{"id":26311,"date":"2019-08-16T15:37:44","date_gmt":"2019-08-16T19:37:44","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=26311"},"modified":"2022-08-04T15:52:22","modified_gmt":"2022-08-04T19:52:22","slug":"apple-files-lawsuit-against-corellium-for-ios-virtualization","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/08\/16\/apple-files-lawsuit-against-corellium-for-ios-virtualization\/","title":{"rendered":"Apple Files Lawsuit Against Corellium for iOS Virtualization"},"content":{"rendered":"<p><a href=\"https:\/\/www.macrumors.com\/2019\/08\/15\/apple-corellium-copyright-infringement-lawsuit\/\">Juli Clover<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=20710565\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.macrumors.com\/2019\/08\/15\/apple-corellium-copyright-infringement-lawsuit\/\"><p>Apple today filed a lawsuit against <a href=\"http:\/\/corellium.com\">Corellium<\/a>, a mobile device virtualization company that supports iOS. Corellium describes itself as the &ldquo;first and only platform&rdquo; that offers iOS, Android, and Linux virtualization on ARM.<\/p><p>In the lawsuit, filed today in the Southern District of Florida, Apple accuses Corellium of copyright infringement for illegally replicating the operating system and applications that run on the iPhone and the <a href=\"https:\/\/www.macrumors.com\/roundup\/ipad\/\">iPad<\/a>.<\/p><p>[&#8230;]<\/p><p>Apple says it does not want to encumber &ldquo;good-faith security research&rdquo; but instead is aiming to end Corellium&rsquo;s &ldquo;unlawful commercialization of Apple&rsquo;s valuable copyrighted works.&rdquo;<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2019\/08\/15\/apple-is-suing-a-cybersecurity-startup-for-illegally-replicating-iphones\/\">\nThomas Brewster<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2019\/08\/15\/apple-is-suing-a-cybersecurity-startup-for-illegally-replicating-iphones\/\">\n<p>The startup is Corellium, first revealed by Forbes in February 2018, when the husband-and-wife founded company came out of stealth. Its product provides &ldquo;virtualized&rdquo; versions of iOS. For security researchers, such software-only versions of the Apple operating system are incredibly valuable. For instance, it&rsquo;s possible to use Corellium to pause the operating system and analyze what&rsquo;s happening at the code level. Some in the industry have called it &ldquo;magic,&rdquo; as it should help security researchers uncover vulnerabilities with greater ease and speed than having to work with a commercial iPhone.<\/p>\n<\/blockquote>\n\n<p>Various sites have called this &ldquo;iOS emulation,&rdquo; but it sounds to me more like running iOS on commodity hardware (i.e. iOS Hackintoshes) and then selling online access to the virtual machines. This seems really useful but almost certainly violates Apple&rsquo;s copyright and\/or software license agreements.<\/p>\n\n<p>See also: <a href=\"https:\/\/itlaw.wikia.org\/wiki\/Apple_v._Psystar\">Apple v. Psystar<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/08\/06\/hacker-friendly-iphones-and-mac-bug-bounty-program\/\">Hacker-Friendly iPhones and Mac Bug Bounty Program<\/a><\/li>\n<\/ul>\n\n<p id=\"apple-files-lawsuit-against-corellium-for-ios-virtualization-update-2019-08-19\">Update (2019-08-19): <a href=\"https:\/\/twitter.com\/stroughtonsmith\/status\/1162479680982855681\">Steve Troughton-Smith<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/stroughtonsmith\/status\/1162479680982855681\">\n<p>you have to download &amp; install your own IPSW last time I tried, but I don&rsquo;t know what advanced offerings they have for special customers.<\/p>\n<\/blockquote>\n\n<p>If Corellium is only providing hardware that you install iOS on yourself, I would think they (but not the customer) would legally be in the clear. But that doesn&rsquo;t seem to be what they&rsquo;re doing.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/realmrpippy\/status\/1162782538818973696\">Brendan Shanks<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/realmrpippy\/status\/1162782538818973696\">\n<p>A screenshot from the complaint shows a list of iOS versions, which they apparently download-on-demand. Legally feels shakier than requiring the user provide an IPSW<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/www.vice.com\/en_us\/article\/d3a8jq\/apple-corellium-lawsuit\">Lorenzo Franceschi-Bicchierai<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.vice.com\/en_us\/article\/d3a8jq\/apple-corellium-lawsuit\">\n<p>Matt Suiche, a well-known researcher who developed virtualization software in the past, <a href=\"https:\/\/twitter.com\/msuiche\/status\/1162135182805229568\" target=\"_blank\" rel=\"noopener noreferrer\">tweeted<\/a>: &ldquo;Imagine what today's Cloud Computing landscape would look like if VMware had been sued by IBM or Microsoft back in 1998,&rdquo; referring to the popular virtualization platform VMware. Daniel Cuthbert, who is on the Black Hat conference review board and a veteran of the infosec community, <a href=\"https:\/\/twitter.com\/dcuthbert\/status\/1162254129533616128\" target=\"_blank\" rel=\"noopener noreferrer\">called<\/a> it a &ldquo;poor move&rdquo; by Apple. <a href=\"https:\/\/twitter.com\/qwertyoruiopz\/status\/1162162693106786305\" target=\"_blank\" rel=\"noopener noreferrer\">Luca Todesco<\/a>, a well-known iPhone hacker, said this lawsuit is akin to Apple pulling &ldquo;a Sony,&rdquo; in reference to the Japanese giant suing security researcher George &ldquo;Geohot&rdquo; Hotz, in 2011 for jailbreaking the Playstation 3.<\/p>\n<p>[&#8230;]<\/p>\n<p>The employee explained that the way Apple licenses its software, you can&rsquo;t run a virtual version of MacOS on VMware or other virtualization platforms if it&rsquo;s not running on a Mac computer. Corellium does something similar, but with iOS.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Juli Clover (Hacker News): Apple today filed a lawsuit against Corellium, a mobile device virtualization company that supports iOS. Corellium describes itself as the &ldquo;first and only platform&rdquo; that offers iOS, Android, and Linux virtualization on ARM.In the lawsuit, filed today in the Southern District of Florida, Apple accuses Corellium of copyright infringement for illegally [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-08-16T19:37:47Z","apple_news_api_id":"82ff806f-b220-4e0f-9953-1529e62c5d63","apple_news_api_modified_at":"2022-08-04T19:52:25Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABA==","apple_news_api_share_url":"https:\/\/apple.news\/Agv-Ab7IgTg-ZUxUp5ixdYw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[38,167,1909,733,1402,31,41,209,2251],"class_list":["post-26311","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple","tag-copyright","tag-corellium","tag-emulator","tag-hackintosh","tag-ios","tag-lawsuit","tag-legal","tag-virtualization"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=26311"}],"version-history":[{"count":4,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26311\/revisions"}],"predecessor-version":[{"id":27715,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26311\/revisions\/27715"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=26311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=26311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=26311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}