IPhone emulation startup filed a lawsuit against Apple
A startup Corellium, creating replicas of the iOS operating system filed a lawsuit against Apple for US$ 300,000.
The founders of Corellium developed software that can help you create a virtual copy of the iOS used on the iPhone and download it on PC. Thanks to the development, Corellium clients can quickly find vulnerabilities or functional problems in iOS using a virtual copy instead of original iPhone: an Apple device may stop working due to unauthorized interference, and its virtual copy can simply be rebooted. Security developers, programmers and hacker enthusiasts, also known as jailbrokers can all make use out of it.
However, Apple considered the development of Corellium a copyright infringement, since its creators "replicated" virtual copies of the iPhone without their permission.
Apple sues developer of iOS “flawless copies”
In response to a Forbes request, Apple’s press service referred to the text of the lawsuit against the founders of Corellium. It states that the purpose of the proceedings is not to “prevent fair research in the security field,” but to “end the illegal commercialization of copyrighted Apple products.” In conclusion, Apple representatives wrote: “The real purpose of Corellium is to cash in on a flagrant copyright violation. “Corellium not only does not help in removing security vulnerabilities, but also encourages users of its software to sell any discovered information on the open market.”
Apple has offered a large reward for hacking iPhone
It is noted that all this time Chris Wade, founder of Corellium maintained friendly relations with Apple. According to Wade, he constantly transmitted vulnerability data in iOS to the company. In 2016, Apple announced the launch of the Bug Bounty program, with which programmers can receive rewards for detected errors in the operating system (now the amount of awards reaches up to US$1.5 million). Wade decided to partially fund Corellium with these rewards. According to him, he wanted to make this process as transparent as possible. In an email from September 2017, Wade told Apple security and privacy program manager Jason Shirk that he was going to send vulnerability reports to the company to finance his startup, which is creating virtual copies of the iPhone.
After reviewing the prints provided by Corellium, one can also assume that initially Apple representatives encouraged Corellium. However, last year, the relationship between the company and Apple deteriorated. In a counterclaim filed in court on October 28, Corellium said they had not received payment for any of the security vulnerabilities they reported to the company. The technology giant, they said, owed them more than US$ 300,000.
Apple will give hackers special iPhones to search for vulnerabilities
Corellium is currently a very profitable startup: customers from public and private sectors pay thousands of dollars for the company's products. The startup software costs US$ 62,500 and a license costs US$ 575 per month. But due to rising litigation costs and the impending threat of losing the ability to continue development, Corellium may be on the verge of collapse.
Apple, in turn, may face a backlash from the information security community. This year, the company has already been criticized by them. In September, Google representatives published a study on one of the largest hacker attacks on iPhone users. It was primarily about Uyghur users living in China and persecuted by Chinese authorities. Apple's response has been mixed. In a rare official statement, company representatives tried to downplay the significance of what happened. According to some observers, such as former Facebook security director Alex Stamos, Apple representatives wanted to assure everyone that Google researchers exaggerated too much.
There is a feeling that after all the measures taken after Steve Jobs’s death Apple took only a few steps back - you just have to think about Bug Bounty program and Tim Cook's aggressive position regarding the protection of user data. One of these steps can prevent one of the most interesting technology startups from entering information security market.