“No attempt to confine use of its product to good-faith research”
Apple is suing virtualisation software firm Corellium for copyright infringement of its iOS operating system, saying the company has created a “perfect digital facsimile”.
Using Corellium’s software, users can spin up an exact copy of the latest iOS operating system on a virtual machine, including iOS devices such as iPhones and iPads.
Apple states in court documents filed in Florida that: “Corellium’s business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple’s iPhone, iPad, and other Apple devices.
“The product Corellium offers is a ‘virtual’ version of Apple mobile hardware products, accessible to anyone with a web browser.”
The key factor here is that the operating system will exist in the user’s browser and is not tied into one device. This potentially allows security researchers to attempt to find vulnerabilities within the kernel of the iOS operating system without having to worry about breaking an expensive device in the process. Using Corellium, the latest version of an iPhone can be spun up on a server within just ten minutes.
Apple is arguing in court that: “Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple’s market-leading devices–recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple.”
Apple Sues Corellium in Florida Courts
Corellium was founded in Florida in 2017, in the last two years it has earned a sterling reputation among mobile jail breakers and cybersecurity specialists.
Global head of cybersecurity research at Santander, Daniel Cuthbert is among those who hold Corellium’s technology in high esteem, saying on Twitter: “You are obviously all from other planets as there is NO WAY in hell this was made by humans. Alien tech and I for one welcome our new overlords. This is magic and truly will change stuff.”
“The sheer flexibility to virtualise the downgrading of devices, to test fixes/bugs/features on older versions, is amazing. Then, ability to change Device IDs on the fly, with Coretrace, this is heaven,” Cuthbert said.
Corellium’s product is powered by Hypervisor for ARM. Hypervisor is a virtual machine monitor that researchers use to run virtual operating platforms while spinning up new virtual machines within a server.
The Hypervisor for ARM normally runs on a 64-bit, Arm Cortex-A ARMv8 architecture that is optimised for the operation of virtual machines. ARM is a good fit for replicating Apple software, as its devices have been known to use ARM Cortex-A8 CPU cores. Corellium have named its version of Hypervisor for ARM ‘CHARM’.
While many security researchers use Corellium to hunt for threats, Apple said in its the court documents that: “Corellium makes no effort whatsoever to confine use of its product to good-faith research and testing of iOS. Nor does Corellium require its users to disclose any software bugs they find to Apple, so that Apple may correct them.”
“Instead, Corellium is selling a product for profit, using unauthorized copies of Apple’s proprietary software, that it avowedly intends to be used for any purpose, without limitation, including for the sale of software exploits on the open market.”
Apple is asking the court to grant a permanent injunction against Corellium that would stop the firm from creating replicas of its iOS. Apple is also seeking damages in the form of attorney fees and lost profit. Computer Business Review contacted Apple and Corellium for comment but had yet to hear back as we published.