Corellium Accuses Apple of Using Lawsuit to 'Crack Down on Jailbreaking'

[TiggrToo]

Look up the comments people made when the 12.4 jailbreak was released. Everyone going crazy and shouting at Apple. Look at the comments people made when checkm8 was released. Although its only use is jailbreaking and it's completely useless for malware, people assumed all A7-A11 devices were now doomed. Is it misinformation? Yes. Does Apple care? No. It's easier for them to make people happy rather than convince everyone they're misinformed.

You have failed to prove your point and have simply given anecdotal "evidence".

Consider this. I grab the Windows 10 from a store brought PC and put it on 1,000 VMs on AWS for free.

You think Microsoft won't shut me down faster than you can say "Holy Windows, Batman!"?

 

[Jake James]

What's the difference between taking licensed code and placing on a physical machine, and one that does the same virtually?

I never mentioned "physically" or "virtually". I said what Corellium does is not redistribution. Giving remote control to software is not the same as giving you a download link to the software. Corellium provides you remote control to their virtualization software. You then choose if you want to install iOS or Android (Android is supported too). Then you choose what device and what version. It's the same thing if I gave you TeamViewer control to my machine with VMWare installed and then you choose what you install.
[automerge]1578007251[/automerge]

You have failed to prove your point and have simply given anecdotal "evidence".

Consider this. I grab the Windows 10 from a store brought PC and put it on 1,000 VMs on AWS for free.

You think Microsoft won't shut me down faster than you can say "Holy Windows, Batman!"?

You can go and check yourself if you don't believe me. People were really blaming Apple's security when they unpatched the 12.4 bug, instead of being grateful that someone found it so quickly and it was fixed.

And I don't get the Windows 10 & Microsoft thing you said

 

[bytesynthesis]

Pretty much all jailbreaks from the beginning until iOS 9.3.3 were developed by teams that found the bugs for the sole purpose of jailbreaking, evasi0n, Pangu, TaiG etc etc.

TaiG? You mean the sketchy Chinese company that caused a huge controversy when the jailbreak team evad3rs partnered with them without the knowledge of their users?

"The evad3rs team says that the Chinese App Store Taig has indeed paid them money to bundle the software with evasi0n for Chinese users.

The team says that there’s nothing wrong in benefiting financially in ethical ways, but its “ethical” ways come into question due to the fact that they didn’t make their users aware of Taig, the Chinese App Store, and more importantly, about the pirated content hosted on it."

evad3rs apologises for piracy on Taig Chinese Cydia

evad3rs apologises for piracy on Taig Chinese App Store, says Saurik was racing them to release a jailbreak

www.iphonehacks.com

A little bit of research shows that one of Corellium's co-founders was on the evad3rs team. For somebody touting security research I'm amazed at the lack of ethics here.

 

[TiggrToo]

I never mentioned "physically" or "virtually". I said what Corellium does is not redistribution. Giving remote control to software is not the same as giving you a download link to the software. Corellium provides you remote control to their virtualization software. You then choose if you want to install iOS or Android (Android is supported too). Then you choose what device and what version. It's the same thing if I gave you TeamViewer control to my machine with VMWare installed and then you choose what you install.
[automerge]1578007251[/automerge]


You can go and check yourself if you don't believe me. People were really blaming Apple's security when they unpatched the 12.4 bug, instead of being grateful that someone found it so quickly and it was fixed.

And I don't get the Windows 10 & Microsoft thing you said

1. "People were" = anecdotal
2. The Windows 10 thing is exactly what we're talking about here.

 

[Jake James]

TaiG? You mean the sketchy Chinese company that caused a huge controversy when the jailbreak team evad3rs partnered with them?

"The evad3rs team says that the Chinese App Store Taig has indeed paid them money to bundle the software with evasi0n for Chinese users.

