“Secure testing cannot be done without a jailbroken device”
Corellium, the firm that lets you create a virtualised copy of Apple’s iOS operating system, has hit back at Apple over a lawsuit filed late 2019, with the Corellium CEO publishing an open letter about its work, after Apple doubled down on its legal action — adding an accusation of copyright infringement to the claims it has filed in.
Corellium’s software allows security researchers to create a virtualised copy of the latest version of Apple’s iOS operating system. Running in a VM on a browser the software allows you to hunt for vulnerabilities without running the risk of breaking or bricking a device. Using Corellium’s software it is possible to pause the operating system to analyse the kernel and see what is happening to the iOS’ internal code.
Third-party developers cannot build secure products and services for Apple’s operating systems without a jailbroken device, Corellium CEO Amanda Gorton said.
Apple moved to shut down the company’s work last August, saying that: “Corellium’s business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple’s iPhone, iPad, and other Apple devices.” Corellium has made no effort to confine the use of its product to “good-faith research” Apple added, warning that Corellium-inspired exploits were hitting the commercial market.
Corellium was established in Florida in 2017, since then it has gained respect from cybersecurity experts and mobile jail breakers who unlock phones to take full control of the operating system allowing them to remove systems restriction or install unofficial applications.
Corellium v Apple and A Jailbreak Warning
In an open letter Corellium’s CEO Amanda Gorton made clear the company’s intention to fight the lawsuit writing that: “We are deeply disappointed by Apple’s persistent demonization of jailbreaking. Across the industry, developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps – testing which cannot be done without a jailbroken device.”
In her letter Gorton highlights the fact that many of the features included in Apple’s iOS such as dark mode, control centre and context menus all originated from jailbreak tweaks. Security researchers who have created jailbreaked devices are regular contributors and reporters when it comes to identifying vulnerabilities that need security patches.
Gorton states that: “Apple is using this case as a trial balloon in a new angle to crack down on jailbreaking. Apple has made it clear that it does not intend to limit this attack to Corellium: it is seeking to set a precedent to eliminate public jailbreaks.”
For the moment both sides appearing to be gearing up for their day in court, as Corellium says it will “strongly defend against this attack” and is preparing a formal response via a formal court filing.