Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,690
16,868


Back in December, Apple lost a copyright lawsuit against security research company Corellium, and today, Apple filed an appeal in that case, reports Reuters.

corellium.jpg

The judge in the copyright case determined that Corellium was operating under fair use terms and that its use of iOS was permissible, throwing out several of Apple's claims. For those unfamiliar with Corellium, the software is designed to replicate iOS exactly to allow security researchers to find bugs and vulnerabilities.

Apple claimed that Corellium illegally copied the iOS operating system and applications that run on the iPhone and iPad, and that it had violated the Digital Millennium Copyright Act by circumventing Apple's security measures.

Corellium argued that its software helps Apple by making it easier for security researchers to find flaws. Corellium also said that Apple was using its lawsuit to "crack down on jailbreaking" and that Apple's code in the product was fair use, which the judge agreed with.

Apple is appealing the verdict in this specific copyright lawsuit, which is separate from the settlement that Apple and Corellium reached earlier this month.

Apple and Corellium on August 10 settled a federal lawsuit that would have gone to trial on August 16, and this settlement was related to the DCMA claims. The terms of the settlement were confidential, and so far, Corellium is still selling its virtual iOS platform.

According to Reuters, security researchers are surprised that Apple has opted to revive its legal battle with Corellium after the settlement terms, and after Apple's Craig Federighi said that security researchers would serve as a check on its plans to scan iPhones and iPads for CSAM to make sure the scanning is limited to CSAM. Security researchers will be able to confirm that the database of images used to match CSAM content on user devices only consists of content from agencies like the National Center for Missing & Exploited Children.

Earlier today, Corellium said that it was launching an "Open Security Initiative" aimed at rewarding independent public research into mobile devices. Corellium's first focus is Apple's CSAM system and the company has called on security researchers to submit projects designed to validate "any security and privacy claims" from any mobile software vendor. Qualifying submissions will receive up to $5,000.
We applaud Apple's commitment to holding itself accountable by third-party researchers. We believe our platform is uniquely capable of supporting researchers in that effort. Our "jailbroken" virtual devices do not make use of any exploits, and instead rely on our unique hypervisor technology. This allows us to provide rooted virtual devices for dynamic security analysis almost as soon as a new version of iOS is released. In addition, our platform provides tools and capabilities not readily available with physical devices.
It's possible that Apple's decision to revive the Corellium lawsuit is related to Corellium's announcement earlier today. In a statement, Corellium Chief Executive Amanda Gordon told Reuters that "enough is enough." "Apple can't pretend to hold itself accountable to the security research community while simultaneously trying to make that research illegal," she said.

Article Link: Apple Appeals Corellium Copyright Lawsuit Loss After Settling Other Claims
 

iModFrenzy

macrumors 6502a
Jan 15, 2015
860
798
Our actions define our legacy
I was really happy when they won last time, here’s hoping the judge chooses wisely. I side with apple on many things but this is one thing I disagree with. Corellium allows security researchers to find vulnerabilities which Apple definitely can benefit from. Even if the exploit gets in the wrong hands, apple can patch it. So either way they’ll win in the end.
 

Shirasaki

macrumors G5
May 16, 2015
12,136
6,205
Apple really hates people peeking into their iOS dirty little secrets and ugly inside heh. 🤔 Guess this is also part of the reason they don’t like jailbreak. Given general iOS software quality downgrade YOY, even if this seems only for copyright on the surface, those Apple execs prolly still reeling from other defeats.
 

ian87w

macrumors 601
Feb 22, 2020
4,473
6,424
Indonesia
Okay Apple, your actions are becoming a joke now. You just talked high and mighyt about allowing security researchers to audit you, but then went lawsuit happy when they are trying to.

iOS15 is definitely a no go then for me. I have disabled auto download of ios update on my iPhone. My old Mac mini will be staying on Catalina.

This is really sad news for me, as I was actually someone who was starting to warm up to the Apple ecosystem.
 

LeadingHeat

macrumors 6502a
Oct 3, 2015
755
1,841
While Apple did say they are wanting security researchers to look into their software, I think I’d tend to agree with Apple here. This is a blatant copy-paste of their entire iOS operating system, which is the culmination of decades of work. Why can’t Corellium use the approved methods of the special iPhones given to other security researchers? This does seem like a flagrant foul to me on Corellium’s part.
 

GMShadow

macrumors regular
Jun 8, 2021
106
357
While Apple did say they are wanting security researchers to look into their software, I think I’d tend to agree with Apple here. This is a blatant copy-paste of their entire iOS operating system, which is the culmination of decades of work. Why can’t Corellium use the approved methods of the special iPhones given to other security researchers? This does seem like a flagrant foul to me on Corellium’s part.
Most researchers say that Apple’s special phones aren’t enough for a true examination.
 

pankajdoharey

macrumors 6502
Feb 19, 2014
484
335
Oz town, Jade City. Mars
Apple really hates people peeking into their iOS dirty little secrets and ugly inside heh. 🤔 Guess this is also part of the reason they don’t like jailbreak. Given general iOS software quality downgrade YOY, even if this seems only for copyright on the surface, those Apple execs prolly still reeling from other defeats.
A bIg reason why Apple doesnt like Jail Breaking is because of Piracy of Apps of third party stores like cydia. Apple App store is a big cash cow, just by selling others games on app store, Apple is the biggest game developer in the world. No Wonder Epic is fighting them.
 

rodriguise

macrumors regular
May 6, 2011
119
30
Sparks, NV
Do they at least pay royalties for this “fair use”. Whilst I appreciate their efforts, I don’t see a grounds for fair use. Like can you just steal a brand new car under the guise of testing vulnerabilities?
That would be false equivalence. What Corellium is doing is literally the de facto example from the Ninth Circuit.
 