The team says that there’s nothing wrong in benefiting financially in ethical ways, but its “ethical” ways come into question due to the fact that they didn’t make their users aware of Taig, the Chinese App Store, and more importantly, about the pirated content hosted on it."

evad3rs apologises for piracy on Taig Chinese Cydia

evad3rs apologises for piracy on Taig Chinese App Store, says Saurik was racing them to release a jailbreak

www.iphonehacks.com

A little bit of research shows that one of Corellium's co-founders was on the evad3rs team. For somebody touting security research I'm amazed at the lack of ethics here.

TaiG is a security team. What you're thinking of is their partner, that paid them money to add a chinese piracy app store in their jailbreak. But that's not the relevant part. What I am saying is that jailbreaks caused more bugs to be found, thereby improving security.

 

[bytesynthesis]

TaiG is a security team. What you're thinking of is their partner, that paid them money to add a chinese piracy app store in their jailbreak. But that's not the relevant part. What I am saying is that jailbreaks caused more bugs to be found, thereby improving security.

So it's not relevant that one of Corellium's co-founders was on the team "evad3rs" which had to apologize and remove the app after a huge uproar? It's highly relevant here. Especially because you're talking about security.

 

[Jake James]

1. "People were" = anecdotal
2. The Windows 10 thing is exactly what we're talking about here.

1. Go check yourself. I don't have to quote anything when everything you can easily find yourself
2. Ok, but that's out of context. We were talking about a different thing. I still do think giving people remote control to a VM isn't redistribution.

So it's not relevant that one of Corellium's co-founders was on the team "evad3rs" which had to apologize and remove the app after a huge uproar? It's highly relevant here. Especially because you're talking about security.

Their ethics are irrelevant in this case. As a result of evasi0n security was improved, that's a fact. As a result of any jailbreak security is improved in the next version.

 

[TiggrToo]

TaiG is a security team. What you're thinking of is their partner, that paid them money to add a chinese piracy app store in their jailbreak. But that's not the relevant part. What I am saying is that jailbreaks caused more bugs to be found, thereby improving security.

You seem to have placed a huge amount of faith in Jailbreaking being the source of Apple's security, whereas as was shown with checkm8 Apple had already closed the door with the newer chips. So, please explain how this exploit helps make Apple more secure when it had already been mitigated against long long before it was found?
[automerge]1578007926[/automerge]

1. Go check yourself. I don't have to quote anything when everything you can easily find yourself
2. Ok, but that's out of context. We were talking about a different thing. I still do think giving people remote control to a VM isn't redistribution.



Their ethics are irrelevant in this case. As a result of evasi0n security was improved, that's a fact. As a result of any jailbreak security is improved in the next version.

No, it's not out of context. Both deal with a licensed operating system being placed on virtual machines "for free". It's exactly the same concept.

 

[bytesynthesis]

Their ethics are irrelevant in this case. As a result of evasi0n security was improved, that's a fact. As a result of any jailbreak security is improved in the next version.

How is it irrelevant? Wouldn't YOU want to know who you're doing business with and if they have a good character? Why would you purposefully overlook a history of bad ethics? Let me guess... personal investment?

And how was evasi0n security improved, exactly? Because they got caught when somebody reverse engineered their jailbreak?

 

[Jake James]

You seem to have placed a huge amount of faith in Jailbreaking being the source of Apple's security, whereas as was shown with checkm8 Apple had already closed the door with the newer chips. So, please explain how this exploit helps make Apple more secure when it had already been mitigated against long long before it was found?

I did not say checkm8 caused betters security. I said jailbreaks in general did, that doesn't mean every single jailbreak. I mentioned checkm8 to prove my point that people are clueless. Apple didn't want checkm8 to be released because they knew people would start blaming Apple for poor security, that's exactly what they did
[automerge]1578008137[/automerge]

How is it irrelevant? Wouldn't YOU want to know who you're doing business with and if they have a good character? Why would you purposefully overlook a history of bad ethics? Let me guess... personal investment?

And how was evasi0n security improved, exactly? Because they got caught when somebody reverse engineered their jailbreak?

