Corellium opens iOS device virtualization support to individual accounts
Hot off its court win against Apple, Software virtualization firm Corellium on Monday announced an expansion of services that enables customers to virtualize iPhone and iPad devices on individual accounts.
Previously, Corellium restricted iOS-based device virtualization to enterprise accounts through its CORSEC platform, with Android tools available to both enterprise and individual users.
The change allows security researchers and other interested parties to run virtual iPhone and iPad models on their host machine without paying for an enterprise license. Pricing is based on the number of virtualized cores or devices and the service is available as a monthly subscription or pay as you go rate.
At the heart of CORSEC is Corellium technology that allows the creation of a virtual iOS device in the cloud. Customers first select a device to copy and are then asked to download a particular iOS build directly from Apple's servers. Corellium's platform subsequently displays a "fully functioning" replica device.
Touting "real iOS -- with real bugs that have real exploits," CORSEC is utilized by security researchers to ferret out bugs and vulnerabilities in iOS.
Apple does not license its software for use by Corellium, and the tech giant sued the outfit in 2019 for infringement of copyrights covering iOS, iTunes and user interface IP. That case was largely dismissed in December when a federal judge found Corellium met its burden of establishing fair use.
Corellium says security was among the considerations contemplated when rolling out iOS access for individuals. The company says it vets customers and has declined sales to enterprise users in the past, policies that will apply to individual accounts going forward. In requesting access for an account, users will be required to present a use case and verify their identity.
Previously, Corellium restricted iOS-based device virtualization to enterprise accounts through its CORSEC platform, with Android tools available to both enterprise and individual users.
The change allows security researchers and other interested parties to run virtual iPhone and iPad models on their host machine without paying for an enterprise license. Pricing is based on the number of virtualized cores or devices and the service is available as a monthly subscription or pay as you go rate.
At the heart of CORSEC is Corellium technology that allows the creation of a virtual iOS device in the cloud. Customers first select a device to copy and are then asked to download a particular iOS build directly from Apple's servers. Corellium's platform subsequently displays a "fully functioning" replica device.
Touting "real iOS -- with real bugs that have real exploits," CORSEC is utilized by security researchers to ferret out bugs and vulnerabilities in iOS.
Apple does not license its software for use by Corellium, and the tech giant sued the outfit in 2019 for infringement of copyrights covering iOS, iTunes and user interface IP. That case was largely dismissed in December when a federal judge found Corellium met its burden of establishing fair use.
Corellium says security was among the considerations contemplated when rolling out iOS access for individuals. The company says it vets customers and has declined sales to enterprise users in the past, policies that will apply to individual accounts going forward. In requesting access for an account, users will be required to present a use case and verify their identity.
Comments
If this is considered “Fair Use”, then why aren’t we able to buy movies and then set up a streaming service for critics to review them at a small fee?
Corellium attorney - “That’s correct, your Honor, the defendant vets every enterprise customer.”
Judge - “and all of your customers are enterprise level customers.”
Corellium attorney - “Yes, your Honor”
Judge - “Will this change in the future?”
(Corellium attorney and Corellium representative quietly, briefly discuss the question)
Corellium attorney - “After conferring with my client, Corellium, they have stated that they have no plans to change their target customer base for the foreseeable future.”
Apple attorney - “Your Honor we would like the record to note that ‘for the foreseeable future’ is quite vague and therefore we request a new hearing if the defendant, Corellium, changes their target customer base.”
Judge - “So noted. Request granted. Case dismissed.”
Later this week...
Who's to say the "individuals" who now have access to this, will not sell any vulnerabilities discovered to the highest bidder (not Apple) and never mention it to the public?