Corellium Responds to Apple Lawsuit, Claims its iOS Virtualization Software Helps Apple

[MacRumors]

Apple in August filed a lawsuit against Corellium, a mobile device virtualization company that supports iOS, with Apple accusing Corellium of copyright infringement for replicating the operating system that runs on the iPhone and iPad.

As noted by Motherboard, Corellium today filed its response to Apple's lawsuit, accusing the Cupertino company of owing $300,000 and claiming that its software helps Apple by making it easier for security researchers to track down iOS bugs.

A virtual iPhone on Corellium's website used as evidence in Apple's lawsuit against the company​

According to Apple, Corellium's product infringes on its copyrights by creating digital replicas of iOS, iTunes, and other apps and software. "Corellium has simply copied everything: the code, the graphical user interface, the icons - all of it, in exacting detail," reads Apple's lawsuit.

Corellium designed its software to create virtual iOS devices able to run iOS, and has encouraged researchers and hackers to use it to find and test vulnerabilities.

According to Corellium, Apple's code in its product is "fair use" and the software makes the world better by allowing security researchers to look into iOS, find flaws, and inform Apple so the bugs can be fixed.

Corellium argues it's easier for researchers to find and test bugs in iOS using virtual instances of iOS rather than physical devices. With this lawsuit, says Corellium, Apple is aiming to control who is allowed to find vulnerabilities in its software. This is a position that is also supported within the security community, according to Motherboard, and many security researchers were surprised by Apple's initial lawsuit.

Through its invitation-only research device program and this lawsuit, Apple is trying to control who is permitted to identify vulnerabilities, if and how Apple will address identified vulnerabilities, and if Apple will disclose identified vulnerabilities to the public at all.

One of Corellium's key arguments is that its customers are seeking bugs with the intention of alerting Apple of their existence, which Motherboard points out is just an assumption and, based on evidence, not true. One customer highlighted in Corellium's legal response, for example, is Azimuth, a company that does not report bugs to Apple.

Instead, Azimuth sells hacking tools based on those bugs to law enforcement and intelligence agencies in countries like the United States and Canada.

Corellium also argues that Apple has known about the company for years and has been friendly to Chris Wade, one of Corellium's founders. Corellium says that Wade was invited to join Apple's bug bounty program. Wade has since reported seven bugs to Apple without receiving payment, which is why Corellium argues that Apple owes $300,000.

Apple declined to provide Motherboard with a comment on Corellium's legal response. Apple is continuing to seek a permanent injunction to prevent Corellium from offering a product that replicates iOS. Apple also wants Corellium to destroy all infringing materials that it's collected, and pay Apple damages, lost profits, and attorney fees.

Article Link: Corellium Responds to Apple Lawsuit, Claims its iOS Virtualization Software Helps Apple

 

[paulbart]

Corellium may want to research Apple's history regarding other companies lifting their binaries

Apple Computer, Inc. v. Franklin Computer Corp.

 

[markgpearse]

Seems like a slam dunk for Apple.

 

[chucker23n1]

Regardless of where you stand, this argument doesn't hold water.

According to Corellium, Apple's code in its product is "fair use" and the software makes the world better by allowing security researchers to look into iOS, find flaws, and inform Apple so the bugs can be fixed.

Corellium argues it's easier for researchers to find and test bugs in iOS using virtual instances of iOS rather than physical devices.

Really? Your product is for security purposes? That's weird, because your anemic website makes the completely different case that it's for mobile development.

That’s no simulator.
Mobile Device Virtualization:
The Future of Mobile Development

Guess the legal team needs to quickly tell the marketing team what the product is allegedly for?

And secondly, suppose it is secondarily intended for security purposes. Why does this matter? I can't just declare something "fair use" just because I personally find my use case noble. That's not remotely how copyright works.

If you agree with Corellium's point of view, then at best, Apple is being grossly negligent by not letting third parties use Corellium to discover potential security issues. And if you feel that way, you should alert Apple's customers about that. But from a copyright point of view, that's still for Apple to decide.

 

[Peace]

They can do this because they think they are helping Apple..

Priceless..

Say..I'm helping Apple so I'm gonna make copies of Mac O/S..

 

[Eorlas]

inb4 "jailbreakers are babies that crack their phones just to look trendy and cool"

and

"does anyone jailbreak anymore?"

and

"what's the point of jailbreaking?"

 

[826317]

Does it ship with Apple's iOS binaries? If yes, it's clear infringement. If not, and it merely provides the virtualisation software, then it is not infringement. If it is not using any Apple software and it copied the exact look and feel of iOS, it is infringement.

 

[realtuner]

So....

They’re trying to use the argument of “the end justifies the means” by saying they’re helping to find bugs?

 

[chucker23n1]

inb4 "jailbreakers are babies that crack their phones just to look trendy and cool"

and

"does anyone jailbreak anymore?"

and

"what's the point of jailbreaking?"

Jailbreaking used to be far more useful, but these days the cost-benefit ratio just doesn't seem that great. Back on my iPhone 3G with iOS 2.x through 4.x, there were quite a few things missing that jailbreaking added in a better-than-nothing-but-not-great kind of way. But over time, Apple has added many missing pieces, often in a pretty good way, so…

 

[thadoggfather]

inb4 "jailbreakers are babies that crack their phones just to look trendy and cool"

and

"does anyone jailbreak anymore?"

and

"what's the point of jailbreaking?"

its funny how little I feel the desire to show strangers my customization, I guess I do it to impress myself into seeming trendy and cool :shrug

 

[mariusignorello]

Oh no, you don’t get it! Apple needs us to find bugs for them! (while we make a quick profit copying their software).