Read what I said properly please. I did not say "the evasi0n security improved", I said evasi0n CAUSED APPLE'S security to be improved. It exposed a new flaw which Apple fixed. If they didn't do that the flaw would've stayed in iOS. And Chris Wade wasn't part of evad3rs, by the way. He was part of another jailbreak team.

 

[TiggrToo]

1. Go check yourself. I don't have to quote anything when everything you can easily find yourself
2. Ok, but that's out of context. We were talking about a different thing. I still do think giving people remote control to a VM isn't redistribution.



Their ethics are irrelevant in this case. As a result of evasi0n security was improved, that's a fact. As a result of any jailbreak security is improved in the next version.

I did not say checkm8 caused betters security. I said jailbreaks in general did, that doesn't mean every single jailbreak. I mentioned checkm8 to prove my point that people are clueless. Apple didn't want checkm8 to be released because they knew people would start blaming Apple for poor security, that's exactly what they did

All the previous Jailbreaks for years have been on older Operating Systems.

So again, you have failed to make your case here. Give me one recent Jailbreak in the last 3 years that affected the latest OS on the latest hardware.

And yes, you do have to provide citations. Check the Macrumors rules for debate.

 

[Jake James]

All the previous Jailbreaks for years have been on older Operating Systems.

So again, you have failed to make your case here. Give me one recent Jailbreak in the last 3 years that affected the latest OS on the latest hardware

a jailbreak doesn't have to support BOTH the latest devices and the latest versions if it wants to expose flaws in EITHER the latest devices OR the latest versions. The 12.4 jailbreak exposed a flaw in the latest version, although it didn't support the latest devices, the bug WAS present there and later it DID get exploited (unc0ver fully supported A12 later). It caused Apple to fix it. Many modern jailbreaks have exposed new techniques that Apple fixed. Electra started the concept of kppless, Apple took measures against it in A12. Unc0ver started the concept of pacless, Apple probably (we don't really know yet) did something against it in iOS 13.

 

[bytesynthesis]

Read what I said properly please. I did not say "the evasi0n security improved", I said evasi0n CAUSED APPLE'S security to be improved. It exposed a new flaw which Apple fixed. If they didn't do that the flaw would've stayed in iOS. And Chris Wade wasn't part of evad3rs, by the way. He was part of another jailbreak team.

I'm not talking about Chris Wade. David Wang aka "planetbeing" was on the evad3rs team and is a co-founder of Corellium.

So I guess you're okay with this, then? This is somehow secure for users? Just read the comments in the reddit thread and see how angry people are. You can't say jailbreaking is 100% safe and secure when developers get greedy and are offered large sums of money from sketchy organizations.

https://www.reddit.com/r/jailbreak/comments/1tgoce

 

[TiggrToo]

a jailbreak doesn't have to support BOTH the latest devices and the latest versions if it wants to expose flaws in EITHER the latest devices OR the latest versions. The 12.4 jailbreak exposed a flaw in the latest version, although it didn't support the latest devices, the bug WAS present there and later it DID get exploited (unc0ver fully supported A12 later). It caused Apple to fix it. Many modern jailbreaks have exposed new techniques that Apple fixed. Electra started the concept of kppless, Apple took measures against it in A12. Unc0ver started the concept of pacless, Apple probably (we don't really know yet) did something against it in iOS 13.

Last chance, citations please for your claim.


Rules:

1. Sources. If you claim that something's a fact, back it up with a source. If you can't produce evidence when someone asks you to cite your sources, we may remove your posts. If you started the thread, then we may remove or close the thread.

 

[Jake James]

Last chance, citations please for your claim.


Rules:

1. Sources. If you claim that something's a fact, back it up with a source. If you can't produce evidence when someone asks you to cite your sources, we may remove your posts. If you started the thread, then we may remove or close the thread.

