Apple escalates legal fight with iOS virtualization tool provider Corellium

Posted:
in iPhone edited December 2019
The researchers at Corellium are under legal assault by Apple, and the security firm has responded to Apple's latest legal volley and effort to block its iOS virtualization tool with the DMCA.




On December 27, Apple amended its lawsuit that it filed versus Corellium -- a company that provides the frameworks of an iOS simulator used by security researchers. While Apple has stopped short of calling a jailbreak illegal, it is taking the tack that developing an emulator or similar iOS emulation to facilitate a jailbreaking tool's creation is a copyright infringement.

In the filing, Apple is clear about the approach that it will take at trial.
This is a straightforward case of infringement of highly valuable copyrighted works, along with the trafficking of and profiting from technology that enables such infringement. Corellium's business is based entirely on commercializing the illegal replication of the copyrighted operating system and applications that run on Apple's iPhone, iPad, and other Apple devices.

The product Corellium offers is a "virtual" version of Apple mobile hardware products, accessible to anyone with a web browser. Specifically, Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple's market-leading devices-- recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple.
Apple also says that legitimate security researchers using the virtual iOS environment to test exploits isn't relevant to the case.

"Corellium's conduct plainly infringes Apple's copyrights. This is not a case in which it is questionable or unclear whether the defendant reproduced the rights-owner's works, or more subtly, whether particular portions of the works that the defendant took are ultimately protected by federal copyright law," Apple says. "Instead, Corellium simply copies everything: the code, the graphical user interface, the icons-- all of it, in exacting detail."

In response to the filing, Corellium has made a statement. It refutes that it is violating the Digital Millenium Copyright Act, and is using the suit as a test-case to clamp further down on jailbreaking and those who make the tools.
We are deeply disappointed by Apple's persistent demonization of jailbreaking. Across the industry, developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps - testing which cannot be done without a jailbroken device. For example, a recent analysis of the ToTok app revealed that an Apple-approved chat app was being used as a spying tool by the government of the United Arab Emirates, and according to the researchers behind this analysis, this work would not have been possible without a jailbreak.

Not only do researchers and developers rely on jailbreaking to protect end users, but Apple itself has directly benefited from the jailbreak community in a number of ways. Many of the features of iOS originally appeared as jailbreak tweaks and were copied by Apple, including dark mode, control center, and context menus. In addition, jailbreak creators regularly contribute to the security of iOS. The developer behind the unc0ver jailbreak was acknowledged and credited by Apple for assisting with a security vulnerability in the iOS kernel - a vulnerability he discovered while using Corellium.
In August, Apple filed a lawsuit with the U.S. District Court for the Southern District of Florida over Corellium's mobile device virtualization solution, claiming it infringes on a number of the iPhone maker's software copyrights. Apple claimed it did not license the use of iOS, iTunes, or other user interface technologies for use by Corellium in its tools, which are used by security companies to search for issues with iOS.

In October, Corellium responded to the lawsuit with a number of defenses and counterclaims.

Corellium's "relevant background" starts by claiming Apple "encouraged Corellium to continue developing its technology" before making its copyright infringement claim. During this time, Corellium was also approved to take part in the invitation-only Security Bounty Program, which has since been opened up to a larger pool of researchers.

"While Apple gladly accepted and utilized bugs submitted by Corellium as part of this program, it broke its promise to pay them," the firm insists. Later, "Apple announced its own competing product and soon after sued Corellium," with the virtualization company claiming "Apple never hinted that it believed Corellium was infringing its copyrights."

Corellium goes on to suggest Apple's behavior in relation to security research is "widely viewed as harmful to the public," with Apple's complaint used as an example of "its desire to exclusively control the manner in which security researchers identify vulnerabilities" in its operating systems.

The filing goes on to raise the iOS bugs found by Google's Project Zero shortly after Apple filed its lawsuit, using it as an example of how Corellium's technology is "intended to improve the security research and development community."

Apple is asserting two claims of direct federal copyright infringement for computer software and graphical user interface elements, and one claim for contributory federal copyright infringement targeting users of Corellium's products. The company is looking for an injunction that prohibits sale and access to Corellium products, an order to return owned intellectual property, destruction or impounding of infringing materials, damages and court fees.