 

[bbeagle]

So, according to Corellium, I could break into people's homes if I'm there for the purpose of helping them out.

I'll break into people's homes, open their refrigerators, check the expiration dates on their eggs and milk. And if they're expired, I'll write the home-owner a note on the kitchen table letting them know.

 

[B4U]

Next time, we are going to have thieves claiming that they are helping the security company to expose their flaws.

 

[bsamcash]

Makes sense. Just like how the guy in high school who stole my CD player was just trying to show me the vulnerabilities in my backpack.

 

[keysofanxiety]

According to Corellium, Apple's code in its product is "fair use"

lmfao. Anybody who’s ever read any software EULA will know this is most certainly not the case. In fact if you checked any licence agreement for almost any application, the one thing they’ll all say is that their code is off limits.

 

[Eorlas]

But over time, Apple has added many missing pieces, often in a pretty good way, so…

i still have a list. it's truly too bad there isnt a jb for the pro max yet.

its funny how little I feel the desire to show strangers my customization, I guess I do it to impress myself into seeming trendy and cool :shrug

it's just the nonsense that people have to spew around here to feel better about themselves.

Oh no, you don’t get it! Apple needs us to find bugs for them! (while we make a quick profit copying their software).

apple does. every major tech company that delivers software has bug bounty programs, apple's is just very infantile because they only started it recently.

there are third party companies that pay out huge amounts of money for big bugs, especially those that can lead to a jailbreak. this forum ignorantly scoffs at the idea while someone else is willing to pay out over a million for one.
[automerge]1572376949[/automerge]

lmfao. Anybody who’s ever read any software EULA will know this is most certainly not the case. In fact if you checked any licence agreement for almost any application, the one thing they’ll all say is that their code is off limits.

im going to wager a guess that the people smart enough to make this in the first place also had some legal consult behind them.

 

[Bin Cook]

I’m no lover of Apple Corporate but simply nicking the binary and moving on as your own product has got to be a no-no in most countries?

 

[slightly_sour]

Too many here are not getting the use case for this, equating it to plain 'thievery'. This seems like a pretty neat research tool, that does what vmware/vbox/parallels do for desktop virtualization.

Regardless of the turn out for this, Apple really just wants to control how people are able to do security research on their devices. Considering how things went this past summer for webkit security and their response and the mess that has been the current 13/15 releases, they probably should do a better job opening up the system for security research. (yes I know about the recent changes to the bug bounty program)

 

[chucker23n1]

Too many here are not getting the use case for this, equating it to plain 'thievery'. This seems like a pretty neat research tool, that does what vmware/vbox/parallels do for desktop virtualization.

Their marketing doesn't pitch it as a research tool at all.

But even if it is a research tool, it's not up to a third party to simply virtualize something whose EULA doesn't allow virtualization outside of Apple devices. They can make the case that portions (or the entirety) of the EULA should be void, but they're not making that case. They're arguing it's "fair use". Which is rich.

Regardless of the turn out for this, Apple really just wants to control how people are able to do security research on their devices. Considering how things went this past summer for webkit security and their response and the mess that has been the current 13/15 releases, they probably should do a better job opening up the system for security research. (yes I know about the recent changes to the bug bounty program)

You really just want to control how people are able to use your fridge. Considering how things went this past summer with the stale milk and rotten eggs, you should probably do a better job opening up the apartment for hygiene.

 

[slightly_sour]

Their marketing doesn't pitch it as a research tool at all.

But even if it is a research tool, it's not up to a third party to simply virtualize something whose EULA doesn't allow virtualization outside of Apple devices. They can make the case that portions (or the entirety) of the EULA should be void, but they're not making that case. They're arguing it's "fair use". Which is rich.

You really just want to control how people are able to use your fridge. Considering how things went this past summer with the stale milk and rotten eggs, you should probably do a better job opening up the apartment for hygiene.

Bud, I don't care how lawyers argue intellectual property rights or EULA. Also, strawman much.

 

[chucker23n1]

Bud, I don't care how lawyers argue intellectual property rights or EULA.

And yet you literally joined a thread about a lawsuit about intellectual property rights. Weird.

 

[falkon-engine]

Well with how buggy iOS 13 has been, Apple should take all the help they can get.

 

[mariusignorello]

i still have a list. it's truly too bad there isnt a jb for the pro max yet.



it's just the nonsense that people have to spew around here to feel better about themselves.



apple does. every major tech company that delivers software has bug bounty programs, apple's is just very infantile because they only started it recently.

there are third party companies that pay out huge amounts of money for big bugs, especially those that can lead to a jailbreak. this forum ignorantly scoffs at the idea while someone else is willing to pay out over a million for one.
[automerge]1572376949[/automerge]


im going to wager a guess that the people smart enough to make this in the first place also had some legal consult behind them.

Pinning a copyright infringement lawsuit on Apple’s lack of a good bounty program isn’t going to hold up in court. And if that was truly the case, then this company shouldn’t be turning a profit if all they want to do is “help Apple”.

 

[Jerry Fritschle]

Too many here are not getting the use case for this, equating it to plain 'thievery'. This seems like a pretty neat research tool, that does what vmware/vbox/parallels do for desktop virtualization.

The problem with this comparison is that such virtualization tools don't come with an OS. And theoretically, at least, the ones you load are licensed.

 

[mariusignorello]

No matter how much “help” they wanted to give to Apple, they committed a crime in the process. The result doesn't justify the means. Not to mention charging for software they stole.