Sources for what? I'm using logical arguments. If someone releases an issue, the security is improved. Cause and effect. Do you want proof that jailbreaks released security flaws that wouldn't have been released otherwise? Here you go: https://www.theiphonewiki.com/wiki/Category:Exploits

As for "kppless" and "pacless" I cannot really give you sources as those are not security issues, they are jailbreaking techniques. All I can tell you is the fact that to prevent "kppless" (a jailbreak without patching kernel read only regions) Apple added PAC & PPL (Pointer Authentication Codes and Page Protection Layer). To workaround those, "pacless" was done, and it's very likely that Apple did something against it in iOS 13, but we have no reason to check right now, there isn't even an exploit fot A12 on iOS 13 out.

[automerge]1578042566[/automerge]

I'm not talking about Chris Wade. David Wang aka "planetbeing" was on the evad3rs team and is a co-founder of Corellium.

So I guess you're okay with this, then? This is somehow secure for users? Just read the comments in the reddit thread and see how angry people are. You can't say jailbreaking is 100% safe and secure when developers get greedy and are offered large sums of money from sketchy organizations.

https://www.reddit.com/r/jailbreak/comments/1tgoce

We're not talking about the safety of jailbreaks. We're talking about what jailbreaks offer for the security of iOS. Evasi0n exposed a security issue. If it didn't do that, the security issue would've stayed in iOS. Doesn't matter how safe evasi0n was. It caused iOS to be more secure.

 

[chucker23n1]

We're talking about what jailbreaks offer for the security of iOS.

Why?

Even if we grant that only jailbreaks prompt Apple to fix some holes (which, good luck proving that? There are tons of other security researchers out there who aren't as sketchy), Corellium's logic of "you've benefitted some; therefore, copyright no longer applies" is absurd.

I can't break into your house and then point out that I've cleaned your kitchen. Hey, it was dirty! And you wouldn't have cleaned it yourself, right?

 

[Jake James]

Why?

Even if we grant that only jailbreaks prompt Apple to fix some holes (which, good luck proving that? There are tons of other security researchers out there who aren't as sketchy), Corellium's logic of "you've benefitted some; therefore, copyright no longer applies" is absurd.

I can't break into your house and then point out that I've cleaned your kitchen. Hey, it was dirty! And you wouldn't have cleaned it yourself, right?

I didn't say "only jailbreaks", I said jailbreaks are a main cause for finding flaws. Without them there would be LESS (not ZERO) people finding bugs and security would be WORSE.

And I did not make the "jailbreaking helps security" argument to justify copyright issues. Of course a good cause doesn't justify a broken law. The argument was made to show what Apple's true intentions are. Jailbreaking helps Apple's security but harms their image. They would rather have the latter which is the REAL REASON Apple is suing Corellium. This argument is unrelated to the other ones regarding copyright. My argument regarding copyright was different: Corellium isn't breaking copyright because they are not redistributing iOS, they are only providing people the ability to use their virtualization software which supports both iOS and Android.

 

[TiggrToo]

@Jake James :

You stated earlier : "What I am saying is that jailbreaking gives people the impression that iOS is not secure". I asked for proof that supports this.

You claim that is fact. I asked for citations. You can either say that there are not any and that's just an opinion, or you can provide me with citations that prove this.

In addition you keep not answering my question about if I were to do this with Windows 10.

 

[chucker23n1]

You stated earlier

This is my first post in the thread.

 

[TiggrToo]

This is my first post in the thread.

I'm so sorry @chucker23n1 - that was meant to be a reply to @Jake James . My apologies.

I've edited my post.

 

[Jake James]

@Jake James :

You stated earlier : "What I am saying is that jailbreaking gives people the impression that iOS is not secure". I asked for proof that supports this.

You claim that is fact. I asked for citations. You can either say that there are not any and that's just an opinion, or you can provide me with citations that prove this.

In addition you keep not answering my question about if I were to do this with Windows 10.