«1

Comments

  • Reply 1 of 38
    lkrupplkrupp Posts: 9,474member
    This outfit will suffer the same fate as Psystar. 
    DAalsethStrangeDayseriamjhwatto_cobrachasm
  • Reply 2 of 38
    Correlium's attempt to characterize this as "jailbreaking" seems to be misdirection.  If they were buying hardware, jailbreaking it, and then selling those jailbroken devices, they might have a case.  Maybe.  That's not what they're doing, though.  They're replicating the phone, not taking an existing one and modifying it.
    MacQcStrangeDayswatto_cobrachasm
  • Reply 3 of 38
    If Corellium makes profit from copying Apple’s product, then it is wrong. They are not a small group of people who jail breaking for fun and for the greater good. It is just money.

    If a company make an exact copy Tesla model S and claim it is for the public to testing if the car is reliable. Guess which company the court will win the sue?

    StrangeDaysradarthekat
  • Reply 4 of 38
    Do I think Apple will win? Yes.  It’s a clear case of copyright violation.
    But, when I read about this case I get the feeling I’m missing something. Why is Apple fighting this so hard?

    My guess is someone in legal has charted this path far into the future, and they’re trying to avoid some other land mine... that isn’t obvious to us right now.  They’re setting a legal precedence, in other words.


    lostkiwimuthuk_vanalingamradarthekatwatto_cobra
  • Reply 5 of 38
    zimmiezimmie Posts: 554member
    Why does every commentary on this case bring up jailbreaking? The two issues are only related in that they both involve iOS. May as well talk about this case's impact on the App Store.

    From what I've been able to find, this is more like a hackintosh. It's running a real copy of iOS in a VM and providing access to that VM.
    watto_cobra
  • Reply 6 of 38
    Correlium's attempt to characterize this as "jailbreaking" seems to be misdirection.  If they were buying hardware, jailbreaking it, and then selling those jailbroken devices, they might have a case.  Maybe.  That's not what they're doing, though.  They're replicating the phone, not taking an existing one and modifying it.
    It's virtualization, providing a means to run iOS outside of the phone hardware. It's not useful for creating a new phone or really for using apps w/o one. It's used primarily by security researchers. Apple has acknowledged them before for providing security fixes. 
    watto_cobra
  • Reply 7 of 38
    DAalsethDAalseth Posts: 1,734member
    Correlium's attempt to characterize this as "jailbreaking" seems to be misdirection.  If they were buying hardware, jailbreaking it, and then selling those jailbroken devices, they might have a case.  Maybe.  That's not what they're doing, though.  They're replicating the phone, not taking an existing one and modifying it.
    Exactly. They don't have a legal leg to stand on, so they are trying to throw as much BS up in the hopes to smokescreen. They are copying iOS and putting it on another device. They will lose, just like they would lose if they did this with Windows without permission, or any other OS. They are not doing this for the community. they are trying to profit off of Apple's hard work and by doing so make a tool that Black Hats can use to figure out weaknesses in iOS. I hope the court slaps them down hard.
    beeble42watto_cobra
  • Reply 8 of 38
    ctwise said:
    Correlium's attempt to characterize this as "jailbreaking" seems to be misdirection.  If they were buying hardware, jailbreaking it, and then selling those jailbroken devices, they might have a case.  Maybe.  That's not what they're doing, though.  They're replicating the phone, not taking an existing one and modifying it.
    It's virtualization, providing a means to run iOS outside of the phone hardware. It's not useful for creating a new phone or really for using apps w/o one. It's used primarily by security researchers. Apple has acknowledged them before for providing security fixes. 
    So it is ok to pirate any OS as long as the company doesn't make any actual device?
    bonobobwatto_cobra
  • Reply 9 of 38
    zimmie said:
    Why does every commentary on this case bring up jailbreaking? The two issues are only related in that they both involve iOS. May as well talk about this case's impact on the App Store.

