Corellium exploits iOS jailbreak to install Android on iPhone
Cybersecurity startup Corellium, which is being sued by Apple over alleged copyright infringement, on Wednesday revealed Project Sandcastle, a beta product that leverages the checkra1n jailbreak to launch a version of Android on older iPhone models.
Project Sandcastle lets users run a limited version of Android on older iPhone models. | Source: Forbes
Shown off to Forbes, the Android-on-iPhone beta is designed as a type of proof of concept that demonstrates Apple's walled garden can -- to some extent -- be compromised.
"Apple restricts iPhone users to operate inside a sandbox, but users own that hardware, and they should be able to use that hardware the way they want. So where sandboxes create limits and boundaries on the hardware that users own, sandcastles provide an opportunity to create something new and wonderful from the limitless bounds of your imagination," Corellium said in a statement.
Corellium built Project Sandcastle with first-party tools, specifically virtualization software capable of creating an "ephemeral" phone within an iPhone. Because it relies on the checkra1n jailbreak, Corellium's beta product can infiltrate the latest iOS 13, but is restricted to iPhone 7, iPhone 7 Plus and iPod Touch. Support for other iPhone versions is in the works, though the jailbreak is unable to penetrate iPhone 11 and above.
If a new jailbreak is discovered, however, Project Sandcastle could use the exploit to run Android on current generation iPhones.
The new initiative is salt in the wound for Apple, which last year sued Corellium for allegedly infringing on iOS copyrights by selling iOS and device virtualization software. According to the lawsuit, the product portfolio includes virtual versions of iOS devices running what Apple calls unauthorized copies of iOS.
"Apple has, for years, attempted to lock down the iPhone and iPad under the guise of security when, in reality, it sought to exclude competition," David Hecht, partner at Pierce Bainbridge and Corellium's counsel told Forbes. "Apple's dominance allows it to decide everything from what apps will be allowed in the market to the commission it charges developers. Corellium's solution to run Android on iPhone will finally provide customers with a viable alternative to Apple's App Store and iOS."
Most recently, Apple roped Santander Bank and L3Harris Technologies into the legal fray with subpoenas demanding the companies turn over information detailing how they use Corellium's software. Apple also requested all communication between the firms and Corellium, as well as contracts and information about Corellium founder Chris Wade.
Project Sandcastle lets users run a limited version of Android on older iPhone models. | Source: Forbes
Shown off to Forbes, the Android-on-iPhone beta is designed as a type of proof of concept that demonstrates Apple's walled garden can -- to some extent -- be compromised.
"Apple restricts iPhone users to operate inside a sandbox, but users own that hardware, and they should be able to use that hardware the way they want. So where sandboxes create limits and boundaries on the hardware that users own, sandcastles provide an opportunity to create something new and wonderful from the limitless bounds of your imagination," Corellium said in a statement.
Corellium built Project Sandcastle with first-party tools, specifically virtualization software capable of creating an "ephemeral" phone within an iPhone. Because it relies on the checkra1n jailbreak, Corellium's beta product can infiltrate the latest iOS 13, but is restricted to iPhone 7, iPhone 7 Plus and iPod Touch. Support for other iPhone versions is in the works, though the jailbreak is unable to penetrate iPhone 11 and above.
If a new jailbreak is discovered, however, Project Sandcastle could use the exploit to run Android on current generation iPhones.
The new initiative is salt in the wound for Apple, which last year sued Corellium for allegedly infringing on iOS copyrights by selling iOS and device virtualization software. According to the lawsuit, the product portfolio includes virtual versions of iOS devices running what Apple calls unauthorized copies of iOS.
"Apple has, for years, attempted to lock down the iPhone and iPad under the guise of security when, in reality, it sought to exclude competition," David Hecht, partner at Pierce Bainbridge and Corellium's counsel told Forbes. "Apple's dominance allows it to decide everything from what apps will be allowed in the market to the commission it charges developers. Corellium's solution to run Android on iPhone will finally provide customers with a viable alternative to Apple's App Store and iOS."
Most recently, Apple roped Santander Bank and L3Harris Technologies into the legal fray with subpoenas demanding the companies turn over information detailing how they use Corellium's software. Apple also requested all communication between the firms and Corellium, as well as contracts and information about Corellium founder Chris Wade.
Comments
seems a lot simpler
Seriously this is like having an older Lexus so you decide to replace the motor with one from Daihatsu. As Carnegie said above, It would be a lot easer and likely cheaper to just get an Android phone. As it's designed to run Android it likely would work better.
checkra1n compatibility (supported devices):
As far as putting Android on an iPhone, what’s the point? It’s like putting a monkey brain in a human. Sure, the resultant creature would still be an electable presidential candidate, but why subject us to this kind of cruel experimentation - again?
but an OS is... software...
in other words, big whoop.
people buy iPhone because it:
looks better, has a better UI, runs better, is more secure, etc.
if you wanted an android phone, you’d get one.
does nothing to dispel the iPhone as a secure platform.
Have I missed some other stated design parameter/s that everyone else seems to have questioned?
A quick check in the drawer - I will do the software crossgrade in a beat to repurpose some older and not used iphone for software not available on ios.
iPhones in particular have a long shelf life, arguably the most useful lifespan on the market, which is why they command such high resale prices. People don’t pay good money for bad hardware.
This supposed security expert completely ignores that the purpose of sandboxing is entirely rooted in device security. Without sandboxing, it’s much easier for malicious software authors to attack hardware and inflict damages to users. Dur. He’s pretending there’s a mustache-twirling villainous intent on Apple’s part when it’s obvious and clear this isn’t the case. They speak about their device security goals all the time.
If the proof-of-concept is that you can rip the OS out, root and stem, then, well, OK. But having your phone suddenly run another OS is not the same as having malicious apps somehow make their way to the springboard or malicious processes running in the background.
As for obsolescence, my 2017 iPhone SE is no more "obsolete" than my 2010 Toyota. Can it do everything the new one can? Nope. Can it still do everything it used to? Yes. Do I wish it could do more? Yes. That's not so much nefarious as it is a matter of having spent some time.
I did however, count up how many commerce and personal services apps I would need to have in order to have "an app for that" fo all the businesses I am involved with. I stopped counting after 40. Most of the push for apps and services is for commercial ventures that will make money from it. It's a matter of perspective as to how whiz-bang you want your tech to be.
Now, put a DSLR-worthy imaging setup in a phone and I'll be tempted to massively upgrade. The three-camera 11s are that temptation. The only non-phone objects my phone has supplanted are my dedicated GPS, and every-day carry camera.