Sure. Here's one. You can find countless posts like this:

Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak

Apple in iOS 12.4 mistakenly unpatched a vulnerability that was fixed in the iOS 12.3 update, leading to a new jailbreak available for iOS 12.4...

www.macrumors.com

There are comments like "Yes yes, and Apple is doomed and Steve is rolling in his grave like a gas station hotdog", "I'm surprised this regression happened. This points to a breakdown in product management discipline, which in general is a bad sign.", "I wish Apple was on its game, but alas, no. It's a company spread too thin, governed by greedy hand-wringers.", "This is pretty ridiculous on Apple's part. I understand Apple develops parallel versions of iOS (12.3, 12.4, etc.) concurrently to reduce development time, but having one team not communicate with the other seems silly.". Enough? Is my point proven that the release of the 12.4 jailbreak gave Apple a bad reputation? Can we all realize that had it not been for the jailbreak the bug would've been found much later (if at all) and it wouldn't have gotten any attention by the media? No bad publicity for Apple? Can we understand why Apple hates jailbreaks?

 

[TiggrToo]

Sure. Here's one. You can find countless posts like this:

Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak

Apple in iOS 12.4 mistakenly unpatched a vulnerability that was fixed in the iOS 12.3 update, leading to a new jailbreak available for iOS 12.4...

www.macrumors.com

There are comments like "Yes yes, and Apple is doomed and Steve is rolling in his grave like a gas station hotdog", "I'm surprised this regression happened. This points to a breakdown in product management discipline, which in general is a bad sign.", "I wish Apple was on its game, but alas, no. It's a company spread too thin, governed by greedy hand-wringers.", "This is pretty ridiculous on Apple's part. I understand Apple develops parallel versions of iOS (12.3, 12.4, etc.) concurrently to reduce development time, but having one team not communicate with the other seems silly.". Enough? Is my point proven that the release of the 12.4 jailbreak gave Apple a bad reputation? Can we all realize that had it not been for the jailbreak the bug would've been found much later (if at all) and it wouldn't have gotten any attention by the media? No bad publicity for Apple? Can we understand why Apple hates jailbreaks?

That's not proof, that's anecdotal.

Very very last chance: substante this claim, or state it's your opinion (which is a perfectly fine thing to have).

And again - please answer the Windows 10 aspect as it is core to this whole discussion.

an·ec·dot·al | \ ˌa-nik-ˈdō-tᵊl \
Definition of anecdotal

1: based on or consisting of reports or observations of usually unscientific observers anecdotal evidence that may be more anecdotal than factual

 

[Jake James]

That's not proof, that's anecdotal.

Very very last chance: substante this claim, or state it's your opinion (which is a perfectly fine thing to have).

What sort of proof are you expecting for a claim like "jailbreaking gives Apple a bad reputation"? Can you be clearer on that?

And again - please answer the Windows 10 aspect as it is core to this whole discussion.

I did. Giving people remote control to MY machine is something I can do. Selling hardware and giving people a chance to use YOUR hardware are very different things.

 

[TiggrToo]

What sort of proof are you expecting for a claim like "jailbreaking gives Apple a bad reputation"? Can you be clearer on that?



I did. Giving people remote control to MY machine is something I can do. Selling hardware and giving people a chance to use YOUR hardware are very different things.

So, no citations them. OK, got it. You feel to understand that that is just your opinion. It is not a fact. Do you claim it is a fact?

Also I asked if I were take one OEM windows license and place it on 1,000 VMs, what do you think MS would do if they were to find out and why? - please answer the question I asked and not the question you want to answer.

 

[Jake James]

So, no citations them. OK, got it.

I'm asking you to be clearer. I gave citations of people that are doing exactly what I'm claiming. Care to explain why that is invalid and give me an example of what's not invalid?

Also I asked if I were take one OEM windows license and place it on 1,000 VMs, what do you think MS would do if they were to find out and why? - please answer the question I asked and not the question you want to answer.

I still do not understand the question fully. Can you please make the question in regards to Apple and not Microsoft? I'm quite clueless when it comes to Microsoft so of course I can't give you an answer like you expect.