered information on the open market to the highest bidder.
- Intellectual property policy of Corellium states that the company “respects the intellectual property rights of others and expects its users to do the same. But its website does not explain how the company’s products comply with Apple copyrights.
In its complaint, Apple writes:
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
“The product Corellium offers is a virtual version of Apple mobile hardware products, accessible to anyone with a web browser. Specifically, Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple’s market-leading devices recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also underlying computer code. Corellium does so with no license or permission from Apple.”
4. This news comes just days after Apple announced that it would be launching an iOS security search device program, in which select security researchers would be given access to less-locked down iOS devices in order to help them find vulnerabilities.
5. Some of Apple’s concern over the product may have been what Corellium was really being used for bug-hunting. Corellium’s virtual iPhone was primarily used by researchers looking for vulnerabilities in iOS and the iPhone itself, which were often sold to third-party exploit traders rather than reported to Apple.
Apple argues that Corellium’s business is strictly a for-profit enterprise with no real concern regarding the discovery and patching of serious security flaws. Apple’s complaint relays that the company is seeking a permanent injunction along with damage and attorney’s fees.
Apple’s complain note,
“Corellium is indiscriminately marketing the Corellium Apple product to any customer, including foreign government and commercial enterprises. Corellium is not selectively limiting its customers to only those with some socially beneficial purpose.”