Apple lawsuit scares security researchers away from Corellium emulator
Apple's lawsuit against cybersecurity firm Corellium is reportedly having a "chilling effect" on some types of iOS security research, according to several experts in the field.
Apple says that Corellium's emulator copies iOS in "exacting detail."
In August 2019, Apple levied a copyright lawsuit against security specialist Corellium, saying the company's iOS emulation software "copied everything" about the tech giant's mobile operating system.
Since then, Apple has escalated its legal fight with the Florida-based firm, subpoenaing records from Santander Bank and intelligence firm L3Harris Technologies about their use of Corellium's emulator.
The escalating legal dustup has created a "chilling effect" in the iPhone-focused security industry, one researcher told Motherboard. A handful of security researchers that the publication spoke to expressed fear of retribution from Apple for using the Corellium emulator software.
Some of those experts also claim that Apple's copyright lawsuit is less about intellectual property and more about retaining control over iOS security research and snarling the development of third-party iPhone hacking tools.
In several court filings, Apple maintains that the purpose of its lawsuit is "not to encumber good-faith security research," but to simply stop Corellium from commercializing its copyrighted works.
As part of its legal defense, Corellium said that its emulator product helps secure Apple devices by allowing researchers to find vulnerabilities in the company's platform.
"This litigation presents an existential threat to an open and healthy security research community not only for Apple products but for consumer devices in general," Corellium said in a statement sent by its lawyers.
The U.S. Justice Department recently asked that Apple's deposition of Corellium cofounder Chris Wade be delayed until it could review the evidence Apple's lawyers would present before they question him.
On Friday, Apple's counsel filed a motion opposing that order, stating that the government had provided "no compelling reason, much less any evidence," for the delay.
Apple says that Corellium's emulator copies iOS in "exacting detail."
In August 2019, Apple levied a copyright lawsuit against security specialist Corellium, saying the company's iOS emulation software "copied everything" about the tech giant's mobile operating system.
Since then, Apple has escalated its legal fight with the Florida-based firm, subpoenaing records from Santander Bank and intelligence firm L3Harris Technologies about their use of Corellium's emulator.
The escalating legal dustup has created a "chilling effect" in the iPhone-focused security industry, one researcher told Motherboard. A handful of security researchers that the publication spoke to expressed fear of retribution from Apple for using the Corellium emulator software.
Some of those experts also claim that Apple's copyright lawsuit is less about intellectual property and more about retaining control over iOS security research and snarling the development of third-party iPhone hacking tools.
In several court filings, Apple maintains that the purpose of its lawsuit is "not to encumber good-faith security research," but to simply stop Corellium from commercializing its copyrighted works.
As part of its legal defense, Corellium said that its emulator product helps secure Apple devices by allowing researchers to find vulnerabilities in the company's platform.
"This litigation presents an existential threat to an open and healthy security research community not only for Apple products but for consumer devices in general," Corellium said in a statement sent by its lawyers.
The U.S. Justice Department recently asked that Apple's deposition of Corellium cofounder Chris Wade be delayed until it could review the evidence Apple's lawyers would present before they question him.
On Friday, Apple's counsel filed a motion opposing that order, stating that the government had provided "no compelling reason, much less any evidence," for the delay.
Comments
What a crock of sh**. Filled to the rim
"Apple says that Corellium's emulator copies iOS in "exacting detail."
Android 2.0
As for the excerpt from Corellium's statement - "This litigation presents an existential threat to an open and healthy security research community not only for Apple products but for consumer devices in general"- anyone with half a brain would call serious bullshit. How does it present a threat to open and healthy research in general? When iOS is not open source code, and functions only on purpose built first party hardware. Designed by and for Apple. Which renders that argument moot. And it's not like the case will set any sort of precedent so if that's the best their legal counsel can muster they should be sacked. Moreover justifiable and honest security research can be done the same way it has always been done up to now, so its not like Corellium offers anything that we are at a disadvantage without. It simply makes life easier for black hats and sketchy individuals to hack iOS and monetise their "work" The simple fact is this iOS is Apple IP. And when you work with anything closed source like this or with anything in fact owned by someone else you accept their terms beforehand. App developers have to accept a user/dev agreement prior to any work and Apple is very exacting in what they do and do not allow. The same applies here. Whether you agree or not with their rules or you think they assert too much control is besides the point. If you don't like it, simple; go elsewhere. But you cannot then complain because the loophole you thought you found gets you into trouble. More and more I find people today to be extraordinarily entitled. It is a very unpleasant trait.