  • Like
Reactions: AbsoluteAnointedOne

altaic

macrumors regular
Jan 26, 2004
234
112
On one hand, I like that Corellium is pressuring Apple to make good on its privacy promises. OTOH, how long until Corellium’s top clients are govt agencies and black hats? Security research is a double edged sword and can create a dangerous arms race.

Furthermore, WRT the CSAM scanning, since these devices are totally rooted, the neuralhash algorithm and parameters can be reverse engineered. Corellium or not, it’ll only be a matter of time before black hats create tools to cause undetectable (i.e. deep faked) perceptual hash collisions, weaponizing the system. SMH.
 

MuppetGate

macrumors 6502
Jan 20, 2012
273
294
On one hand, I like that Corellium is pressuring Apple to make good on its privacy promises. OTOH, how long until Corellium’s top clients are govt agencies and black hats? Security research is a double edged sword and can create a dangerous arms race.

Furthermore, WRT the CSAM scanning, since these devices are totally rooted, the neuralhash algorithm and parameters can be reverse engineered. Corellium or not, it’ll only be a matter of time before black hats create tools to cause undetectable (i.e. deep faked) perceptual hash collisions, weaponizing the system. SMH.
So perhaps it might’ve been a better idea to not build a backdoor into the OS in the first place?

if you’re right, then this would mean that Apple is relying on obscurity to keep their CSAM scanner secure. That’s a bad move.

Now, look at Facebook, who open-sourced their CSAM scanner to get as many experts involved as possible.

Yes, I did say Facebook.

 

Shirasaki

macrumors G5
May 16, 2015
12,136
6,205
A bIg reason why Apple doesnt like Jail Breaking is because of Piracy of Apps of third party stores like cydia. Apple App store is a big cash cow, just by selling others games on app store, Apple is the biggest game developer in the world. No Wonder Epic is fighting them.
There’s other ways to address piracy issue thanks to tight integration. This can be the reason, but not really the biggest contributor.
 

Marshall73

macrumors 68020
Apr 20, 2015
2,203
2,064
Apple have to appeal. The judge just opened the door to any company or individual taking iOS and running it in a virtual environment or anywhere else, without any agreement or control from Apple, as long as that company says, “it’s for security reasons”.
 

mannyvel

macrumors 65816
Mar 16, 2019
1,021
1,709
Hillsboro, OR
Corellium's CEO has been drinking her own cool aid.

I mean, Corellium are parasites; they exist by living off the caracass created by others. They have created nothing of value, really. She's trying to make them sound like the gatekeepers of security. They are no such thing. If they want to be that, they should go harden Android.
 

Realityck

macrumors 68020
Nov 9, 2015
2,446
3,457
Silicon Valley, CA
A comment of interest from Appleinsider article has this explained

per Ericthehalf

The most reasonable explanation is there’s a time limit on the appeal or some other procedural
matter that happened to coincide with this announcement. Or, more likely, Corelliums lawyers knew there was a deadline and made their announcement to coincide with it to try and make Apple look petty.

But hey, you do you.

Updated: Knew it. The final judgement was only just published today (December was a summary judgment) so the timing has nothing to do with Corellium and everything to do with the final judgement.
 

AndiG

macrumors 6502
Nov 14, 2008
333
616
Germany
CSAM is only Apples first step into a complete surveillance OS. This can be proofed by the fact that the current local scanning introduced with iOS15 is completely useless and could easily be done cloud only.

The only valid question is about what Apple plans to do with its local scanning software in the future. So there is more to come. Local scanning software also implemented in macOS? Usage of Apple scanning software mandatory for all Apps?
Apple started as an underdog, fighting big and evil IBM long time ago. Now it looks like Apple became evil, too. Is this was Steve had in mind? Guess not.

Tim Cook should step back - btw all those old „evangelists“ should retire. Apple needs fresh people and fresh ideas. A rotten Apple doesn‘t taste well.

 
Last edited:

altaic

macrumors regular
Jan 26, 2004
234
112
So perhaps it might’ve been a better idea to not build a backdoor into the OS in the first place?

if you’re right, then this would mean that Apple is relying on obscurity to keep their CSAM scanner secure. That’s a bad move.

Now, look at Facebook, who open-sourced their CSAM scanner to get as many experts involved as possible.

Yes, I did say Facebook.

I’m not sure why you’re attacking me. I made it pretty clear that I think that Apple is opening an enormous can of worms. Some people stand on the shoulders of giants, and some people slip on worms.

That said, I’m very concerned that in lashing out at me you have ulterior motives. I generally agreed with your other comments, but your diatribe indicates that there may be something else going on.

Edit: I will add that every system widely used “relies” to some extent on security by obscurity. There is an alternative, where the entire system is proven correct (with the caveat that you have read Gödel Escher Bach). Writing provable software (and hardware; check out Clash, a Haskell domain specific language) is something that is gaining traction, but it will be many years before that is a general expectation (and therefore widely funded). Apple furthered this by perhaps a decade by funding the LLVM project and hiring Chris Latimer (not because LLVM directly made compilation provable, but because it made compilation more easily analyzable [and therefore more easily provable]).

TLDR, we’re making progress, but most “coders” are not computer scientists or even engineers (even at Apple and Google), and provably correct software or hardware is still mostly, and unfortunately, academic.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.