Corellium Responds to Apple Lawsuit, Claims its iOS Virtualization Software Helps Apple

Apple in August filed a lawsuit against Corellium, a mobile device virtualization company that supports iOS, with Apple accusing Corellium of copyright infringement for replicating the operating system that runs on the iPhone and iPad.

As noted by Motherboard, Corellium today filed its response to Apple's lawsuit, accusing the Cupertino company of owing $300,000 and claiming that its software helps Apple by making it easier for security researchers to track down iOS bugs.

corellium

A virtual ‌iPhone‌ on Corellium's website used as evidence in Apple's lawsuit against the company

According to Apple, Corellium's product infringes on its copyrights by creating digital replicas of iOS, iTunes, and other apps and software. "Corellium has simply copied everything: the code, the graphical user interface, the icons - all of it, in exacting detail," reads Apple's lawsuit.

Corellium designed its software to create virtual iOS devices able to run iOS, and has encouraged researchers and hackers to use it to find and test vulnerabilities.

According to Corellium, Apple's code in its product is "fair use" and the software makes the world better by allowing security researchers to look into iOS, find flaws, and inform Apple so the bugs can be fixed.

Corellium argues it's easier for researchers to find and test bugs in iOS using virtual instances of iOS rather than physical devices. With this lawsuit, says Corellium, Apple is aiming to control who is allowed to find vulnerabilities in its software. This is a position that is also supported within the security community, according to Motherboard, and many security researchers were surprised by Apple's initial lawsuit.

Through its invitation-only research device program and this lawsuit, Apple is trying to control who is permitted to identify vulnerabilities, if and how Apple will address identified vulnerabilities, and if Apple will disclose identified vulnerabilities to the public at all.

One of Corellium's key arguments is that its customers are seeking bugs with the intention of alerting Apple of their existence, which Motherboard points out is just an assumption and, based on evidence, not true. One customer highlighted in Corellium's legal response, for example, is Azimuth, a company that does not report bugs to Apple.

Instead, Azimuth sells hacking tools based on those bugs to law enforcement and intelligence agencies in countries like the United States and Canada.

Corellium also argues that Apple has known about the company for years and has been friendly to Chris Wade, one of Corellium's founders. Corellium says that Wade was invited to join Apple's bug bounty program. Wade has since reported seven bugs to Apple without receiving payment, which is why Corellium argues that Apple owes $300,000.

Apple declined to provide Motherboard with a comment on Corellium's legal response. Apple is continuing to seek a permanent injunction to prevent Corellium from offering a product that replicates iOS. Apple also wants Corellium to destroy all infringing materials that it's collected, and pay Apple damages, lost profits, and attorney fees.

Top Rated Comments

chucker23n1 Avatar
33 months ago
Regardless of where you stand, this argument doesn't hold water.


According to Corellium, Apple's code in its product is "fair use" and the software makes the world better by allowing security researchers to look into iOS, find flaws, and inform Apple so the bugs can be fixed.

Corellium argues it's easier for researchers to find and test bugs in iOS using virtual instances of iOS rather than physical devices.
Really? Your product is for security purposes? That's weird, because your anemic website makes the completely different case that it's for mobile development.

That’s no simulator.
Mobile Device Virtualization:
The Future of Mobile Development
Guess the legal team needs to quickly tell the marketing team what the product is allegedly for?

And secondly, suppose it is secondarily intended for security purposes. Why does this matter? I can't just declare something "fair use" just because I personally find my use case noble. That's not remotely how copyright works.

If you agree with Corellium's point of view, then at best, Apple is being grossly negligent by not letting third parties use Corellium to discover potential security issues. And if you feel that way, you should alert Apple's customers about that. But from a copyright point of view, that's still for Apple to decide.
Score: 13 Votes (Like | Disagree)
bbeagle Avatar
33 months ago
So, according to Corellium, I could break into people's homes if I'm there for the purpose of helping them out.