    From what I've been able to find, this is more like a hackintosh. It's running a real copy of iOS in a VM and providing access to that VM.
    Well, I brought it up because Corellium did in their comments, quoted in the article.
    watto_cobra
  • Reply 10 of 38
    zimmiezimmie Posts: 554member
    zimmie said:
    Why does every commentary on this case bring up jailbreaking? The two issues are only related in that they both involve iOS. May as well talk about this case's impact on the App Store.

    From what I've been able to find, this is more like a hackintosh. It's running a real copy of iOS in a VM and providing access to that VM.
    Well, I brought it up because Corellium did in their comments, quoted in the article.
    And I agree with your earlier comment, they appear to be bringing up jailbreaking as misdirection.

    I'm more talking about the articles written by journalists. Shouldn't they be pointing out the misdirection? I've seen several now which just uncritically repeat what Corellium said.
    watto_cobrabeowulfschmidtchasm
  • Reply 11 of 38
    Do I think Apple will win? Yes.  It’s a clear case of copyright violation.
    But, when I read about this case I get the feeling I’m missing something. Why is Apple fighting this so hard?

    My guess is someone in legal has charted this path far into the future, and they’re trying to avoid some other land mine... that isn’t obvious to us right now.  They’re setting a legal precedence, in other words.
    It's not overly complicated -- either you defend your IP, or you lose it. It has always been this way.
    Rayz2016DAalsethpscooter63dewmeradarthekatwatto_cobra
  • Reply 12 of 38
    jd_in_sbjd_in_sb Posts: 1,600member
    Corellium better stock up on jelly because they’re about to be toast.
    watto_cobra
  • Reply 13 of 38
    sflocalsflocal Posts: 5,737member
    I don’t get all the discussion.  They’re using Apple’s IP without permission and profiting from it.  How in any way is this even legal?
    watto_cobra
  • Reply 14 of 38
    eriamjheriamjh Posts: 1,342member
    lkrupp said:
    This outfit will suffer the same fate as Psystar. 
    I had to google that to remind myself of that CF from 2008.   Thanks for the reminder that companies based on hackintoshes should never be allowed to exist.   Personal use?  Well, I’ll let your conscience decide about that.  
    watto_cobra
  • Reply 15 of 38
    flydogflydog Posts: 1,005member
    Correlium's attempt to characterize this as "jailbreaking" seems to be misdirection.  If they were buying hardware, jailbreaking it, and then selling those jailbroken devices, they might have a case.  Maybe.  That's not what they're doing, though.  They're replicating the phone, not taking an existing one and modifying it.
    Jail breaking is not permitted under the terms of the EULA.  
    watto_cobra
  • Reply 16 of 38
    flydogflydog Posts: 1,005member

    sflocal said:
    I don’t get all the discussion.  They’re using Apple’s IP without permission and profiting from it.  How in any way is this even legal?
    It’s not. Did you read the article?
    watto_cobra
  • Reply 17 of 38
    flydogflydog Posts: 1,005member

    either you defend your IP, or you lose it. It has always been this way.
    There is no such law. 
    watto_cobra
  • Reply 18 of 38
    zimmiezimmie Posts: 554member
    flydog said:

    either you defend your IP, or you lose it. It has always been this way.
    There is no such law. 
    Sort of. That's definitely how trademarks work in the US. If somebody else steps on your trademark and you don't act to defend it, you risk it being declared generic (see: Dumpster, Aspirin, Thermos, Zipper, Velcro, Frisbee, &c.).

    Not how copyright works, though.
    watto_cobra
  • Reply 19 of 38
    MacProMacPro Posts: 19,383member
    I suspect Apple  may also have some thoughts on Hackintoshes in the near future.
    watto_cobra
  • Reply 20 of 38
    wizard69wizard69 Posts: 13,377member
    lkrupp said:
    This outfit will suffer the same fate as Psystar. 
    I hope not because that would lead to attacks on all virtualization solutions.   At least the way I read this ,  that is all the company is offering.    Frankly things like this is why I’m less inclined by the day to support Apple.  There are very legitimate reasons to run operating systems in virtualized environments and if Apple can’t handle that then screw them.  

    Frankly this only becomes more important with the latest generation of hardware that can virtualize multiple systems on the desktop with no performance impact.    Apple is way behind the technology curve here with respect to both MacOS and iOS.   
    williamlondon
Sign In or Register to comment.