I'll break into people's homes, open their refrigerators, check the expiration dates on their eggs and milk. And if they're expired, I'll write the home-owner a note on the kitchen table letting them know.
Score: 12 Votes (Like | Disagree)
markgpearse Avatar
33 months ago
Seems like a slam dunk for Apple.
Score: 9 Votes (Like | Disagree)
chucker23n1 Avatar
33 months ago

Bud, I don't care how lawyers argue intellectual property rights or EULA.
And yet you literally joined a thread about a lawsuit about intellectual property rights. Weird.
Score: 5 Votes (Like | Disagree)
Peace Avatar
33 months ago
They can do this because they think they are helping Apple..

Priceless..

Say..I'm helping Apple so I'm gonna make copies of Mac O/S..
Score: 5 Votes (Like | Disagree)
Kabeyun Avatar
33 months ago

Too many here are not getting the use case for this, equating it to plain 'thievery'. This seems like a pretty neat research tool, that does what vmware/vbox/parallels do for desktop virtualization.

Regardless of the turn out for this, Apple really just wants to control how people are able to do security research on their devices. Considering how things went this past summer for webkit security and their response and the mess that has been the current 13/15 releases, they probably should do a better job opening up the system for security research. (yes I know about the recent changes to the bug bounty program)
I’m so relieved that Corellium has explained this for Apple’s lawyers. Once Apple realizes they were actually incorrect to sue them, I’m sure they’ll drop the lawsuit.
Score: 3 Votes (Like | Disagree)

Popular Stories

Prosser Series 8 3

Apple Watch Series 8 Rumored to Feature New Design With Flat Display

Wednesday May 18, 2022 6:21 am PDT by
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro." In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
anker 563 dock ports

Anker's Latest USB-C Docking Station Brings Triple-Display Support to M1 Macs

Wednesday May 18, 2022 7:06 am PDT by
While Apple's early M1-based Macs can only officially support a single external display, there are ways around the limitation. Anker is launching a new 10-in-1 USB-C docking station today which delivers just that. The Anker 563 USB-C dock includes two HDMI ports and a DisplayPort port, and it leverages DisplayLink to carry multiple video signals over a single connection. Given that this hub...
macOS Monterey 2

Apple Releases macOS Monterey 12.4 With Support for Studio Display Webcam Update

Monday May 16, 2022 10:10 am PDT by
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control. The ‌‌‌‌‌macOS Monterey‌‌ 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
Whatsapp Feature

WhatsApp to Let Users Leave Group Chats 'Silently' and View Rich Link Previews in Status Updates

Tuesday May 17, 2022 3:07 am PDT by
WhatsApp is working on a new feature that will allow users to "silently" leave group chats hosted by the messaging platform instead of all members of the group being notified when they do. As it stands, when someone leaves a group chat, WhatsApp announces their exit to the entire group, making the act of leaving very public. It's not possible right now to leave a group quietly, but WhatsApp...
apple data auction iphone privacy ad

Apple Highlights iPhone's Latest Privacy Features in New 'Data Auction' Ad

Wednesday May 18, 2022 9:00 am PDT by
Apple today shared a new ad highlighting iPhone privacy features like App Tracking Transparency and Mail Privacy Protection that are designed to give users more transparency and control when it comes to their personal data being collected. The ad revolves around a young woman named Ellie who discovers that her personal data is being sold at an auction house, with bids being placed on her...
airpodsproinear

Apple Facing Lawsuit After AirPods Allegedly Ruptured Child's Eardrums With Amber Alert

Tuesday May 17, 2022 11:40 am PDT by
Apple's AirPods ruptured the eardrums of a 12-year-old boy in 2020 when a loud Amber Alert was issued, according to a lawsuit filed against Apple in California (via Law360). The child, identified as B.G. in the filing, was watching a movie on Netflix on his iPhone in 2020 while wearing AirPods Pro. The AirPods Pro were allegedly set at a low volume, but an Amber Alert sounded without warning ...
apple store palo alto

Apple Reinstating Employee Mask Mandate at Approximately 100 U.S. Retail Stores

Tuesday May 17, 2022 11:11 am PDT by
Apple retail employees at around 100 stores will need to go back to wearing a mask while working, according to Bloomberg's Mark Gurman. Apple is mandating masks for employees again due to a rising number of COVID cases across the United States. Customers who visit an Apple Store are not required to wear a mask at this time, but Apple is continuing to recommend masks for all Apple Store...